this is *not* a virus

[Carl Farrington]

~snip~ link removed ~ Blackspear

if anything, it helps to prevent virus and other malware from the dangerous 'serial/crack' websites which one might otherwise trawl if one was indeed searching for a serial number or crack for a program.

IMO an antivirus company should not be allowed to abuse their power by denying access to software that they do not like. Will they soon be classifying and denying access to competitors products also?

Thoughts, anybody?

[ronjor]

Carl Farrington

No links to malware of any sort. Your link will be reviewed.

http://www.wilderssecurity.com/TOS-Privacy.html

[Blackspear]

Screenshot.

Blackspear.

[Carl Farrington]

yep.. that's the point of this discussion

[Carl Farrington]

Sorry, maybe I need to be a bit more to the point. It's a false positive. There is nothing virus or malware about this application, it is a peice of software which obtains cracks from the crack websites for you and downloads them directly.

Obviously this sort of tool would be frowned upon and disliked by commercial software publishers, but this does not make it a virus. They should not be abusing their power by denying people access to the file just because they do not like it.

[Blackspear]

Quote:

Originally Posted by Carl Farrington

yep.. that's the point of this discussion

Well we will have to wait for Happy Bytes to advise us further on this one, simply posting such a link is not allowed, we don't wish the curious with inadequate security to become infected.

Cheers

Blackspear.

[Carl Farrington]

Quote:

Originally Posted by Blackspear

Well we will have to wait for Happy Bytes to advise us further on this one, simply posting such a link is not allowed, we don't wish the curious with inadequate security to become infected.

Cheers

Blackspear.

Fair enough, I understand your cautiousness.

[YeOldeStonecat]

I'd be wary because a lot of so called applications/software from shadey websites that deal with cracks/hacks and warez, can have a bad payload inside them.

NOD is probably wary too.

[LowWaterMark]

Quote:

Originally Posted by Carl Farrington

Fair enough, I understand your cautiousness.

Well, one other point on this... Even if the file itself is not specifically malicious, you still can't post it here because of this forum's rule about posting links to warez. A crack-searching tool is warez.

Uploading the file to Jotti showed that a few other anti-virus products also flag the file in the same way as NOD32. (Interestingly enough, the NOD32 running at Jotti did not pick it up. Since you are saying NOD32 on your system flags it, but Jotti's implementation doesn't, then something is either misconfigured at Jotti or out of date.)

[Carl Farrington]

Quote:

Originally Posted by LowWaterMark

Well, one other point on this... Even if the file itself is not specifically malicious, you still can't post it here because of this forum's rule about posting links to warez. A crack-searching tool is warez.

Uploading the file to Jotti showed that a few other anti-virus products also flag the file in the same way as NOD32. (Interestingly enough, the NOD32 running at Jotti did not pick it up. Since you are saying NOD32 on your system flags it, but Jotti's implementation doesn't, then something is either misconfigured at Jotti or out of date.)

well the TOS actually says links to warez sites, which i would take to mean websites about warez. NOD32 only seems to have started picking this up since version 2.5. I'll just have to create a folder for this thing and exclude that folder from AMON. It is irritating though and I still don't think it's ethically correct.

[Blackspear]

Quote:

Originally Posted by Carl Farrington

I still don't think it's ethically correct.

How is it ethically correct to use a tool to find illegal cracks for software?

Blackspear.

[Carl Farrington]

Quote:

Originally Posted by Blackspear

How is it ethically correct to use a tool to find illegal cracks for software?

Blackspear.

ethically, one should be allowed to do whatever one wants as long as it doesn't impact on others. One should not specifically go out of ones way to disrupt or interfere with another persons activities. Now I realise obtaining cracks can be seen as impacting on others, but I cannot tell you the number of times I have gone to an old Windows 98 machine and had to reinstall Windows, only to find that they don't have a product-key (we're talking 7yr old machines here).

This is just one example of a possible legitimate use. Besides that, people *will* look for cracks. Would we rather they go to the sites listed on astalavista.box.sk and get infected with malware which then tried to pass itself onto everybody elses computer, or would we rather just let them get on with it safely, with cracksearcher.exe?

please excuse all the "ones" it just seemed easier to say that way

[LowWaterMark]

Quote:

Originally Posted by Carl Farrington

ethically, one should be allowed to do whatever they want as long as it doesn't impact on others. One should not specifically go out of ones way to disrupt or interfere with another persons activities. Now I realise obtaining cracks can be seen as impacting on others, but I cannot tell you the number of times I have gone to an old Windows 98 machine and had to reinstall Windows, only to find that they don't have a product-key (we're talking 7yr old machines here).

