How truthful is that cracked programs get detected as """"false positive"""""

Question

How truthful is that cracked programs get detected as """"false positive"""""

James Green

June 14, 2016 - 12:54

Other urls found in this thread:

autohotkey.com/board/topic/49032-enough-with-the-upx-packed-virus-false-alarms-enough/
english.stackexchange.com/questions/3838/viruses-or-virii
twitter.com/AnonBabble

Hunter Morris

%100. No such thing as a false false positive.

June 14, 2016 - 13:07

Isaiah Stewart

will the guy creating the virus admit it's a virus?

June 14, 2016 - 13:21

Cameron Stewart

Why would he do that

June 14, 2016 - 13:22

Gavin Allen

Happens pretty often because crack writers go to great lengths to shrink and obfuscate their shit, which makes it look virus-like.

However, this also means that a nefarious person could infect the crack with something and you'd be none the wiser.

When in doubt, upload it to Jotti and see what you get back. If you get results for "UPX" or "Packer.generic" or things like that, those aren't viruses and are safe. "Generic trojan" is a bit more borderline, but usually safe - have backups just the same.

Actual named viruses aside from those showing up on more than one or two scanners means there's shenanigans definitely going on.

June 14, 2016 - 13:26

Michael Jones

Maybe nobody has ever asked him, and he's actually a really honest guy.

June 14, 2016 - 13:28

Cooper Peterson

Although I agree with you... I would be hesitant to call UPX or Packer.Generic safe.... I mean it probably is, but you still don't know

June 14, 2016 - 13:29

Lincoln Myers

UPX or Packer just literally means that the file was run through a utility to shrink its file size. It is not a marker of any shenanigans of any kind.

See: autohotkey.com/board/topic/49032-enough-with-the-upx-packed-virus-false-alarms-enough/

June 14, 2016 - 13:31

Adrian Collins

Why do people even put "..." after their comment?

If anything it makes him seem less credible

June 14, 2016 - 13:33

Ayden White

I know what packers are, in just saying that malware authors don't want their shit easily identifiable, so they use packers too. UPX is easy to unpack and check for suspicious activity, but just cause it's packed doesn't mean is safe

June 14, 2016 - 13:35

Robert Nguyen

Depends, Steam games that use the simple Steam Crack to bypass the Steam DRM have no bussiness at all being detected as virus, so if you download a Steam games and the crack gets detected you can be 100% sure it is a virus.

June 14, 2016 - 13:37

Dylan Martinez

>2016 Anno Domini et aedificare Muru
>still using cracked programs

wew la

June 14, 2016 - 13:39

Levi Nguyen

It's a sign of expectancy. Like
"I can't believe you didn't know "..." in a sentence meant expectancy."

June 14, 2016 - 13:41

Aaron Reed

It's like in those movies where if a bad guy asks an undercover cop if he's a cop, the cop is obligated to say yes.

Similarly, if a person that made a virus is asked if he made a virus, he is obligated to tell the truth. It's just common courtesy.

June 14, 2016 - 13:46

John Sanders

Not everyone lives in a super-rich city state, "la."

June 14, 2016 - 13:52

Justin Sanders

>cant even afford to pay software
Did you fall for the "pc has unlimited free games" meme?

June 14, 2016 - 13:54

Wyatt Perry

Are you implying that it doesn't?

June 14, 2016 - 13:56

Evan Bennett

keyboard's broken OP

June 14, 2016 - 13:57

Adrian Brown

Why are you asking? Don't you decompile/debug/analise shady shit in a sandbox before trusting it to your machine?

June 14, 2016 - 13:57

Xavier Powell

Their code injection behavior within .dll files is what flags them as virii.

June 14, 2016 - 13:57

Nolan Evans

I wasn't talking about myself, just pointing it out.

June 14, 2016 - 14:00

Elijah Thompson

This. I saw the word "cracked" and immediately checked the date to make sure that it's 2016 and not 1999.

June 14, 2016 - 14:00

Eli Scott

Who even pays for software anymore? 99% of shit I want is available for free. University pays for 50% of my software, 25% of software is free for being a student, and the other 25% is free if you contact the company asking for a student license.

June 14, 2016 - 16:30

Ryder Turner

No we don't. We deobfuscate, if anything. I'm out of practice, but these days we remove more executable packers than anything else: even Denuvo qualifies as one, at a basic level.

Repacking things with UPX afterwards is harmless: every good AV knows exactly how to look inside, it's standardised.

Sometimes we use techniques that raise eyebrows in the crack, such as ROP, or things get turned into a NOP sled, or non-standard NOPs used as signals to CPU microcode (Denuvo uses these, too). Or anything inside a loader, which might do DLL side loading or any of a number of tricks.

Speaking for myself if an AV flagged my shit on VirusTotal I'd figure out why and work around it. So in this day and age I'd consider it suspicious, especially with assholes taking releases and putting malware in them.

False positives do happen however. More with protections and tools than with cracks. Some AVs suck.

Part of the reason I left the scene is because they refused to sign releases. Really only DAMN ever did. Now look at it.

June 14, 2016 - 17:40

Christian Gray

is this some trendy new thing where we change words around or are you saying theres no cracked software anymore?

June 14, 2016 - 17:43

Joseph Wright

fyi, the plural of virus is viruses:

english.stackexchange.com/questions/3838/viruses-or-virii

June 14, 2016 - 17:49

Caleb Collins

public game cheats

>trojan horse black wizard
>keylogger monkey
>bitcoin miner helper
>ransomware

is this a virus?

June 14, 2016 - 18:08

Cameron Reyes

Tbh there's plenty of freeware that performs as well as commercial software nowadays

June 14, 2016 - 18:25

Michael Lee

nice meme

June 14, 2016 - 18:31

1 2 3 Next

How truthful is that cracked programs get detected as """"false positive"""""

Last threads