False Positives or Paranoid Anti-Virus Cos. ??

This is what I had in my head at the time! http://www.youtube.com/watch?v=ZBbAZVw3_7A

TH

 

Oh...my wrong judgment.

Today i swapped my Norton IS 2010 with Avast Pro 5.0, Hope it may work properly...

 

As a matter of principal I think AV companies should alert on these keygens, since whoever is using them is stealing.

 

eh?

if its not a virus, it shouldn't be labelled so.

 

antivirus vendors are companies, not the legal police so no, thats not their job nor shuld it be.

 

Its really a Catch 22. While they may not contain acutal viruses, they are a form of malware.

 

Malwarebytes' opinion.

 

I agree with that opinion.

 

Many AVs are detecting cracks patches as patchtool/ hacktool bcoz they break the protection methods and modify it. We cannot understand how they modified that software. So it may become a malware after patching. Also cracked softwares will not get updates which is a security problem.

 

Not completely true some.
Haven't you heard of norton's trial reset it is been on net since a year.

 

I do agree with you that Patches do modify softwares, even last year i have saw there is patch for Adobe Pro Extended 9.0 from CORE Team. They modify the host file, but after some time many other crack team copied their cracking way and produced their own keygens cum patch.
But after sometime CORE team announced that you can manually modify your host file and can use their serial keys. Now the main motto to explain all this is that even their new keygen is not malicious but still it was detected by many AV's as a virus....

About Patches i don't know how they work or what did they do, but about keygens those who are not malicious should not be marked.

 

The CORE team is one of the best in writing keygens, patches. There was also in case where an AV(I don't want to name) could be cracked manually by just modifying the host file and using serial key but when the AV updated then with just one restricting the host file to be modified only by the admin the AV was cracked and can be used for say 5 years

And yes I do agree if keygen doesn't do anything suspicious then it should not be flagged unnecessarily as malware or PUP

 

Yeah Norton's trial reset is one of the good example of this thing...Even some days ago Raymond also mentioned this thing on his blog but after sometime he took it down on the request of Norton...

So you can imagine that Norton is aware of this thing...but still can't figure out how to take that patch down...Now they are detecting that Patch as a hacktool but still that tool is not doing anything malicious except modifying Norton's files so that user can use it upto 165 days.

 

Norton does detect but the TR gets updated frequently so gets undetected. But one main thing the TR won't work unless norton tamper protection isn't turned OFF by user hence the user himself/herself is responsible for cracking the application

 

There are lots of reasons why AVs detect keygens, cracks, patches, etc. as malwares:
1st. Although most are not malicious (at least those that are released by the scene), some are repacked with droppers.
2nd. Most people that get their pcs often infected, are frequent visitors of crack sites or worst, they visit those sites with IE explorer.
3rd. There is somekind of "ethical" agreement between AV companies and other software developers.
4th. Most use the same packers used by the malware creators. (And because of this are detected by the AVs heuritsics).

Even thow I agree with the AVs that flag them as malicious, I do not agree that most of them flag them as trojans or worms... when they are not. Because they led people to not trust their antiviruses since they do lie to them...

my 2 cents,
Panagiotis

 

if the keygen or crack is detected and specifically says the detection is a hacktool or keygen or something along those lines, then im ok with it detecting it, that way they at least tell u wat it is and u know why its being detected. not like in some cases wer its called by some obscure trojan name or something.

 

Hi Bro,

Yeah i agree with you that they should tell us what exactly the file was and what exactly its doing...Virus Buster is the only AV which is dare to do this. And i case of McAfee you will find that even scene release keygen/patches are marked as Generic Artemis.
Those who are novice users will definitely get confused....