I understand that sharing video, photos, documents etc. is relatively safe because the data is not executed in the processor as instructions. How come people are willing to download and install pirated software though? How can one be confident that it does not contain malicious addons? Are people just don’t know the risks? Or are there protection mechanisms that I am missing? I mean since the software is usually cracked there is not much use in comparing checksums with the originals, is it?
How come people are willing to download and install pirated software though?
You can just remove “priated” from that statement and come to the same conclusions. Considering the amount of bugs, backdoors and 0-day exploits distributed via official software I sometimes wonder why people execute proprietary, closed source programs at all.
An no, “reputable” companies mean nothing, just look at Microsoft clowning around with their signing keys.
I trust pirates more than billion or trillion dollar companies. Also, aggressive DRM such as iLok is worse than malware, so eh.
Fuck iLok. Shit made me regret buying plugins, should have stuck with piracy.
Worth noting that paying for a license for software doesn’t stop it being spying malware either. In fact the pirate versions often take out the spying and the reporting-to-homebase that proprietary software does.
The photoshop that phones home to check a license is arguably more malicious than the pirate version that has been cracked so it doesn’t do that.
Good and valid point. I use opensource software wherever I can.
Though paid software is not going to encrypt your data for ransom or use a keylogger to steal bitcoin (yet).
There was an antivirus that was caught running a bitcoin miner in the background tbf. If memory serves it was Norton?
It was opt-in, and I think to make your subscription cheaper. Then again, Norton sucks!
If i were to pay for an AutoCAD license , it would be over 200$ A MONTH
That’s why I’m learning Blender, I think I’ll be able to carry on without Maya.
Adobe isn’t pretty but Autodesk is a scourge
Blender is fully capable these days, have fun!
What kind of cheap-ass, stripped down AutoDesk suite are you getting for $200/mo. Last I checked, the architectural suite was north of $4500/yr.
I just use paint
Technically you can do all the same things with paint and a LOT of patience.
You’re thinking too technical about this. This is a money thing. Personally speaking pirated software/games were chicken soup for my poverty ridden childhood.
Long story short.
- Be prepared for disaster.
- Scan it. Sandbox it if concerned.
- Firewall inspect/block/allow every outbound comm.
- Get it from a trusted source.
Basically the same stuff you should be doing with all software.
Edit for firewall clarification.
What software do you recommending for scanning? Microsoft defender?
I don’t really use Windows except for playing games, so someone else may have a better answer.
For me, I want 3 types of protection, priority order.
-
Rootkit and ransomware protection. Lock down and protect system files.
-
Firewall. Stop software from calling home (and possibly invalidating my forged license) and to stop malware from reaching out to command and control systems.
-
Malware scanning and suspect execution detection. Most antivirus software detections will be in only one of a couple categories: keygen, generic trojan, or obfuscated executable. If I encounter this, I go to VirusTotal.com and drop the offending file(s) for it to scan. If I’m still concerned I will use an online sandbox execution recorder that tells you what the exe does such as outbound comms, file modifications, registry read/writes, etc.
Windows Defender accomplishes these requirements. Although it is a bit clunky and other mainstream antivirus (paid or free) accomplish the same in a much cleaner interface.
I cannot stress enough the importance of downloading pirated software from a trusted source.
We are seeing on our corporate network lots of browser hikackers that connect to c&c and are used in botnet DDOS as a service. Once you install x software it sets up a persistent service that keeps modding chrome.exe etc
Firewalling the .exe that you installed does nothing to stop the calls to c&c
Fair point. Malware can tunnel through existing comms, thus firewalling the exe would do little to protect you.
That’s why I recommended a multilayered defense and practicing good opsec.
An exe that installs a service, modifies unrelated executables, and sends comms through an unrelated application would be a catastrophic failure in any good defense.
If your system is this wide open then you’ll be likely to have all sorts of problems from non pirated software. Such as freeware that installs adware.
I have tried to find these in the wild to no avail.
Unfortunately the machines that get infected are not fully controlled by us but they get networking and internet from us (space rental in the building), so we isolate them as much as possible and we black hole all the bad traffic on the router level.
Our machines all have EDR and strict security policies. Not much gets past that.
Right on. Gotcha.
-
Is it smart to test if it is malicious in a vm first?
I don’t.
But I take many precautions.
I’ve been pirating software since the C64. About 40 years. Never stopped. Never will.
I buy the good software I encounter. As a developer, i know it’s important to keep funding further development. Unfortunately most is overpriced garbage.
I’m pretty new and extremely cautious with pirated software, i still need to find the precautions i have to take, luckily pirating games is much safer and easier than pirating software
Could you elaborate how pirating games is “safer” than pirating software? Both are executables that could run whatever code they wish on your system, and since pirated games are so desirable, in my experience they are far more often spread around bundled with malware than software is. Oftentimes, you’ll find people take legitimate repacks, add malware, then share the repack under the same repackers name.
I think their idea is that if you know a specific repacker like an athletic woman, compared to downloading softwares that could be uploaded by any elitists trying to fuck with you.
In practice both are the same, but the reputation of the athletic woman makes her more trustworthy.
However outside of that specific repacker I actually agree with you, it’s exactly the same lol.
Interesting. If there are reputable packers / crackers, why do they not uses GPG to sign the software? That way, no one can manipulate and reupload the software.
I feel safe, maybe I shouldnt, but my life wouldnt be this good if I didnt have access to everything I cracked lol
If I get malware, I can just go reinstall my OS. If I pay for software, I’m never getting that money back.
If you notice the malware…
I have a two PC setup, I treat the windows one with the pirated software as always potentially infected so the potential damage is limited. It’s probably not infected though, I do take the most basic precautions and haven’t had issues with malware for many years.
That’s smart, but requires extra work and hardware.
And have something worth loosing on gheir PC. Many professional software users using cracks may worry of losing their work files which could be easily backed up.
As long as they dont have their financials or personal information thats worth stealing, the cost saving of the pirated software is worth infection, which at max needs a fresh install.
deleted by creator
More reason to have MFA?
deleted by creator
Meh, how is surgery a thing? You let people just open you up and dig around your insides?
it’s a mix of need and belief in a proper vetting process. For computers there’s the additional layer that any one machine is probably low stakes. In early internet days most software was prohibitively expensive but gave you the equivalent of super powers - as a teenager / young adult with ability to take that risk you’re not going to do it?
Well, I prefer to go the hospital with licensed personnel and not to ask some guy on the internet to perform surgery…
And where those are illegal or prohibitively expensive you have people either traveling to less regulated countries or even straight up illegal operations.
Eg., black market transplants.
Yeah checksums are useless. But if you know assembly, you could diff the original binary with the crack and look for anything malicious.
when you dl from any seller site do you know what you get regarding spy/mal/bloatware? for sure?
i would not dl from usenet or a public tracker though.
Get software from reputable private trackers only
This is one of the single most important pieces of advice. Unless you have access to topsites, then this is about as close to the source as you are going to get, except for FitGirl repacks that can be DDLd from her site.
Make a dedicated user on your machine for pirated software. Never give that user root. Should contain it.
Will not
really theres little reason to even use non-foss paid software…
Unfortunalty most professional Autodesk software have no viable FOSS alternative (except Blender)
whats wrong w blender ?
I meant only blender is a solid contender to 3dsmax or Maya. Other Autodesk products like autocat. Civil 3d. And Revit don’t have any solid Open source alternative.
I wish that was true
