I understand that sharing video, photos, documents etc. is relatively safe because the data is not executed in the processor as instructions. How come people are willing to download and install pirated software though? How can one be confident that it does not contain malicious addons? Are people just don’t know the risks? Or are there protection mechanisms that I am missing? I mean since the software is usually cracked there is not much use in comparing checksums with the originals, is it?
This is one of the single most important pieces of advice. Unless you have access to topsites, then this is about as close to the source as you are going to get, except for FitGirl repacks that can be DDLd from her site.
I have a two PC setup, I treat the windows one with the pirated software as always potentially infected so the potential damage is limited. It’s probably not infected though, I do take the most basic precautions and haven’t had issues with malware for many years.
And have something worth loosing on gheir PC. Many professional software users using cracks may worry of losing their work files which could be easily backed up.
As long as they dont have their financials or personal information thats worth stealing, the cost saving of the pirated software is worth infection, which at max needs a fresh install.
any accounts are worth stealing, especially stuff like Google/iCloud, Discord, (Reddit and Instagram accounts are pretty expensive too if you have them for some reason), and game accounts.
Most people access their email account from their pc (with the password stored unencrypted locally in the email client or the browser).
The email account is tied to all of their accounts.
You’re thinking too technical about this. This is a money thing. Personally speaking pirated software/games were chicken soup for my poverty ridden childhood.
Worth noting that paying for a license for software doesn’t stop it being spying malware either. In fact the pirate versions often take out the spying and the reporting-to-homebase that proprietary software does.
The photoshop that phones home to check a license is arguably more malicious than the pirate version that has been cracked so it doesn’t do that.
It’s partly an honor system but also, anyone distributing malicious cracks are quickly called out whether its on public tracker comments like PirateBay or removed from private trackers.
Distributors of GOOD and CLEAN cracks often earn good rep in the community too, like Monkrus which I’ve had no issue with before.
Also, in my experience, installing a malware-packaged adobe app isn’t actually all that bad if you run a malware scan immediately afterwards. With the scale and breadth of software piracy there isn’t much money in making advanced malwares beyond bundling an existing one into an installer. I don’t recommend it, but it’s still easier and cheaper than paying Adobe!
TLDR the community polices itself pretty well considering.
Also, I would consider some legitimate licenced software more of a malware than a cracked one. If your software forces always-online license, comes with annoying startup processes, nagging ad screens, etc, it’s malware. And if there’s a cracked version without those things, I’ll take the cracked version any day.
I agree with the sentiment, but coin miners and ransomware are of course a lot more obtrusive to the average user’s experience than the malware you’d associate with most proprietary licensed software. I can see why people are less willing to risk it.
I agree with what you said, but how do I make sure that the cracked software is not further altered by other people and uploaded. Do you just select the torrent with the most peers? Is that enough? When using one-click-hosters it is even harder…
It’s hard! A lot of it is, like I said, reputation. Sources of safe pirated and cracked software are maintained mainly through word-of-mouth - The crappier and dodgy sources will always invest into SEO to get to the top of the results, and are more likely to avoid legal trouble as companies appreciate that malware-infested installers actually help discourage new pirates.
Also, there’s generally little incentive to go beyond the basic modifications. Most online scams, even outside malware, cast the net as wide as possible and even go out of their way to avoid complexity. They get the most money out of scamming new and uneducated users who pay up quickly. The same logic means they want advanced users to know it’s a scam to avoid wasting time on targets who won’t bother paying anyway.
I bet there are exceptions to this rule, but since scamming and malware are such low-profit ventures there’s a lot of incentive on quantity over quality.
No. It isn’t about the torrent with most peers. It is about the source and the uploader. As someone has already mentioned it, it is about the Reputation!
Sorry, I am not very familiar with torrents. How can I verify that a torrent comes from a certain person? Everyone can make modified copies of the original data and uploadtorrentss that look alike. How can I avoid those?
