People complain about getting virus alerts from game hacks or cracked games

Don't they detect it due to signatures and modifications?

Because 99.9% of the time they are false positives. Do you have any idea what a virus is?
Naive retard

I'm just curious.

I see a lot of posts about game hacks and other cracked games on GGn and all the comments say "false positive, disable your AV ;)"

I'm trying to learn more about security and I'm not sure if that's true or not.

It's a false positive you idiot they've been releasing games for years (CODEX, SKIDROW) just don't be a retarded nigger and always download from trusted groups .. how are you on GGn if youre this fucking new to torrenting games? Dickhead

because not everyone's native language is English?

and god bless them for that

aren't most game hacks viruses?

Sup Forums completely BTFO

Most aren't, since the piracy community is heavily reputation driven, and it'd damage your good name to distribute malware. That's not to say it never happens though. You still ought to be careful.

Microsoft, AV companies, and other sellers of proprietary software, however, are very eager to make you believe that all the things are malware that doesn't even work, so don't even try getting our overpriced crap for free, goyim.

They are detected since the techniques they use edits RAM etc, malware techniques encompass ram editing as well. Since both do the same, false positives exist.

I do everything from my neon GNU/Linux partition, and play games only on my Windows 10 partition.

Hence IDGAF if game cracks are loaded with spyware.

Some do use that technique, but that doesn't explain why they detect keygens as malware, since a keygen is just a little self-contained program that takes some inputs, does some calculations on them, and produces an output (a registration code). Maybe it spits that out in a particular file format. There's no way that's suspicious behavior. The only reason keygens would ever be detected is because the AV companies specifically look for them and want to stop you from pirating things.

So let's say if something like this that CS:GO hackers use, would this be a false positive?

The system keeps saying this is spam for some reason.

>pirate nonfree binaries that have been tampered in undocumented ways.
>botnets are still a huge problem
>people can't connect the two

lmao, enjoy your virus cucks.

Yeah I learned my lesson with "false positives" when I pirated Alpha Protocal a few years ago and a few days later I noticed that if I let my PC idle the gpu fans would start spinning up only to resume to normal as soon as I hit desktop again. There was a fake rundll32.exe process running that was actually a bitcoin miner.

It's true. They're usually false positives. You will know pretty quickly when you download something dodgy and it fucks with your system

You mean game hacks? Probably legit unless you paid for it. You will most definitely get vacd

Do you even know what a fucking injector does?

Keygens do cause false positives retard

>Be OP
>Type in comments: "uhhh i think Norton knows better than u thx. i deleted the virus :)"
>Proceed to suck a few cocks
>Post dumb shit on Sup Forums

Anything I left out, tard?

True.

I'm sure. I ended up quitting CSGO due to the amount of hackers.

I know it injects code into something, probably why it sets things off.

Nah you hit the nail on the head m8.

Cheat engine used to tick off on a lot of AVs since it had the same heuristics pattern with most malware that operated in RAM. Operating and editing memory streams of other programs isn't something you would do normally.

Altough I do not doubt the fact that Anti-Malware developers also tag keygens off as viruses, it is also that a lot of them behave like viruses. Still your point still stands, as AV producers do a whole lot of Bullshit

This is actually been a good explanation.

So a quick question, how do you monitor these things?

Does procmon show everything the hack is affecting?

>out to get them personall
Not out to get you. Out to sell your web activity to the highest bidder. Then you can be type cast and who knows what else. 'Anything you search for can and will be used against you' is more likely the case.

The way many cracks work are also the way viruses tend to work.

The programs see these and think something nefarious is going on, which it is, just not something you care about.

the only way to not have false positives would be fore the AV to acknowledge its user base may steal shit, and look into what they find to know if its a real crack or not, at which point they could be culpable in aiding and abetting theft.

i will try to help this thread out.

AVs are junk and a far stretch from being secure. some are sig-based, some are heuristics, some use behavioral analysis, or blend it all up like a smoothie. fireeye and some others flaunt their engine or w/e but nothing beats a trained eye.

these cracked games usually have some sort of bypass or priv escalation built into them using APIs / dlls, cause the game devs code in a way to prevent the crackers - old schoolmethod of a key.

malware does the same thing since they are usually trying to escape or escalate privs - except with the intent to gain persistence and accomplish w/e the motive is.

sometimes they both utilize simiilar techniquest o accomplish this, via certain APIs, DLLs, and memory techniques.

only way to be 100% certain is to do regshot captures, pcaps, and utilize sysinternal tools in dynamic analysis for cracked games. probs the quickest and dirtiest way to get an dea if the cracked game is bad.

see roodypoo dns requests and funky get requests and postbacks? u just got pwned.

all cracks should be opensource, but becouse win babes don't care about security, they will likely get hacked or cucked by steam (that inrecepts dns querys and do other kernel shit -for anticheat)

>virus alerts but never any actual viruses

I like how mse just straight up says its a crack or keygen in description

Getting malware and root kits is so rare you litterally have to be fucking retarded to install it and leave active monitoring off, most AVs have rootkit scanners.

If you mean how the AV monitors changes in memory stream, then it is by hooking into the stream itself then watching for changes in RAM allocation that isn't declared when a program requests it.

Procmon shows this I think, however it requires knowledge of what is effecting what.

What you do is select the process you think is being modified, then view the path and address, as injection cheats, keygens temporarily change the dll path so that their own is executed. It is fairly easy to see, however actually reading the change requires a debugger.

Is there any book out there that goes into this in more depth?

I have AIDS. Once I told a bitch it was just a false positive. She believed.

I hope you get sued asshole.

Malware analysis essentials by Victor Marak is one. However I really recommend or the Antivirus hacker handbook. These two books are great, however the AV book requires some knowledge of reverse engineering of heuristics applications.

A lot of these things are pretty technical, so it is a lot of reading

>Use a trusted site with comments system
>Don't be the first to download a crack
>Wait until plenty of seeds
>Then wait for the comments

>Want to play Heavy Metal Fakk 2
>only two sources I could find online
>one is a torrent that is missing the correct font installer so game crashes to desktop
>other download works fine but Windows says it's a Trojan

because usually AV even tells himself what he found was "Hacktool:win32/somegame!". Its pretty obvious that something like that is just some game crack.

Game cracks are the perfect way of distributing malware since gamers will always claim everything is a false positive.

Fucking retards, I hope you enjoy belonging to my botnet