>People complain about getting virus alerts from game hacks

for the same reasons people around here believe that multi-billion dollar corporations are out to get them personally and need to go through hoops to hide the mundane stuff they do on their computers

>>59559599
>mundane stuff they do on their computers
what a waste of nice didgets

>>59559599
>nurthin to herd nurthin to fear
literally the "if god is real why are our eyes not real" of internet arguments

Do people believe these are actually false positives?

>>59559599
>Wikileaks isn't real

File: not this shit again.gif (210KB, 400x225px) Image search: [Google]

210KB, 400x225px

>>59559599
>targeted advertising is fake

File: -7rNO-LK.jpg (42KB, 473x472px) Image search: [Google]

42KB, 473x472px

>>59560096
idgaf as long as i can play muh games, so far nothing bad has happened in 15 years

>>59561233
poor, put upon Kyon

>>59560096
Not all of them are, but the vast majority are. Antivirus companies, being in the business of selling licenses to non-free software, are of the belief that cracks, keygens, etc are something that they should try to remove from your computer even if they aren't a threat to you, the user, because they're a threat to their business model.

If this sounds shady and underhanded, that's because it is.

>>59561373
Don't they detect it due to signatures and modifications?

>>59559564
Because 99.9% of the time they are false positives. Do you have any idea what a virus is?
>>59559599
Naive retard

>>59561568
I'm just curious.

I see a lot of posts about game hacks and other cracked games on GGn and all the comments say "false positive, disable your AV ;)"

I'm trying to learn more about security and I'm not sure if that's true or not.

It's a false positive you idiot they've been releasing games for years (CODEX, SKIDROW) just don't be a retarded nigger and always download from trusted groups .. how are you on GGn if youre this fucking new to torrenting games? Dickhead

>>59559564
because not everyone's native language is English?

>>59561774
and god bless them for that

>>59561724
aren't most game hacks viruses?

>>59559599
/g/ completely BTFO

>>59562455
Most aren't, since the piracy community is heavily reputation driven, and it'd damage your good name to distribute malware. That's not to say it never happens though. You still ought to be careful.

Microsoft, AV companies, and other sellers of proprietary software, however, are very eager to make you believe that all the things are malware that doesn't even work, so don't even try getting our overpriced crap for free, goyim.

>>59561373
They are detected since the techniques they use edits RAM etc, malware techniques encompass ram editing as well. Since both do the same, false positives exist.

>>59559564
I do everything from my neon GNU/Linux partition, and play games only on my Windows 10 partition.

Hence IDGAF if game cracks are loaded with spyware.

>>59562544
Some do use that technique, but that doesn't explain why they detect keygens as malware, since a keygen is just a little self-contained program that takes some inputs, does some calculations on them, and produces an output (a registration code). Maybe it spits that out in a particular file format. There's no way that's suspicious behavior. The only reason keygens would ever be detected is because the AV companies specifically look for them and want to stop you from pirating things.

File: 2017-03-24 19_49_37-Antivirus scan for 0b16b96946d1629db612e80373c202bd68a15a84d844c85286ccd9b8cff2d.png (46KB, 945x921px) Image search: [Google]

46KB, 945x921px

>>59562638
>>59562541

So let's say if something like this that CS:GO hackers use, would this be a false positive?

The system keeps saying this is spam for some reason.

>pirate nonfree binaries that have been tampered in undocumented ways.
>botnets are still a huge problem
>people can't connect the two

lmao, enjoy your virus cucks.

>>59559564
Yeah I learned my lesson with "false positives" when I pirated Alpha Protocal a few years ago and a few days later I noticed that if I let my PC idle the gpu fans would start spinning up only to resume to normal as soon as I hit desktop again. There was a fake rundll32.exe process running that was actually a bitcoin miner.

>>59561611
It's true. They're usually false positives. You will know pretty quickly when you download something dodgy and it fucks with your system

>>59563262
You mean game hacks? Probably legit unless you paid for it. You will most definitely get vacd

>>59563262
Do you even know what a fucking injector does?

>>59559564
Keygens do cause false positives retard

>Be OP
>Type in comments: "uhhh i think Norton knows better than u thx. i deleted the virus :)"
>Proceed to suck a few cocks
>Post dumb shit on /g/

Anything I left out, tard?