Yep. The approach that Denuvo utilizes has been discussed forever, but games didn’t really have the extra CPU cycles to run around and validate the integrity of each and every function. Most games are balls to the wall and using every CPU cycle it can. Point is, games that require heavy performance suffer under Denuvo unless your system is bleeding edge. This means the vast majority of their customer base suffer. There are all sorts of ways to prevent piracy for games… but most companies can’t utilize these approaches due to the very nature of disorganized game development.
Maya is probably the best program to have known before Blender. Blender was definitely geared from day one to be switched to from Maya, 3dsMax and Lightwave (back in the day).
In other news, Autodesk is constantly accusing the company I work for of stealing licenses even though we over purchase licenses. They can go to hell.
I installed trusted cracks from scene groups. Not everyone who can crack will be a scene group. To get into the scene you need to be well trusted. Scene groups would NOT damage their integrity to install something malicious through a crack
As another user said, check the files you have match the direct uploads from the scene with a site like predb.me
You can search online for more info on scene groups/warez/topsites
Meh, how is surgery a thing? You let people just open you up and dig around your insides?
it’s a mix of need and belief in a proper vetting process. For computers there’s the additional layer that any one machine is probably low stakes. In early internet days most software was prohibitively expensive but gave you the equivalent of super powers - as a teenager / young adult with ability to take that risk you’re not going to do it?
And where those are illegal or prohibitively expensive you have people either traveling to less regulated countries or even straight up illegal operations.
How come people are willing to download and install pirated software though?
You can just remove “priated” from that statement and come to the same conclusions. Considering the amount of bugs, backdoors and 0-day exploits distributed via official software I sometimes wonder why people execute proprietary, closed source programs at all.
An no, “reputable” companies mean nothing, just look at Microsoft clowning around with their signing keys.
Your assumption is wrong mail can contain executables. Picture can hold executable instructions and so do videos. For example videos and pictures in mail can contain virus. You are not safe just because you download movies and pictures
You are thinking it wrong about malware in pictures. They don’t act like an executable rather then injecting instructions to an executable program you are opening your picture in. In that case you don’t need the +x flag on your file. Think of it as a Trojan horse
I think it is very rare to find or even craft a video file that is able to allow for arbitrary code execution on an updated video player software like VLC. The same is true for photos or documents with the exception of office documents using macros.
Not at all. I work with development of various kinds and have my desk close to our senior it security specialist he says that we get daily that kind of stuff in our emails so I don’t see why they should exist less on pirated torrents
maybe you mean like exe files disguised as pngs?
actual malicious image files are extremely uncommon (and target specific image viewers of outdated versions, like imagine an archaic os like windows 7 or xp); libpng/libjpg that are used in most popular image viewers are open source and do not currently have any significant (discovered/publicly known) vulnerabilities
One of the techniques is called buffer overflow. Where you target a flaw in some software.
Computers are logic, they will do EXACTLY what you tell them. Imagine if an image viewer uses an dll to process jpg. That dll expects a very specific header. If this is not handled correctly and a malicious attacker crafts the header to be slightly larger and the larger part contains executable code. This code spills over in the adjacent memory area. The OS then reads this as code to run… and boom you are in.
This is oversimplified and proberly not explained correctly, but its something like that; and that kids, is why its important to update your OS and software.
Sometimes they find bugs like this, that have existed for many years before being discovered.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !piracy@lemmy.dbzer0.com
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Get software from reputable private trackers only
This is one of the single most important pieces of advice. Unless you have access to topsites, then this is about as close to the source as you are going to get, except for FitGirl repacks that can be DDLd from her site.
If I get malware, I can just go reinstall my OS. If I pay for software, I’m never getting that money back.
If you notice the malware…
I have a two PC setup, I treat the windows one with the pirated software as always potentially infected so the potential damage is limited. It’s probably not infected though, I do take the most basic precautions and haven’t had issues with malware for many years.
That’s smart, but requires extra work and hardware.
And have something worth loosing on gheir PC. Many professional software users using cracks may worry of losing their work files which could be easily backed up.
As long as they dont have their financials or personal information thats worth stealing, the cost saving of the pirated software is worth infection, which at max needs a fresh install.
any accounts are worth stealing, especially stuff like Google/iCloud, Discord, (Reddit and Instagram accounts are pretty expensive too if you have them for some reason), and game accounts.