This is just one example of a possible legitimate use. Besides that, people *will* look for cracks. Would we rather they go to the sites listed on astalavista.box.sk and get infected with malware which then tried to pass itself onto everybody elses computer, or would we rather just let them get on with it safely, with cracksearcher.exe?

I doubt you are going to find a lot of sympathy in trying to defend a crack search tool under any circumstances. Besides, flagging a file does not prevent people from accessing it. The program is not identified as a virus but as a hacktool, a proper target of malware scanners, and considered a valid target especially by businesses who would never want their employees to have such illegal programs on the company computers.

[Carl Farrington]

Quote:

Originally Posted by lowwatermark

The program is not identified as a virus but as a hacktool, a proper target of malware scanners, and considered a valid target especially by businesses who would never want their employees to have such illegal programs on the company computers.

This is a very good point, one which I hadn't considered. However, it is not the job of NOD32 anti-virus program to do this. That is what Websense and SurfControl are for.

Quote:

I doubt you are going to find a lot of sympathy in trying to defend a crack search tool under any circumstances. Besides, flagging a file does not prevent people from accessing it.

it seems to.. I can't run it here. There's no 'ignore' option on the AMON alert window.
I wonder if disabling "Adware/Spyware/Riskware" in the AMON options would work. I don't want any adware or spyware on here though, although I haven't had any infection-attempts in many years, touch-wood. Safe-Hex indeed.

[PLeX™]

Quote:

Originally Posted by Carl Farrington

ethically, one should be allowed to do whatever one wants as long as it doesn't impact on others...

I doubt the employees who make a living from the sale of the warezed software would agree that they aren't impacted.

[Carl Farrington]

Quote:

Originally Posted by PLeX™

I doubt the employees who make a living from the sale of the warezed software would agree that they aren't impacted.

i did cover that one..

Quote:

Originally Posted by me

Now I realise obtaining cracks can be seen as impacting on others
... Besides that, people *will* look for cracks. Would we rather they go to the sites listed on astalavista.box.sk and get infected with malware which then tried to pass itself onto everybody elses computer, or would we rather just let them get on with it safely, with cracksearcher.exe?

[PlexShaw]

Quote:

Originally Posted by Carl Farrington

I cannot tell you the number of times I have gone to an old Windows 98 machine and had to reinstall Windows, only to find that they don't have a product-key (we're talking 7yr old machines here).

Wouldn't something like this, which I understand is legal, help with that particular problem (prior to instigating the reinstall obviously)?

[Carl Farrington]

Quote:

Originally Posted by PlexShaw

Wouldn't something like this, which I understand is legal, help with that particular problem (prior to instigating the reinstall obviously)?

it would on a working system, yes. I do indeed use this to see if a customers WinXP is using one of the blacklisted keys.

[Eliot]

Quote:

Originally Posted by Blackspear

How is it ethically correct to use a tool to find illegal cracks for software?

Blackspear.

I couldn't help myself Blackspear, that was priceless.

[webyourbusiness]

Quote:

Originally Posted by Carl Farrington

Besides that, people *will* look for cracks. Would we rather they go to the sites listed on astalavista.box.sk and get infected with malware which then tried to pass itself onto everybody elses computer, or would we rather just let them get on with it safely, with cracksearcher.exe?

there is no "we" in "would we rather they go to sites..." - because obviously my opinion differs to yours - I say let their machines get fried and infected with the pox... if they can't work out their protection and get slimed in the process, does THAT impact anyone else negatively? Should we care that someone might get infected looking for a dodgy license who doesn't have the wherewithall to protect their machine from the malware abounding on such sites.

7 year old licenses - heard of ebay? 7 y/o software when it can be found online is DIRT cheap!

[rothko]

Quote:

Originally Posted by LowWaterMark

(Interestingly enough, the NOD32 running at Jotti did not pick it up. Since you are saying NOD32 on your system flags it, but Jotti's implementation doesn't, then something is either misconfigured at Jotti or out of date.)

i read over at the 'other antivirus' forum that jotti runs on linux and the nod32 option for finding 'potentially dangerous applications' isnt available, which is why nod32 doesnt always identify 'threats' that some of the others do. this could be why it isnt identified there, or as you say it may be out of date defs - i've seen that be the case before too.

Quote:

Originally Posted by Carl Farrington

However, it is not the job of NOD32 anti-virus program to do this. That is what Websense and SurfControl are for.

not so true with the new version of NOD32 (2.5) which is putting itself forward as more of an anti-malware app than an anti-virus app. see how it now identifies 'Threats' rather than 'Viruses'.

