(May 20, 2021, 14:35 pm)maskaw Wrote: That is a misconception. AVs have nothing to gain from falsely flagging cracks/keygens unless its related to their own products. This supposition implies giant software companies like Adobe, Autodesk, Microsoft, etc are actively paying the AVs to register cracks/keygen fingerprints of their products into virus databases and for what? Will this convince their customers to buy their expensive products? Highly unlikely.
They are flagged because
1) they are indeed false positives
2) they are indeed malware
In any case people are using them because they have no choice. It's incredibly easy to spread trojans/malware via piracy.
this too is a misconception. well, maybe a malconception.
maskaw
Quote:1) they are indeed false positives
i believe you meant true positives.
in any regard, a false positive make most novice pirates question the keygen and this is proven by the numerous threads related to false positives that turned out to be truely negative.
a keygen with no malicious programming is just a keygen. if a keygen does have malicious programming, then it is malware.
implications? lol. one has to imply to implicate. where did that come from? sure, it's possible, but stating that an anti-virus company has nothing to gain by flagging keygens is absurd. maybe they are doing it for money. an obligation? corporate favor? tit-for-tat. unless you were part of that decision, you can make up whatever you want.
Last Active: Nov 11, 2024
Threads: 116
Posts: 4,813
Reputation:
32
In the case of out of the box windows10 and it's defender or whatever they call it these days: last time I had to suffer using it, EVERY executable on my external HD was flagged and vaulted, including free open source stuff. Redownloading stuff like PureData and aBox2 the executables were renamed and replaced with 1kb "exe" files. So as far as I can tell, microsoft's AV just blanket bans ANYTHING it doesn't know to be officially bought and paid softwares. I havent bothered to find tweaks for this as I deem it straight up retarded and EVIL. At the same time- even with this paranoid lock down level of KILL EVERYTHING- tons of windows users manage to get their systems screwed up by malware.
Anyway- false positives are very much a thing, as is at least microsoft's AV straight up blocking you from executing free / open source stuff. Malware is also pretty common, especially for windows, and thus in my humble opinion: if you absolutely must run win software, you are better off doing it in a virtual machine in linux
Last Active: Jun 29, 2024
Threads: 14
Posts: 339
Reputation:
8
By "false positive" I mean "AV treats it as virus even though it's not"
Quote:in any regard, a false positive make most novice pirates question the keygen and this is proven by the numerous threads related to false positives that turned out to be truely negative.
a keygen with no malicious programming is just a keygen. if a keygen does have malicious programming, then it is malware.
That is true, some keygens/cracks have been discussed in forums and discovered as not malware. But this exact fact proves my point. For years cracked software has relied on "false positives" so much that now it's mainstream, users are comfortable with that. Hackers can just bind a rat virus to a legit/false-positive crack and ship it to TPB, people will disable their AV regardless of warnings and run it.
Quote:in my humble opinion: if you absolutely must run win software, you are better off doing it in a virtual machine in linux
I second this.
Last Active: Yesterday
Threads: 226
Posts: 6,329
Reputation:
26
One curious example is PUP (Potentially Unwanted Program) - Many AVs will let users decide what to do in case one is found (and some AVs go to the point of offering categories, like Games, Jokes, Social Media, Toolbars, etc) and why not with known cracks/keygens? WHY so many are flagged? AV companies say their code use unorthodox techniques which could be also used to infect a system... I call bs, it's easy to identify who's who. On the other side, that would mean the AV companies would explicitly letting cracks and keygens pass, a liability. So, either to avoid legal action from the big corps and/or to be on their good side (or even payroll), they do what they do.
Last Active: Yesterday
Threads: 14
Posts: 481
Reputation:
9
(May 20, 2021, 16:55 pm)ill88eagle Wrote: In the case of out of the box windows10 and it's defender or whatever they call it these days: last time I had to suffer using it, EVERY executable on my external HD was flagged and vaulted, including free open source stuff. Redownloading stuff like PureData and aBox2 the executables were renamed and replaced with 1kb "exe" files. So as far as I can tell, microsoft's AV just blanket bans ANYTHING it doesn't know to be officially bought and paid softwares. I havent bothered to find tweaks for this as I deem it straight up retarded and EVIL. At the same time- even with this paranoid lock down level of KILL EVERYTHING- tons of windows users manage to get their systems screwed up by malware.
I haven't had that problem with Windoze Defenderz myself, but then I haven't downloaded anything that wasn't either a video or a comic for many years.
Last Active: Nov 16, 2022
Threads: 44
Posts: 845
Reputation:
12
Keygens are frequently flagged because they are keygens. There is no olther real explanation, especially as they are not carrying booger signatures. Wit5h adware they are flagged as PUPs - Possibly Unwanted Programs: And there is no reason on earth why this is not done with keygens, especially when there is no specific reason not to.
Patches are a bit more troublesome: they DO contain code to overwrite files. They probably should have a HEURISTIC flag on them if they do not have recognized booger code.
In fairness part of the problem lies with the warez community. They crack software but produce utils meant to be uncrackable (encrypted wrappers and the like) which easily leads to suspicion.
But the AV and other industries capitalize on this by making users believe that cracked software is inherently unsafe. And will certainly not pass up any oppurtunity to show how 'important' their garbage is at protecting their systems.
And never, ever mention what a 'Zero Day Explot' really is.
And how useless their junk is against one.
That said, the scanners do have uses, mainly against the typical kiddie scripter boogers that are typically found on cracks sites.
Personally I prefer a well cracked software over its official version.
Ideally, it would not try to auto-update, or phone home, and all IPs on it would be zero'd out.
While it is reasonable to expect false positive from any form of testing protocol, AV seems to be overly biased against the warez community.
|