Most people access their email account from their pc (with the password stored unencrypted locally in the email client or the browser).
The email account is tied to all of their accounts.
deleted by creator
More reason to have MFA?
losing**
You’re thinking too technical about this. This is a money thing. Personally speaking pirated software/games were chicken soup for my poverty ridden childhood.
I trust pirates more than billion or trillion dollar companies. Also, aggressive DRM such as iLok is worse than malware, so eh.
Fuck iLok. Shit made me regret buying plugins, should have stuck with piracy.
Worth noting that paying for a license for software doesn’t stop it being spying malware either. In fact the pirate versions often take out the spying and the reporting-to-homebase that proprietary software does.
The photoshop that phones home to check a license is arguably more malicious than the pirate version that has been cracked so it doesn’t do that.
Good and valid point. I use opensource software wherever I can.
Though paid software is not going to encrypt your data for ransom or use a keylogger to steal bitcoin (yet).
There was an antivirus that was caught running a bitcoin miner in the background tbf. If memory serves it was Norton?
atleast they admitted it, still don’t trust mcafee though…
It was opt-in, and I think to make your subscription cheaper. Then again, Norton sucks!
deleted by creator
Cool!
It’s partly an honor system but also, anyone distributing malicious cracks are quickly called out whether its on public tracker comments like PirateBay or removed from private trackers.
Distributors of GOOD and CLEAN cracks often earn good rep in the community too, like Monkrus which I’ve had no issue with before.
Also, in my experience, installing a malware-packaged adobe app isn’t actually all that bad if you run a malware scan immediately afterwards. With the scale and breadth of software piracy there isn’t much money in making advanced malwares beyond bundling an existing one into an installer. I don’t recommend it, but it’s still easier and cheaper than paying Adobe!
TLDR the community polices itself pretty well considering.
Also, I would consider some legitimate licenced software more of a malware than a cracked one. If your software forces always-online license, comes with annoying startup processes, nagging ad screens, etc, it’s malware. And if there’s a cracked version without those things, I’ll take the cracked version any day.
I agree with the sentiment, but coin miners and ransomware are of course a lot more obtrusive to the average user’s experience than the malware you’d associate with most proprietary licensed software. I can see why people are less willing to risk it.
I agree with what you said, but how do I make sure that the cracked software is not further altered by other people and uploaded. Do you just select the torrent with the most peers? Is that enough? When using one-click-hosters it is even harder…
It’s hard! A lot of it is, like I said, reputation. Sources of safe pirated and cracked software are maintained mainly through word-of-mouth - The crappier and dodgy sources will always invest into SEO to get to the top of the results, and are more likely to avoid legal trouble as companies appreciate that malware-infested installers actually help discourage new pirates.
Also, there’s generally little incentive to go beyond the basic modifications. Most online scams, even outside malware, cast the net as wide as possible and even go out of their way to avoid complexity. They get the most money out of scamming new and uneducated users who pay up quickly. The same logic means they want advanced users to know it’s a scam to avoid wasting time on targets who won’t bother paying anyway.
I bet there are exceptions to this rule, but since scamming and malware are such low-profit ventures there’s a lot of incentive on quantity over quality.
No. It isn’t about the torrent with most peers. It is about the source and the uploader. As someone has already mentioned it, it is about the Reputation!
Sorry, I am not very familiar with torrents. How can I verify that a torrent comes from a certain person? Everyone can make modified copies of the original data and uploadtorrentss that look alike. How can I avoid those?
Denuvo games performed worse than the cracked version, FYI.
Yep. The approach that Denuvo utilizes has been discussed forever, but games didn’t really have the extra CPU cycles to run around and validate the integrity of each and every function. Most games are balls to the wall and using every CPU cycle it can. Point is, games that require heavy performance suffer under Denuvo unless your system is bleeding edge. This means the vast majority of their customer base suffer. There are all sorts of ways to prevent piracy for games… but most companies can’t utilize these approaches due to the very nature of disorganized game development.