Quote:

Originally Posted by Carl Farrington

I wonder if disabling "Adware/Spyware/Riskware" in the AMON options would work.

yeah try that, but it may just be the 'Potentially Dangerous Applications' option that needs unticking. It isnt selected by default in a new install.

[Carl Farrington]

Quote:

Originally Posted by webyourbusiness

there is no "we" in "would we rather they go to sites..." - because obviously my opinion differs to yours - I say let their machines get fried and infected with the pox... if they can't work out their protection and get slimed in the process, does THAT impact anyone else negatively? Should we care that someone might get infected looking for a dodgy license who doesn't have the wherewithall to protect their machine from the malware abounding on such sites.

You're missing the point - it's when their computers get full of malware which then spams OTHER PEOPLES computers, that's when it starts impacting on others.

Quote:

7 year old licenses - heard of ebay? 7 y/o software when it can be found online is DIRT cheap!

Mate when it's 8:30pm and you've just popped into a customers office to get something setup for the next morning, say migrating a server, and you have to go round all the workstations and then when you've just told the harrasing girlfriend that you're leaving in 5 minutes and this shitty 98 machine completely barfs on you... you ain't gonna be going on eBay for a product-key are ya.

[BlueZannetti]

Quote:

Originally Posted by Carl Farrington

Mate when it's 8:30pm and you've just popped into a customers office to get something setup for the next morning, say migrating a server, and you have to go round all the workstations and then when you've just told the harrasing girlfriend that you're leaving in 5 minutes and this shitty 98 machine completely barfs on you... you ain't gonna be going on eBay for a product-key are ya.

By the same token, in a commercial setting, you're not going to potentially leave your clients legally exposed by placing cracked versions of software on their machines, are ya?

Sure, maybe the client is licensed for the software, but between the time the illegal application keys are flagged and the licensing details are sorted out, your clients reputation has already suffered. It is simply not appropriate to cut corners like this working on a clients machine.

Blue

[dvk01]

Quote:

Originally Posted by LowWaterMark

Uploading the file to Jotti showed that a few other anti-virus products also flag the file in the same way as NOD32. (Interestingly enough, the NOD32 running at Jotti did not pick it up. Since you are saying NOD32 on your system flags it, but Jotti's implementation doesn't, then something is either misconfigured at Jotti or out of date.)

Jottis doesn't have the extra detections/spyware bit enabled in NOD at the moment but Virustotal does, that is why we frequently get a different result from the 2 sites on the same file

[dvk01]

if you see thw virustotal repoirt on that file
his is a report processed by VirusTotal on 06/04/2005 at 13:48:40 (CET) after scanning the file "CrackSearcher.exe" file.

Antivirus Version Update Result
AntiVir 6.30.0.15 06.03.2005 PMS/CrackSearch.A
AVG 718 06.03.2005 no virus found
Avira 6.30.0.15 06.03.2005 PMS/CrackSearch.A
BitDefender 7.0 06.04.2005 no virus found
ClamAV devel-20050501 06.04.2005 no virus found
DrWeb 4.32b 06.03.2005 no virus found
eTrust-Iris 7.1.194.0 06.04.2005 no virus found
eTrust-Vet 11.9.1.0 06.03.2005 no virus found
Fortinet 2.27.0.0 06.04.2005 HackerTool/Cracksearch
Ikarus 2.32 06.03.2005 no virus found
Kaspersky 4.0.2.24 06.04.2005 HackTool.Win32.CrackSearch.a
McAfee 4506 06.03.2005 potentially unwanted program HTool-CrackSearch
NOD32v2 1.1126 06.03.2005 Win32/HackTool.CrackSearch.A
Norman 5.70.10 06.03.2005 no virus found
Panda 8.02.00 06.03.2005 HackTool/CrackSearch.A
Sybari 7.5.1314 06.04.2005 HackTool.Win32.CrackSearch.a
Symantec 8.0 06.04.2005 no virus found
TheHacker 5.8-2.2 06.04.2005 no virus found
VBA32 3.10.3 06.03.2005 HackTool.Win32.CrackSearch.a

either described as posssibly unwanted program or hacktool by many Antiviruses

This is one of the no win situations for an AV. most times we see reports XXX didn't detect XXX and the reply is well it isn't a virus it's a riskware program that can be used for immoral or illegal purposes and after numerous complaints give in and detect it.

Next day some one says OH xxx detected XXX on my computer and it's harmless it's a crack tool

what are the AV companies supposed to do

Almost all Antiviruses now are not pure antiviruses but antimalware detectors and detecting crack tools that encourage the use of copyright contravention and software piracy is a legitimate part of an antiviruses job