Software Cracks: A Great Way to Infect Your PC

"I often get emails from people asking if it’s safe to download executable programs from peer-to-peer filesharing networks. I always answer with an emphatic “NO!,” and the warning that pirated software and cracks — programs designed to generate product keys or serial numbers for popular software and games — are almost always bundled with some kind of malware. But I seldom come across more than anecdotal data that backs this up." :

https://krebsonsecurity.com/2011/06/software-cracks-a-great-way-to-infect-your-pc/#more-10115

 

That is unless you crack it yourself.

 

Nice article, since many "false positive" reported are cracks and keygen

 

It's been a couple of years, but when I was gathering malware for testing, I grabbed quite a few cracks and keygens in the process. Unless things have changed drastically in the last year or 2 or I was exceptionally lucky (or unlucky since I was after the malware), most of the ones I downloaded were clean. Yes, there are some that are or contain malware, but that can be said about anything you download. The threat does exist but is quite exaggerated, and yes, some security apps will flag them just because they are cracks, whether they're infected or not.

 

As with anything... make sure you get it from a reliable source. No reason to worry about cracks if you know that the source is legit and you've got testimonials.

 

Don't software companies (and their employees) need to survive, and be rewarded for their hard work, rather than have it stolen like using a crack/keygen does?
If everyone did as you suggest they'd soon go out of business.

 

Better still don't use cracks

 

Most crack makers don't try to infect people... since they are doing it for "street cred".

That doesn't mean the cracks you get on the pirate bay are safe. Most of the time, its not the creator of the crack uploading it along with the pirated software.

A very large portion of pirated material does in fact have some sort of malware in it. They will often use a packer to shim the malware on the crack or the installer. Everything will look like it worked (because it included the legitimate crack + software), but of course the malware would have been executed..

 

I on the other hand would. I do not condone the usage of cracked software but it's the security application's job to detect malicious software. They are called anti-virus and anti-malware programs, not anti-warez. However if anti-virus/malware vendors want to create a special category for cracks (like for PUPs and such), so the user can turn the detection off, then it would be OK.
Again: I don't condone the usage of illegal software but also I strongly dislike when anti-virus/malware vendors mislead/lie to the users and tell them something is a threat when in reality it isn't.

 

In all fairness, I'm not sure they do this purely because the software is a crack. Some of them probably do, but I doubt all of them waste their time creating signatures for cracks. A crack does contain code to modify information in an executable file, causing it to operate differently, which is very virus-like.

 

Let's not forget that cracks aren't only used by devious individuals intending to steal software. While that is one primary demographic, I would say that there are also legitimate consumers who have purchased software, and are unable to use it due to draconian DRM measures. Some forms of DRM interfere with system stability, and/or prevent the software from launching for foolish reasons.

Case in point: Back in time when I was trying to play the original Crysis, I was unable to due to SecuROM DRM. I was using an internal DVD drive that was running on a jMicron SATA controller. Due to the way the drivers were set up, Windows recognized this drive as a SCSI device. The presence of a SCSI DVD drive in my machine meant that SecuROM denied me the ability to run the software at all.

Something similar happened with BioShock and Process Explorer, where SecuROM would not allow BioShock to run if Process Explorer had been run at all during the system uptime.

These small issues were eventually patched, though I had to wait. You can appreciate the agitation that a consumer must feel upon purchasing software, and then being unable to use it or get a refund. Personally, I'm too paranoid to use cracks. Nevertheless I can understand the attitude of someone who has actually paid for software, and who is unjustly barred from their new software by DRM measures, appealing to such an option.

 

I agree with Carbonyl on the main point, the DRM prevention. It's a shame that some developers rely on such invasive techniques. Some of you may even remember the famous Sony DRM? Which installed rootkits on the computer which ran the music CD? Yeah.

That said, I too agree with all the posters saying you shouldn't use cracks or keygens. The way to win the war against DRM is that everybody stops pirating; not that everybody pirates more. If the DRM is too intrusive, simply vote with your wallet, as I have done.

 

Sorry, but I could not disagree more! - AV solutions moaning about all sorts of things that aren't (!) malware are simply *scareware* to me and nothing else. - It's really easy to flag every "crack" as malicious. - Good AV solutions are able to make a better judgment. - Even not using cracks I would suggest using products that don't see malware all the time and everywhere. - False positives (and detecting cracks as malware are in fact fp's, nothing else!) are the main criterion nowadays for me to split worse from good AV products. - Because it's very easy to develop a sort of no-execution "protection". - But truth is I can't remember the last real active malware on my system over the last years but false positives I have every or every other day (now that I test WSA beta that is ). - I wouldn't buy a "lazy" AV solution that flags clean (!) cracks as malware by default. No, I wouldn't even use it if it were free. - Because the main hassle today for me are false positives, it takes so much time and nerves reporting them etc., especially if you are helping out relatives with their computers. - Detection comes 2nd or even 3rd (after performance) to me (because I never have infections!), having no or as few as possible false positives is paramount to me. - YMMV!

 

Cracks aside , I also believe that if such type of thing isn't performing malicious actions (those same type of actions that classify what is malware), then it shouldn't be classified as such. If anything, they should be classified as PUPs and nothing else.

Otherwise, why not start classifying their own applications as malware as well... OK... at least spyware. I don't know if it happens with all, but some security software does not ask the user upon installing it, whether or not the user wants to send information to the software developers, even if so-called anonymously. The fact is they do send out information without asking.

So, in all fairness, they should also be classified as such - spyware. That is, if they also classify cracks, etc as malware, just for the sake of it, without being malicious, at all.

I know this isn't of any difficulty, but... Let's take the bull by the horns.

 

Years back, I had a fair share of cracked/pirated software. At the time, they were priced well beyond what I considered them to be worth or could afford. Since then, I've replaced all but 2 of them with Open Source apps, which have outperformed them. The last 2 I continue to use because these versions aren't available any more, and the newer versions and alternatives aren't compatible with my system. When MS purchased the one app, the first thing they did was artificially limit its compatibility. Until that changes, (which it never will) I'll continue to use the cracked version. It's sad when using a pirated app is the only way defeat planned obsolescense. That said, none of the cracked/pirated apps that I downloaded for my own use were ever infected.

Regarding whether some AVs deliberately target cracks and keygens, it wouldn't be hard to find out. Just upload a couple of known clean keygens or cracks to VirusTotal and see who flags them.

 

Using that standard, Windows will qualify as spyware, as will most media players with DRM components, cloud based security apps, etc. This could be a long list.

 

There is no excuse for using cracks but the fact that almost everybody looks for one to justify speaks volumes. Thank you all. Thread closed