GRC's SQRL Client for Windows, v1.0: Released

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

Steve

Administrator
Staff member
May 6, 2018
973
276
www.grc.com
Everyone...

This client maintains two separate release tracks. At the moment EVERYONE is on the "development track" where we are at release #72.
  • The development version of SQRL.EXE knows to check its development release number and where to obtain newer instances of itself (/dev/sqrl.exe).
  • The production version of SQRL.EXE also knows to check its production release number, and where to obtain newer instances of itself (/files/sqrl.exe).
This means that whatever "track" you have installed will automatically and properly maintain itself. It also means that each track will be completely unaware of the other.

It is my intention to maintain these two tracks moving forward. At the moment development #72 == production #1. As any further changes are made, the development releases will increment first and, once we have established a solid next production release, it will be bumped up.

Since SQRL compares its release with the release registered in the Install/uninstall information (in order to be able to say that the version already installed in the system is newer or older than the one you're attempting to run), moving back and forth between "tracks" will be easiest if you first uninstall SQRL from your system, then run the sqrl.exe of the track you're switching to. Note that your SQRL identity (..ies) will never be disturbed by uninstalling and track-jumping.

So... all that said... I have officially released and posted the production release #1 of GRC's SQRL client for Windows on GRC's server: https://www.grc.com/files/sqrl.exe

VirusTotal is about as happy with it as it could be. Only "DNS8" (whatever that is) thinks there's a problem, so 1 false-positive out of 70. I haven't yet checked with Windows Defender and Smart Screen.

NOTE: If Windows users will download the Release #1 SQRL to expose their systems to it in advance of its broader availability that might help to "pre-train" Defender and SmartScreen. :)

And... thanks everyone for ALL the help getting the code and the project to this state!
 
Last edited:

PHolder

Well-known member
May 19, 2018
780
101
I don't think I like the experience I just had. Let me try and explain it. As far as I know, I have SQRL 71 *installed*. (As in loaded into "C:\Program Files (x86)\GRC\sqrl.exe")

I downloaded a version that identifies as 1.0.7098.1. I didn't have any resident SQRL running, and when I run the downloaded .exe I don't get any prompt for elevation but I get this pop-up:

424

and it remains resident in memory. It did not update the program files version.

For now I'm not going to upgrade to 72 until I have another version of 1.0 to test.
 

Steve

Administrator
Staff member
May 6, 2018
973
276
www.grc.com
I don't think I like the experience I just had.
Paul: Thanks for your observation. I'll quote myself to answer:
Since SQRL compares its release with the release registered in the Install/uninstall information (in order to be able to say that the version already installed in the system is newer or older than the one you're attempting to run), moving back and forth between "tracks" will be easiest if you first uninstall SQRL from your system, then run the sqrl.exe of the track you're switching to.
So, in short, this is the expected behavior. It is ONLY DUE to the fact that the installed track is different has a higher release than the other track you have just run. Since no regular users will EVER encounter this situation I didn't do anything to try to prevent it.

And it occurs to me that I might have been confusing when I said:
NOTE: If Windows users will download the Release #1 SQRL to expose their systems to it in advance of its broader availability that might help to "pre-train" Defender and SmartScreen.
By "expose" just meant download but NOT run. :)
 
  • Like
Reactions: adamsmith34

deloyjohnson

New member
Jan 19, 2019
1
0
Steve & all -

Good morning. Usually it's because SQRL updates are so new and haven't developed a reputation yet but I just tried to update to #72 and Symantec Endpoint Protection flagged sqrl.exe as SONAR.AM.SB.E!g3. Looking closer at the details show it's probably still reputation related as it shows Symantec has only known about the file for 2 days and only 5 other Symantec users at the time had downloaded it. I tried to uninstall but SEP had moved sqrl.exe to Quarantine so Windows can't find it to unninstall it. Just wanted to share this in case it's helpful. Thank you! Go SQRL!

Deloy Johnson
 

alt3rn1ty

Well-known member
Feb 2, 2019
88
4
I had the same as PHolder, but realised I needed to uninstall the dev track first :

Uninstalled development release #72

Installed release #1 (1.0.7098.1)

No issues so far on Win 10 x 64 1903, Defender and Smartscreen have not given me any grief at all

(I actually logged in here first with #72, did the uninstall and install with the browser still open, after #1 was installed I then logged out from the forum and logged back in again with the newly up and running #1 and did not experience anything unusual)

--------------------------------​

PS - You need to change the "download now" link for the release url in Getting Started with SQRL :

from

to
 
Last edited:

Steve

Administrator
Staff member
May 6, 2018
973
276
www.grc.com
Steve & all -

Good morning. Usually it's because SQRL updates are so new and haven't developed a reputation yet but I just tried to update to #72 and Symantec Endpoint Protection flagged sqrl.exe as SONAR.AM.SB.E!g3. Looking closer at the details show it's probably still reputation related as it shows Symantec has only known about the file for 2 days and only 5 other Symantec users at the time had downloaded it. I tried to uninstall but SEP had moved sqrl.exe to Quarantine so Windows can't find it to unninstall it. Just wanted to share this in case it's helpful. Thank you! Go SQRL!

Deloy Johnson
Thanks, Deloy. That's cool that Symantec Endpoint Protection is able to tell you the total number of other users who have downloaded the app.
 

CoreyM

New member
May 10, 2019
4
1
Uninstalled sqrl (which had autoupdated to 72), downloaded the release track version and installed it. Logged in by clicking the QR on this page and entering my password. Worked fine. Logged out and logged back in with the android client. Had to enter the whole password to log in but it went fine. I thought because I had already logged in once all I would need was the first 4, but it wanted the whole password.
Subsequently logged out and then back in with android and it only asked for the first 4.
 

Steve

Administrator
Staff member
May 6, 2018
973
276
www.grc.com
I thought because I had already logged in once all I would need was the first 4, but it wanted the whole password.
@CoreyM : SQRL's "QuickPass" is about the SQRL app rather than the website. Since you hadn't recently used your Android client IT didn't know for sure that you were you. So you needed to show it, not the website, that it was you who had possession of your Android device. ;)
 
  • Like
Reactions: CoreyM

sengsational

Well-known member
Feb 17, 2019
107
31
I thought because I had already logged in once all I would need was the first 4, but it wanted the whole password.
Subsequently logged out and then back in with android and it only asked for the first 4.
There have been a few improvements in the Android client concerning the clarity of what's going on with QuickPass. The next release calls it "QuickPass timeout" in the settings, instead of "Idle timeout". And there was a situation where if the user put a big number in the timeout, it was so big, it became negative or small :) So that's fixed...we arbitrarily settled on one week maximum. The idea was you need to type your SMP (SQRL Master Password) every now and then so you don't forget it.

I think the client(s) should make it more clear that when you type your SMP, it's never leaving your device. I recall my first logon and seeing the domain "sqrl.grc.com", and thinking "I'm not giving my SQRL Master Password to ANYONE, not even Steve!". But of course after a moment, I realized it was just making sure it was me and never leaving the device. But it seems like there might be some way to make it more clear that the SMP is not "going anywhere", even though you're typing it right below a domain name.
 

Alan M Cameron

Well-known member
Feb 7, 2019
74
4
alancameron.me.uk
Further to the advice to uninstall the track version of SQRL that you have before trying to use the other track version. Exactly what constitutes an uninstall. I have a second machine that I thought it would be useful to install the Official version. I could not remember where the installation of SQRL puts the executable so did a search for sqrl in my C: drive. there were so many entries I was shocked.

I could of course delete all the entries that start sqrl but would that be the right course of action?
 

Vela Nanashi

Well-known member
May 19, 2018
515
82
Use the uninstaller for windows "programs and features" in control panel (was called add remove programs, may of course change name again since nobody seems able to leave things as they are), SQRL should be in there, just run its uninstaller and then run the exe of the track you want to use.
 
  • Like
Reactions: Fabrice Neuman

sj phillips

Active member
May 20, 2018
29
5
I keep a copy of rmsqrl.exe around for SQRL cleanup purposes. I am never sure what Windows uninstall is going to do. But I'm sure rmsqrl.exe does the trick.
 

Steve

Administrator
Staff member
May 6, 2018
973
276
www.grc.com
Further to the advice to uninstall the track version of SQRL that you have before trying to use the other track version. Exactly what constitutes an uninstall. I have a second machine that I thought it would be useful to install the Official version. I could not remember where the installation of SQRL puts the executable so did a search for sqrl in my C: drive. there were so many entries I was shocked.

I could of course delete all the entries that start sqrl but would that be the right course of action?
Hi Alan...
As Vela noted, SQRL can nicely uninstall itself if given the opportunity... leaving NO trace (which is a neat trick by the way). Just use WIndows' build-in uninstaller. And if you are ever curious to know whether SQRL is already installed, you can also look there or in your Start menu, where it should also be seen. :)
 

alt3rn1ty

Well-known member
Feb 2, 2019
88
4
Use the uninstaller for windows "programs and features" in control panel (was called add remove programs, may of course change name again since nobody seems able to leave things as they are), SQRL should be in there, just run its uninstaller and then run the exe of the track you want to use.
+ If you are on Windows 10 (Vela you are right Microsoft did change it yet again) :

Go to Start, Settings Gear Icon, Apps, scroll down the list and click SQRL and then click uninstall.
Everything removed which needs to be, except your SQRL ID file, in Documents \ SQRL \ <idname>.sqrl

I did a complete clean install of Win 10 1903 last night (due to realising 1903 has new features only available if you completely install from the ground up), after backing up my documents. Tried the windows uninstaller first for SQRL and nothing was left behind.
After the clean install, copied back my documents from a usb hd, which includes the id file, re-installed the new SQRL release #1, and logged back in here without issue with my usual ID.

The windows uninstaller is very thorough, and leaves the one important id file alone for backing up in cases like I just went through.
 
Last edited: