Skip to main content

NXPowerLite Desktop Security Audit

  • Updated

Introduction

This document provides a comprehensive overview of the security-related aspects of NXPowerLite Desktop. It is designed to answer common questions posed by security analysts when evaluating or deploying the software.  If additional information is required, please contact us via Neuxpower Support.

1. Organizational Security Practices

NXPowerLite Desktop is developed and supported by a very small team, and as such, formalized processes in some areas are not applicable. Key organizational security practices are outlined below:

  • Employee and Contractor Training: Employees and long-term contractors are not required to take annual information security training.
  • Security Disclosure Program: Neuxpower does not have a formal security disclosure program.
  • Third-Party Vendor Standards: NXPowerLite Desktop operates independently without reliance on subprocessors.
  • Cyber Defense Program: NXPowerLite Desktop has been accredited by many defense organisations but Neuxpower does not have a formal cyber defense program in place, including vulnerability management, incident response, or engineering policies. 
  • Security Operations Center: Neuxpower does not maintain a 24x7 manned security operations center.
  • Risk Management: There is no documented risk management process.
  • IT Audits: No independent IT audit has been conducted in the last 12 months.
  • Penetration Testing: No penetration testing has been performed in the last 12 months.
  • Compliance Standards: Neuxpower does not formally adhere to any specific compliance or security standards.

2. Technology Stack and Components

NXPowerLite Desktop is written in C++ and utilizes native Windows libraries. Additional third-party components include:

  • Adobe PDF Library
  • Chilkat Zip
  • Codejock ToolkitPro for C++/MFC
  • RapidJSON

3. Data and Communication

NXPowerLite Desktop is designed with privacy and minimal communication in mind:

  • Registration key verification: The software does not connect online to verify licensing - the license is entirely contained within the local key.
  • Personal Data Usage: The application stores the user’s name in the registry of the computer operating system. No other personal data is used, stored, or processed, and no information is transmitted back to Neuxpower.
  • Export-Controlled Technology: NXPowerLite Desktop does not use, store, or process export-controlled technology.
  • Offline Capability: NXPowerLite Desktop operates fully offline, ensuring data privacy and security.
  • Communication with Servers: The software can be used entirely offline. Optionally, users can enable the ‘Check for updates’ feature, which contacts a Neuxpower server to verify the current application version. This is a non-essential feature, and the only information transmitted is the current app version.
  • Self-Contained Installation: All required libraries and components are included within the installation package.

4. Safe file processing

NXPowerLite is designed to maintain file integrity during optimization, preserving original file types and extensions. This transparent process minimizes the impact on users' everyday interactions with files, allowing them to continue to use the same tools and processes without interruption. The process does not alter files in a way that would affect their legal status. Compressed files are indistinguishable from the originals, just smaller in size.

Here's how NXPowerLite achieves this:

  • Files remain in the same file format—a .PDF remains a .PDF.
  • No additional tools are required to open or use the processed files.
  • Last-accessed or last-modified dates of files are not altered.
  • Processed files look and feel identical to the originals.
  • Digitally signed or password-protected documents are skipped.

Over-optimization of files

NXPowerLite embeds a small metadata “tag” into each successfully processed file. The tag describes the version of NXPowerLite that optimized the file and the settings that were used, and enables NXPowerLite to bypass optimizing already compressed files. Tagging allows NXPowerLite to ensure that it cannot ‘over-optimize’ images in files, ensuring that the intended original quality is not degraded. Moving or renaming files is completely safe because NXPowerLite will always read this information if it exists.

Legal and compliance

While there is no specific compliance standard for file compression, hundreds of legal and insurance companies have successfully deployed NXPowerLite without compromising the legal value of their documents or images. For example, court documents and insurance claims are successfully compressed and accepted by these legal entities.

5. Registry Changes and Deployment

NXPowerLite Desktop modifies the registry during installation to store user preferences and licensing information.

  • User Installations (requiring local admin privileges): Registry entries are stored here:
    • Computer\HKEY_CURRENT_USER\Software\Neuxpower\NXPowerLite
  • Central Deployment: If the software is centrally deployed, registry entries are created here:
    • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Neuxpower\NXPowerLite

For more details on deployment, please refer to the NXPowerLite Deployment Guide.

This document will be updated as new information becomes available or processes are implemented to address any gaps. For further inquiries, please contact us via Neuxpower Support.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles