Fail from IDA and ESET

[ichito]

"The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.
IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation. (...)
This release should serve as a life lesson to those who consider themselves as "people 'blue' blood." It aims - in some ways to bring down pride (swallow their pride), to tell these people where to get off. Show that, besides them, there are other people who should at least respect, appreciate their work and consider to their opinions (or at least listen to).
This release is dedicated to one man and one company, which behave antisocial, defiant, arrogant, are not considered to anybody or anything, and therefore need to conduct a little "educational" work from the community.(...)
Summary: ESET company instead of learning how to properly detect the content of files protected by the TH/WL (in the first place) and VMP, just stupidly detected *all* files that are protected with these protectors/license managers (seems it is Avira-style). And ESET - it would seem, technically competent company, which have a really well written code. But here's the approach. It's not all. ºÛº
At one specialized security forum, the company vowed and swear blind that all shareware developers, whom this concern, can contact ESET, and their software will be handled as exceptions (will not be detected as malware). In fact, it was not the case. Outright rudeness, arrogance, bullying. ESET kill individual developers and small companies, because they losing their customers, if they reliably protect their products against crackers. Why? Because ESET NOD automatically detected the files as malware. Moreover, it did not even let users to download them from sites! But that's not all, bearing in mind as they are now arranged in the antivirus industry, it was enough to upload the file to the VirusTotal, as it began to detect other "morons", copying the verdict."
*
http://habrahabr.ru/blogs/infosecurity/124054/
http://www.kernelmode.info/forum/vie...php?f=11&t=999

[CloneRanger]

Wasn't ESET hacked at least once before & in the last year or 2 ?

What a convoluted episode this is !

[Cudni]

Some cracked software is purportedly from Eset implying they were hacked? Whatever

[x942]

Cracked software isALWAYS Picked up by AV's. There are two main reasons for this:

1) 90% of it is infected by Malware

2) AV's "detect" it to thwart pirating. Some people will go "Oh no my AV detected my XYZ.exe crack as malware! I better remove it!"


I don't see the problem here. If you want IDA Pro for free BackTrack 5 has a copy (legit licensed free to use copy).

[MessageBoxA]

Quote:

Originally Posted by x942

Cracked software isALWAYS
I don't see the problem here. If you want IDA Pro for free BackTrack 5 has a copy (legit licensed free to use copy).

I believe the free version of BackTrack 5 only comes with the dissassembler.

Its not really the dissassembler thats important here... The Hex-Rays plugin is an amazing piece of software that is capable of turning asm/machine code back into C. There is nothing in the world as powerful as Hex-Rays. It took alot of effort to create and extend Hex-Rays and I think its sad to see the software and the work of dozens of reverse engineers distributed for free.

Btw, this thread should be neutered of the NFO link in my opinion.

-MessageBoxA

[x942]

Quote:

Originally Posted by MessageBoxA

I believe the free version of BackTrack 5 only comes with the dissassembler.

Its not really the dissassembler thats important here... The Hex-Rays plugin is an amazing piece of software that is capable of turning asm/machine code back into C. There is nothing in the world as powerful as Hex-Rays. It took alot of effort to create and extend Hex-Rays and I think its sad to see the software and the work of dozens of reverse engineers distributed for free.

Btw, this thread should be neutered of the NFO link in my opinion.

-MessageBoxA

Ah no only IDA Pro is free with BackTrack 5 linux. You have to get the plugins yourself. But non-the-less how is this (as implied by OP) ESET's fault?

[MessageBoxA]

Quote:

Originally Posted by x942

But non-the-less how is this (as implied by OP) ESET's fault?

The OP simply pasted the english translation of the russian message left by the individual that leaked the package. It seems that he harbored resentment.

-MessageBoxA

[x942]

Quote:

Originally Posted by MessageBoxA

The OP simply pasted the english translation of the russian message left by the individual that leaked the package. It seems that he harbored resentment.

-MessageBoxA

Ah. Gotcha. Makes more sense in that context.

[hurzelpurzel]

Quote:

Originally Posted by x942

Ah no only IDA Pro is free with BackTrack 5 linux. You have to get the plugins yourself. But non-the-less how is this (as implied by OP) ESET's fault?

You sure? There are IDA Freeware (Win32 binaries only, only x86), IDA Pro Standard (most targets, no x64) and IDA Pro Advanced (x64 and more targets). It would be amazing if even one of the Pro versions was made available for free in Backtrack. AFAIK latest free version is 5.0 while we're at 6.1 as Pro users. Being a (paying) user I'm not at all happy about the leak for obvious reasons.

And if you need Hex-Rays (which can also be quite deceiving), I'd say you don't know half the things you should know in order to use IDA Pro

As to how it is purportedly ESETs fault is being investigated. All binaries we paying customers get contain watermarks and can thus be traced back. Those leaked apparently contain the one that was assigned to ESET. Unlike with other software, it is allowed to reverse IDA Pro itself, though.