tigerjack Posted January 2, 2016 Share Posted January 2, 2016 I use windows 7 and kis 2013. Sometimes it happens that the keygen and crack are considered virus by Kaspersky (eg Filmora's kg). I consider Kis one of the best anti-virus and I generally trust it, even if there is the possibility of false positives. But here is the question: is it a virus or a false positive ? How did uploaders test programs and their meds ? Do you think that Virustotal could be a solution? But how to interpret the results ? Some of you will say that it is a question that perhaps can not have a definite answer. Others will say to regularly buy the program. I'm interested in your opinion. Thank you in advance Link to comment Share on other sites More sharing options...
Pequi Posted January 2, 2016 Share Posted January 2, 2016 I run a virtual Windows OS (XP) inside Linux, so I can test the keygen while monitoring any changes, then roll back to the previous image. Some malware can detect the virtual environment and will not do the nasty stuff, so this is not 100% foolproof, but good enough. Hypothetical, of course. I buy all my software ... specially the stuff I use just once, don't like, and delete. As to Virustotal, if any AV identifies it as a "keygen", it's probably OK. Some AVs are hopeless, for example, if they find the string "CORE" they will flag it as a dangerous backdoor. Link to comment Share on other sites More sharing options...
jbleck Posted January 2, 2016 Share Posted January 2, 2016 the meds are used by the patients... u need to trust your doctor and ignore the priest. don't use meds from untrusted sources... there are false positives and there are the real nasty buggers out there. Link to comment Share on other sites More sharing options...
Holmes Posted January 3, 2016 Share Posted January 3, 2016 The independent anti-virus testing site virus bulletin considers ESET and kaspersky the best your good to go with kaspersky. If you have your settings set right (dont havekaspersky scan for PUPs or PUA's (Potentially unwanted programs or potentially unwanted applications) make sure kaspersky program components are completely updated and then make sure virus definitions are completely updated then run a on demand scan. You can check to see if there digitally signed to using process explorer make sure the file hash is correct then if all of that is ok Im sure its a false positive. Link to comment Share on other sites More sharing options...
straycat19 Posted January 3, 2016 Share Posted January 3, 2016 Most good AV programs will detect a crack or keygen as something bad. Some use the name, such as keygen.exe or kg.exe, while others detect the keymakers name FFF, SND, Laxity, etc. They also check for packers that most keygen developers use to pack their keygens. NEVER turn off any portion of your AV program because that leaves you vulnerable. How do you know the Keygen/Crack is good/valid and not harmful? First you only get it from someone you know, has a good reputation, and tests their keygens/cracks before sharing them. Secondly, some of the keygen developers include a verification program with their keygens. Thirdly, all original keygens/cracks are packaged by the release group with an nfo and other information. Any crack or keygen that doesn't include the release data should be discarded. Setup a Virtual Machine to install the software and crack/keygen on and use Install Spy, Sys Tracer, or What Changed to find out what was installed, where it was installed, and what registry changes were made. By checking this data you can pretty well tell what the keygen/crack did when it was run. I actually use a VM to run and test software before I buy it and only install it on my production system once I have a purchased version. I keep a clean backup copy of my VM so I can replace the used VM from the copy and it is ready to test another program on. An ounce of prevention is worth a pound of cure and gives me more time to sit back and relax with my best friend. You may have heard of him, his name is Jack Daniels. Link to comment Share on other sites More sharing options...
dac Posted January 3, 2016 Share Posted January 3, 2016 Any keygen with its name ending with .exe is almost always a virus. Link to comment Share on other sites More sharing options...
tigerjack Posted January 3, 2016 Author Share Posted January 3, 2016 @Pequi ...I run a virtual Windows OS....Some malware can detect the virtual environment and will not do the nasty stuff, so this is not 100% foolproof, but good enough. But not everyone knows how to use a virtual machine and you do not have 100% security @jbleck ...the meds are used by the patients... u need to trust your doctor...don't use meds from untrusted sources I want to trust my doctor and I would like all nsane uploaders shared meds from trusted sources, but I think it is not always so @straycat19 Ok for all, but wouldn't it be easier to have programs already tested by the experts of this site? or otherwise report less safe kg. Although it is true the rule "use a program at your own risk" at least we could minimize the risk. (sorry for my english) and thx Link to comment Share on other sites More sharing options...
AlienForce1 Posted January 3, 2016 Share Posted January 3, 2016 9 hours ago, dac said: Any keygen with its name ending with .exe is almost always a virus. That`s for sure one of the dumbest opinions I have heard lately ... Link to comment Share on other sites More sharing options...
jayesh30202 Posted January 3, 2016 Share Posted January 3, 2016 5 hours ago, dac said: Any keygen with its name ending with .exe is almost always a virus. my friend i guess you never used a keygen before or else you wont have made this comment Link to comment Share on other sites More sharing options...
jbleck Posted January 3, 2016 Share Posted January 3, 2016 9 minutes ago, jayesh30202 said: my friend i guess you never used a keygen before or else you wont have made this comment for sure he tried and got burned... he's here now though... it's probably the first safe spot he landed in a while... @dac read and learn before making statements... u seem to have a lot to catch up... rest my friend, u're safe here Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted January 4, 2016 Administrator Share Posted January 4, 2016 Thread moved to Security and Privacy Center. To directly answer your question, in addition to all the good answers given above. If an AV detects a fix and mentions something like Generic or Generic variant or Trojan Generic, or even things like AutoIt or something like crypto or something like that, it's most likely that it's fp. However, if it names it something else, like worm like Conficker.Worm, or virus or specifies a trojan like ZeroAccess.Trojan, then it's most likely a correct catch and needs to be taken care of. Link to comment Share on other sites More sharing options...
tigerjack Posted January 4, 2016 Author Share Posted January 4, 2016 From the replies I had, I can deduce that: 1 - it's impossible to have a 100% safe crack 2 - or you are an expert (and know how to defend yourself) or you have to trust the uploader 3 - and you have to trust the most quoted uploaders 4 - I do not think you even refer to a security filter by the of the site operators (if not a denial would be welcome) I love nsaneforums and I can not do without you .It's well organized and updated and makes you especially honored to accept comments (even critical), and respond to all. Then thank you and all those who participate. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.