Is StartAllBack safe to use?

Update by 2022-10: Consider using Start11 instead:

The following is written in June 2022.

Summary: Yes, StartAllBack is okay to use, but perform updates with caution.

StartAllBack is software for Windows 11
StartIsBack is similar software for Windows 10

Analysis of the website:
First, I could not access the domain or
They are not present in any obvious blocklists or block category lists. But other users with custom router firewalls had seen similar issues.
The reason (for me) was that the domains webserver is located in Russia, and I block all traffic to and from Russia. By disabling this filter temporary it solved the issue. Both the DNS server and the webserver are located in Russia.
The payment section leads to an american website for actually paying and procuring the license code. I have not assessed this further, but I am quite assured that credit card data is not transmitted to Russia.

Analysis of the software:
All files in the current downloadable setup file: “StartAllBack_3.4.2_setup.exe” (SHA-256 code: c53e9bdf65dbbfca015ee7f74acfdc8da941e766140d21c7f64077aa3a35c31e) has been analysed throughtly in this analysis. Both the setup file, and each installed file. Both by and by myself using several antimalware tools and IDA Pro disassembler.
I have not found any signs of malicious activity and malicious code in this. (More than the expected signs for a software integrating quite tight with Windows Explorer and processes)
By seaching historically versions of the software, there are signs on e.g. Virustotal and on that previous versions may have contained code which a very few antimalware scanners marked as being malicious. It seems though to be very vaguely described, and nothing severe.
This may be false positives, or it may be pirated versions of the given software.
There exists very many versions of the two pieces of software in pirated/cracked editions. A high percentage of these contains malicious code, which I have not analysed further.
The software uses network traffic to activate the license code, by talking with the primary webserver located in Russia. I have not found indications that this channel can be used to inject malicious payloads from the server, but this may be relevant to study in each following update of the software.

Analysis of the author:
Sadly, the website does not state that much about ownership or responsible authors.
By searching, it is clear that the author for both softwares are Stanislav Zinukhov, sometimes written Stanislav I Zinuhov.
He is a developer at Parallels (software company started in Russia in 1999, bought by Corel lately).
His username on MSFN is Tihiy, and he has released several other pieces of small softwares for several years.
He states that he currently lives in Moscow, Russia.

Conclusion and recommendation:
Regarding the website, both hostname registration, DNS setup and webserver hosting seems to take place in Russia. I assess that this means there is a risk that government input may change anything within those three parameters.
Regarding the software, the most important part is that I was unable to locate anything malicious in the current release, and no signs of any severe malware in previous releases.
Regarding the author, my impression is that he is genue and legitimate. But by living in Russia, I assess that there is a risk that government input may force him to act differently.
My overall recommendation is that the software is safe to use, but personally I would disable updates of the product. When updates occur, I would analyze them in depth before using them. At least using virustotal on the setup-file and the relevant program files.
My recommendation to the author is that he becomes more active in ensuring the users in the authenticity of the software. Maybe moving the hosting to outside of Russia, maybe to provide details about signatures, hashcodes or canaries at relevant places.

Leave a Reply

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *