Syncplify Server! has no known vulnerabilities in the NIST NVD

In the aftermath of the already infamous MOVEit hack, which is only the most recent one in a long list of competitors exposing their customers data, we would like to take this opportunity to underscore a few important facts about Syncplify Server!

In fact, Syncplify Server! is the only enterprise-grade, commercial SFTP server on the market that has never been hacked, and has literally zero vulnerabilities listed in the NIST NVD, which is the National Vulnerability Database owned and operated by the National Institute of Standards and Technology.

But hey, it’s easy to toss around such a bold claim without proof, right? That’s why we’re not asking you to take our word for it. This is something you can verify yourself.

How? Here you go:

  • Point your browser to the NIST NVD website search page
  • Type in Syncplify Server! or even just Syncplify, and verify that no vulnerabilities are found (here’s a direct link if you don’t want to type)
  • Now go back to the NIST NVD search page and try to search for any of our competitors; chances are anyone you search for will have a list of known vulnerabilities hackers can, have, and will exploit to gain access to your data

This is not a random result; where many of our competitors have chosen to give in to flashy UIs and unreasonable support for old/legacy algorithms now obsolete and proven weak, we have never been afraid to lead our customers onto a path of true security without trade-offs.

Stay safe, choose unrelenting security, use Syncplify.

False-positives on VirusTotal

One-liner: yes, those are false-positives, and our software is 100% safe and virus-free!

Some users have reported that when they scan our Syncplify Server! installer with multiple engines using VirusTotal, they occasionally receive one or two warning (out of 70+ antivirus engines that VirusTotal employs).

It was out duty to investigate.

First and foremost, let us confirm, for everyone’s peace of mind, that our software is absolutely virus-free and safe to use, so those are so-called “false positives”.

Why is it happening? We narrowed it down to the fact that in order to run our software as a Windows system service, we take advantage of a little piece of 3rd-party software called NSSM.

NSSM is a tiny piece of software that allows any console (stdin/stdout) application to be executed as a system service in Windows. This was not developed by Syncplify, but we adopted it because of the great flexibility and reliability it offers. Sadly, we learned that some antivirus engines flag this little executable as suspicious (it not flat-out as malware).

We are, therefore, hard at work to drop the need for NSSM, and turn the Windows version of our software into a set of native system services, thus bypassing the issue entirely.

As always, thank you for your trust and for your patience.