>>59563595
True.

>>59563628
I'm sure. I ended up quitting CSGO due to the amount of hackers.

>>59563635
I know it injects code into something, probably why it sets things off.

>>59563791
Nah you hit the nail on the head m8.

>>59562638
Cheat engine used to tick off on a lot of AVs since it had the same heuristics pattern with most malware that operated in RAM. Operating and editing memory streams of other programs isn't something you would do normally.

Altough I do not doubt the fact that Anti-Malware developers also tag keygens off as viruses, it is also that a lot of them behave like viruses. Still your point still stands, as AV producers do a whole lot of Bullshit

>>59564695
This is actually been a good explanation.

So a quick question, how do you monitor these things?

Does procmon show everything the hack is affecting?

>>59559599
>out to get them personall
Not out to get you. Out to sell your web activity to the highest bidder. Then you can be type cast and who knows what else. 'Anything you search for can and will be used against you' is more likely the case.

>>59561611
The way many cracks work are also the way viruses tend to work.

The programs see these and think something nefarious is going on, which it is, just not something you care about.

the only way to not have false positives would be fore the AV to acknowledge its user base may steal shit, and look into what they find to know if its a real crack or not, at which point they could be culpable in aiding and abetting theft.

i will try to help this thread out.

AVs are junk and a far stretch from being secure. some are sig-based, some are heuristics, some use behavioral analysis, or blend it all up like a smoothie. fireeye and some others flaunt their engine or w/e but nothing beats a trained eye.

these cracked games usually have some sort of bypass or priv escalation built into them using APIs / dlls, cause the game devs code in a way to prevent the crackers - old schoolmethod of a key.

malware does the same thing since they are usually trying to escape or escalate privs - except with the intent to gain persistence and accomplish w/e the motive is.

sometimes they both utilize simiilar techniquest o accomplish this, via certain APIs, DLLs, and memory techniques.

only way to be 100% certain is to do regshot captures, pcaps, and utilize sysinternal tools in dynamic analysis for cracked games. probs the quickest and dirtiest way to get an dea if the cracked game is bad.

see roodypoo dns requests and funky get requests and postbacks? u just got pwned.

File: alex jones zarcie.png (810KB, 727x717px) Image search: [Google]

810KB, 727x717px

>>59559564
all cracks should be opensource, but becouse win babes don't care about security, they will likely get hacked or cucked by steam (that inrecepts dns querys and do other kernel shit -for anticheat)

>virus alerts but never any actual viruses

>>59559564
I like how mse just straight up says its a crack or keygen in description

>>59559564

Getting malware and root kits is so rare you litterally have to be fucking retarded to install it and leave active monitoring off, most AVs have rootkit scanners.

>>59565598
If you mean how the AV monitors changes in memory stream, then it is by hooking into the stream itself then watching for changes in RAM allocation that isn't declared when a program requests it.

Procmon shows this I think, however it requires knowledge of what is effecting what.

What you do is select the process you think is being modified, then view the path and address, as injection cheats, keygens temporarily change the dll path so that their own is executed. It is fairly easy to see, however actually reading the change requires a debugger.

>>59570012
Is there any book out there that goes into this in more depth?

>>59559564
I have AIDS. Once I told a bitch it was just a false positive. She believed.

>>59572940
I hope you get sued asshole.

>>59571001
Malware analysis essentials by Victor Marak is one. However I really recommend or the Antivirus hacker handbook. These two books are great, however the AV book requires some knowledge of reverse engineering of heuristics applications.



A lot of these things are pretty technical, so it is a lot of reading

>Use a trusted site with comments system
>Don't be the first to download a crack
>Wait until plenty of seeds
>Then wait for the comments

File: Nervous-Student2.jpg (114KB, 425x282px) Image search: [Google]

114KB, 425x282px

>Want to play Heavy Metal Fakk 2
>only two sources I could find online
>one is a torrent that is missing the correct font installer so game crashes to desktop
>other download works fine but Windows says it's a Trojan

>>59559564
because usually AV even tells himself what he found was "Hacktool:win32/somegame!". Its pretty obvious that something like that is just some game crack.

>>59559564
Game cracks are the perfect way of distributing malware since gamers will always claim everything is a false positive.

Fucking retards, I hope you enjoy belonging to my botnet