If i were to pay for an AutoCAD license , it would be over 200$ A MONTH
That’s why I’m learning Blender, I think I’ll be able to carry on without Maya.
Adobe isn’t pretty but Autodesk is a scourge
Blender is fully capable these days, have fun!
I Love blender. I am also learning it but more because it works on linux unlike AutoCAD
Maya is probably the best program to have known before Blender. Blender was definitely geared from day one to be switched to from Maya, 3dsMax and Lightwave (back in the day).
In other news, Autodesk is constantly accusing the company I work for of stealing licenses even though we over purchase licenses. They can go to hell.
What kind of cheap-ass, stripped down AutoDesk suite are you getting for $200/mo. Last I checked, the architectural suite was north of $4500/yr.
i swear
I just use paint
Technically you can do all the same things with paint and a LOT of patience.
I installed trusted cracks from scene groups. Not everyone who can crack will be a scene group. To get into the scene you need to be well trusted. Scene groups would NOT damage their integrity to install something malicious through a crack
As another user said, check the files you have match the direct uploads from the scene with a site like predb.me
You can search online for more info on scene groups/warez/topsites
Meh, how is surgery a thing? You let people just open you up and dig around your insides?
it’s a mix of need and belief in a proper vetting process. For computers there’s the additional layer that any one machine is probably low stakes. In early internet days most software was prohibitively expensive but gave you the equivalent of super powers - as a teenager / young adult with ability to take that risk you’re not going to do it?
Well, I prefer to go the hospital with licensed personnel and not to ask some guy on the internet to perform surgery…
And where those are illegal or prohibitively expensive you have people either traveling to less regulated countries or even straight up illegal operations.
Eg., black market transplants.
it is the same as any binary. you do not know what the author has baked it.
I feel safe, maybe I shouldnt, but my life wouldnt be this good if I didnt have access to everything I cracked lol
You can just remove “priated” from that statement and come to the same conclusions. Considering the amount of bugs, backdoors and 0-day exploits distributed via official software I sometimes wonder why people execute proprietary, closed source programs at all.
An no, “reputable” companies mean nothing, just look at Microsoft clowning around with their signing keys.
Your assumption is wrong mail can contain executables. Picture can hold executable instructions and so do videos. For example videos and pictures in mail can contain virus. You are not safe just because you download movies and pictures
Can you explain how can a picture holds a executable in it? Also you have to make the file executable to run it. Something like
chmod +x random.mp4You are thinking it wrong about malware in pictures. They don’t act like an executable rather then injecting instructions to an executable program you are opening your picture in. In that case you don’t need the +x flag on your file. Think of it as a Trojan horse
https://gizmodo.com/malware-images-virus-photos-pictures-how-block-antiviru-1849572516 If you are more interested
I think it is very rare to find or even craft a video file that is able to allow for arbitrary code execution on an updated video player software like VLC. The same is true for photos or documents with the exception of office documents using macros.
“Updated” is doing a lot of heavy lifting here. Lots of people don’t keep their software up to date.
But yeah, the likelihood of any of us randomly happening upon 0days in the wild is pretty low.
Not at all. I work with development of various kinds and have my desk close to our senior it security specialist he says that we get daily that kind of stuff in our emails so I don’t see why they should exist less on pirated torrents
maybe you mean like exe files disguised as pngs?
actual malicious image files are extremely uncommon (and target specific image viewers of outdated versions, like imagine an archaic os like windows 7 or xp); libpng/libjpg that are used in most popular image viewers are open source and do not currently have any significant (discovered/publicly known) vulnerabilities
One of the techniques is called buffer overflow. Where you target a flaw in some software. Computers are logic, they will do EXACTLY what you tell them. Imagine if an image viewer uses an dll to process jpg. That dll expects a very specific header. If this is not handled correctly and a malicious attacker crafts the header to be slightly larger and the larger part contains executable code. This code spills over in the adjacent memory area. The OS then reads this as code to run… and boom you are in.
This is oversimplified and proberly not explained correctly, but its something like that; and that kids, is why its important to update your OS and software.
Sometimes they find bugs like this, that have existed for many years before being discovered.