Fail from IDA and ESET

Discussion in 'other security issues & news' started by ichito, Jul 14, 2011.

Thread Status:
Not open for further replies.
  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    "The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.
    IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation. (...)
    This release should serve as a life lesson to those who consider themselves as "people 'blue' blood." It aims - in some ways to bring down pride (swallow their pride), to tell these people where to get off. Show that, besides them, there are other people who should at least respect, appreciate their work and consider to their opinions (or at least listen to).
    This release is dedicated to one man and one company, which behave antisocial, defiant, arrogant, are not considered to anybody or anything, and therefore need to conduct a little "educational" work from the community.(...)
    Summary: ESET company instead of learning how to properly detect the content of files protected by the TH/WL (in the first place) and VMP, just stupidly detected *all* files that are protected with these protectors/license managers (seems it is Avira-style). And ESET - it would seem, technically competent company, which have a really well written code. But here's the approach. It's not all. ºÛº
    At one specialized security forum, the company vowed and swear blind that all shareware developers, whom this concern, can contact ESET, and their software will be handled as exceptions (will not be detected as malware). In fact, it was not the case. Outright rudeness, arrogance, bullying. ESET kill individual developers and small companies, because they losing their customers, if they reliably protect their products against crackers. Why? Because ESET NOD automatically detected the files as malware. Moreover, it did not even let users to download them from sites! But that's not all, bearing in mind as they are now arranged in the antivirus industry, it was enough to upload the file to the VirusTotal, as it began to detect other "morons", copying the verdict."
    *
    http://habrahabr.ru/blogs/infosecurity/124054/
    http://www.kernelmode.info/forum/viewtopic.php?f=11&t=999
     
    Last edited by a moderator: Jul 14, 2011
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Wasn't ESET hacked at least once before & in the last year or 2 ?

    What a convoluted episode this is !
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Some cracked software is purportedly from Eset implying they were hacked? Whatever :thumbd:
     
  4. x942

    x942 Guest

    Cracked software isALWAYS Picked up by AV's. There are two main reasons for this:

    1) 90% of it is infected by Malware

    2) AV's "detect" it to thwart pirating. Some people will go "Oh no my AV detected my XYZ.exe crack as malware! I better remove it!"


    I don't see the problem here. If you want IDA Pro for free BackTrack 5 has a copy (legit licensed free to use copy).:thumb:
     
    Last edited by a moderator: Jul 14, 2011
  5. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    I believe the free version of BackTrack 5 only comes with the dissassembler.

    Its not really the dissassembler thats important here... The Hex-Rays plugin is an amazing piece of software that is capable of turning asm/machine code back into C. There is nothing in the world as powerful as Hex-Rays. It took alot of effort to create and extend Hex-Rays and I think its sad to see the software and the work of dozens of reverse engineers distributed for free.

    Btw, this thread should be neutered of the NFO link in my opinion.

    -MessageBoxA
     
  6. x942

    x942 Guest

    Ah no only IDA Pro is free with BackTrack 5 linux. You have to get the plugins yourself. But non-the-less how is this (as implied by OP) ESET's fault?
     
  7. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    The OP simply pasted the english translation of the russian message left by the individual that leaked the package. It seems that he harbored resentment.

    -MessageBoxA
     
  8. x942

    x942 Guest

    Ah. Gotcha. Makes more sense in that context. :thumb:
     
  9. hurzelpurzel

    hurzelpurzel Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    14
    You sure? There are IDA Freeware (Win32 binaries only, only x86), IDA Pro Standard (most targets, no x64) and IDA Pro Advanced (x64 and more targets). It would be amazing if even one of the Pro versions was made available for free in Backtrack. AFAIK latest free version is 5.0 while we're at 6.1 as Pro users. Being a (paying) user I'm not at all happy about the leak for obvious reasons.

    And if you need Hex-Rays (which can also be quite deceiving), I'd say you don't know half the things you should know in order to use IDA Pro ;)

    As to how it is purportedly ESETs fault is being investigated. All binaries we paying customers get contain watermarks and can thus be traced back. Those leaked apparently contain the one that was assigned to ESET. Unlike with other software, it is allowed to reverse IDA Pro itself, though.
     
Loading...
Thread Status:
Not open for further replies.