Five Times More Likely to Get Malware without AV

Five Times More Likely to Get Malware without AV:

http://www.hotforsecurity.com/blog/five-times-more-likely-to-get-malware-without-av-5980.html

 

Hard to believe there are still people out there that risk the potentially hostile world of the internet without protection. But they do.

 

The part about keygens is false and is just a scare tactic to steer users away. The fact is, verified, trusted keygens AREN'T loaded with malware. Malware imitating keygens is malware however. Meaning someone takes a legit program, and adds a malware with name keygen.exe. Naturally most users will think it's a keygen for the app and will run it. Most don't even bother doing the GUI for them because when you run it, its too late anyway, so why bother making a GUI that looks like a real keygen...

 

Agreed. I wish they would not misrepresent such things, it takes credibility away from the anti-malware industry. I am not advocating the use of such things, but don't misrepresent something as malware that is not.

 

Not to mention that there are many alternatives to AV's nowadays that many members here use, such as anti-executables for example. It's easily possible to set up your system to be even more secure than with running an AV. The article obviously is referring to 5 times more likely to get malware if you use NO preventative measures...

 

Exactly. I also hate it when antivirus companies detect keygen or No-CD patches as malware and then refuse to fix the false positive. I really hate it when AV companies play moral police. Fine, detect keygens that target YOUR product, but leave the rest alone and fix the stuff thats not really a malware, even though it falls into a grey zone. avast! has always been great regarding this and i hope they'll never change the behavior. If it's not an actual malware, AV companies should fix it regardless of what is the actual purpose of the otherwise detected file.

 

I don't think this study adjusted the results for idiocy.

 

Most of them don't. It is a larger factor than AV software is.

 

Hey, could you be more specific about who are those "they"? Which are the vendors who generally detect keygens as malware and who generally do this? With more than 50 vendors I can give example of, I know only about AVIRA team who do this generally, and few (very few) examples in ESET.

Microsoft - the data provider for the article quotted by the OP, gives practically zero false positives and all keygens (strict keygens or cracks) are always classified Medium cathegory - Yellow - as keygens and users has the option to allow or block.

Using cracks/keygens:

• is not loyal - you ruin someone else's labor and you show no respect about what the other part gives you
• is not near what the laws say
• is the worst from security perspective - you run something that you do not know what it would do and what the final outcome would be - from untrusted source, from unknown author
• gives no guarantees for successful operation, for time being and no guarantee that if something breaks, they [the unknown] will support you or pay something

So, if you want some quality or some guarantee, if you want to be loyal and to support the vendor , to show some appreciation, if you want some security - try to find the product/service cheap but never free. Free lunch doesn't exist

 

And now that morals class is out for the day, I'll add my 2 cents. Of course running around naked is more likely to get you infected...they really needed an article for that? I won't get into anti-executables and all that since none of it would matter in anything but the most half-ass attack, but yeah, I think most people with working minds understands going naked is a stupid idea.

 

Again, I stated that I did not advocate the use of keygens, no more reason to get into that... I work for a software company so I obviously do not encourage stealing software.

Norton will detect almost any as malware. As a matter of fact the will dig it out of compressed files and delete the entire archive without asking. In my experience I find that Microsoft also detects most of them. Kaspersky and ESET not so much. Most other vendors I have tested fall somewhere in between. I have not run many recent tests to give a breakdown of specifics. U.S. based vendors do it more than their overseas competitors.

 

I think there are other possible setups that can be pretty bullet-proof, unless you want to be paranoid and worry about theoretical possibilities instead of practical reality, but yeah, most people should know running naked is stupid. lol..

 

If the keygen does not contain malicious code, the AV should NOT detect it as malware. End of discussion. Whether or not it's right to use keygens is a completely different discussion.

 

Right. The AV should not be playing the role of moral police, period.

 

AVs are not playing a moral role.

Keygens/cracks, etc. must be detected under certain cases but not as trojans or rookits (if they are not such peace of threat) but as potentially unwanted or unsafe applications.

Any reputable company will tell you that they cannot afford the usages of such software among company machines, and if an employee tries to use such software, this exposes the company to legal actions from the vendor, which might cost A LOT (in addition to all negatives I wrote above). If the AV finds such software, they should proactively delete it in the company for the reason(s) I already mentioned.

 

Either they detect it or saying that using keygens is illegal wa-blah-blah-blah. =V

It reminds me about someone's post somewhere that his AV product even detected a legit game and saying that it's a keylogger.

 

Any executable (being it game or no) with no good or suspicious EULA and coming from suspicious company could be a keylogger

 

It was a legit game. I don't really remember what the game was but it was quite a popular game IIRC. And besides, even big companies or our governments could do that without telling anyone.

 

They are playing the role of moral police, by trying to tell you what to do. They're saying "Hey, this particular keygen is not actually harmful in any way, but things like this aren't good, and you shouldn't use them." That's not the AV's job. The AV's job is to detect malware, and nothing more.

 

Keygens belong under PUP classification with appropriate name. Anything that is detected as something else is a false positive.

 

I used to use Keygens for software that was interesting to me, I used them for a year and if they were good I would buy the program next year, I think this is fair. I probably used around 200 Keygens when I was younger, 0 contained any malware. Microsoft round about scare tactics to stop people pirating there windows operating systems.

 

Could be even worse if they are teens plugging in hundreds of USB flash storage devices per week.

 

Why the hell would anyone want to be "loyal" to a company? That's one of the stupidest things I've ever heard.

Also, you're not "ruining" anybody's labor by pirating their software which you would not have bought anyway.

 

ROFL

Wow lets see

I haven't run an av for YEARS with no infections,on a old PC running an XP operating system.

Man,I'm so nervous I cant stop sweating! Please,give me a break

 

how do you know you are not infected? not all viruses/trojans are noticeable.