Jump to content

Dispute over viruses.


Recommended Posts

I need your help to settle part of a dispute. There is a lot more into this, family stuff, I wont bore you with the details. There is one point I am trying to make in particular. I believe those of you experienced in computer security will readily back up my points.

I help my family (mom, brother, and sometimes sisters) with their computers. My sister likes to go to my mom's house and install things on my mom's computer for her to use. One thing in particular I didn't pay attention to for a while, but I am putting my foot down now.

There are games my sister has downloaded (I believe from p2p file sharing software like Shareaza). Since I am responsible for the security of my mom's computer I have begun recently (yes should have done this a long time ago) to put my foot down and say "no more."

Software obtained from torrenting, p2p, and pirate websites are well known to often (VERY often) contain viruses, and these files are no exception. I have scanned these crack files on www.virustotal.com which scans the files with about 40 something virus scans, and i have repeatedly come up with many positive results for malware on these files. I don't remember exactly what results, but it was plain that they were infected.

However, my sisters refuse to listen to me, constantly claiming I am just "paranoid." Yes even in the face of my claims of finding malware with virustotal. One of my sisters says she has scanned the file in the past with 2 different virus scans which found nothing, and so therefore there is no malware infection. Regardless of how I point out my findings, and explain to them the nature of virus scans not finding everything, they refuse to listen. This virus subject has come up a couple of times so far, but they have not yet brought the files to me to demonstrate.

I believe I'll have to wait until the games are reinstalled on my mom's system again before I can just send them to virustotal right in front of my mom in order to demonstrate... two virus scans do not a clean file make. 43 virus scans with no result do not a clean file make, but these files get quite a few positive results on the virustotal website. I fully realize there is a such thing as false positives, but when it comes to various game crack file downloaded from p2p (roughly speaking, about 15 game cracks total for about 15 games), all or most of them coming up with positive results... well you get the point. Warez is notorious for malware. I wouldn't let those files run on my computer. Would you?

As for my "credentials," I am self trained. I have admittedly done extensive reading on the subject, and have currently switched to studying BSD security for enterprise networks. I am very good at spotting the effects of malware on a system. I have managed openbsd and freebsd firewalls and webservers, command line linux webservers, all running apache with mysql, I've built and managed several websites. I am familiar with snort IDS, and other intrusion detection systems, I understand quite well how virus scans work. I know Windows operating systems for the most part, inside out. I am proficient in the Linux and BSD operating systems. I've worked a year or so in Microsoft tech support (often removing viruses,) and have done on and off tech support part time for various people over a period of roughly 8 years. Usually friends refer me to people who need help. No official credentials, but I am good at what I do.

They still refuse to listen to me. Anyone care to respond to them? It would be nice to hear the opinions from some credible professionals I can refer them to. Thanks. I'm just trying to do the right thing and keep the family's computers clean.

Edited by tech98001
Link to comment
Share on other sites


Not what you want to hear but I'm sure most will disagree...

I've always scan dodgy stuff with Virustotal and sometimes they show a 75% infection rate but they are clean. I test them with Sandboxie and they exhibit no malware type behavior.

Link to comment
Share on other sites

It would be nice to hear the opinions from some credible professionals I can refer them to. Thanks. I'm just trying to do the right thing and keep the family's computers clean.

Would you accept the opinion of a (hopefully) credible amateur? :unsure:

VirusTotal is a tool, like an antivirus or ANY other tool.

It's how you use it that makes the difference.

If a single (or two) antivirus programs do not detect Anything on a given file it DOES NOT mean that it is clean.

If VirusTotal has something like 4/43 AND the 4 out of the 43 are such well reputed - ahem - antivirus programs such as (example :ph34r:):

  • Kingsoft
  • Norman
  • Panda
  • McAfee

http://www.av-comparatives.org/comparativesreviews/false-alarm-tests

(mind you the listed above are the WORST possible AV solution when it comes to false positives, but the may have other features superior to other compatitors)

it DOES NOT mean that the file is infected. (actually it means that it is highly probable that the file is NOT infected)

All such tools can give you very easily "false positives" and "false negatives".

It is only up to you (or whoever is actually "in charge" of the security of a set of PC's) to believe one or the other report and take - or fail to take - further initiatives in order to ascertain the reliability of the specific "warning" or of the complete lack of such a "warning".

Expecially when we are talking about heuristic detection, results are very often "a suffusion of yellow":

http://en.wikipedia.org/wiki/Metaheuristic

And detection of a given malware may be different based on the "kind" of such malware, example:

http://research.zscaler.com/2010/09/best-and-worst-antivirus-against-fake.html

jaclaz

Link to comment
Share on other sites

I'm no security professional either, but I err on the side of (my own) common sense. I don't share my computer with anybody, and I don't allow others to use mine without supervision. Ever.

A shared family computer must be treated as the personal property of the least responsible or highest risk unsupervised user, regardless of actual ownership. You should try to convince your mother to not allow your sister to use that PC if you don't want to deal with your sister's lax security practices—easier said than done, I know. The most justifiable reasoning I can give is that a user is only as trustworthy as the software they use. If that software comes from a questionable source, then the user of that software must also be considered questionable. Ignorance is no excuse, and should be considered dangerous in itself.

Link to comment
Share on other sites

im not sure i made myself clear, this is not a shared computer, these games are for my mom, it is on her computer, my sister does not live with my mom. In the end the decision is up to my mom, what this forum post is about is more to the effect that it is inherently unwise to download game crack files (1 strike) from p2p software (2 strikes) that get plenty of positive malware results on virustotal (3 strikes). This post is about what the right choice would be, what would you do on your own computer if presented with this issue? Why? It is especially for those who have a good depth of understanding of the issue. I agree I would NEVER allow these files to run on my own computer.

Edited by tech98001
Link to comment
Share on other sites

im not sure i made myself clear, this is not a shared computer, these games are for my mom, it is on her computer, my sister does not live with my mom. In the end the decision is up to my mom, what this forum post is about is more to the effect that it is inherently unwise to download game crack files (1 strike) from p2p software (2 strikes) that get plenty of positive malware results on virustotal (3 strikes). This post is about what the right choice would be, what would you do on your own computer if presented with this issue? Why? It is especially for those who have a good depth of understanding of the issue. I agree I would NEVER allow these files to run on my own computer.

Well, NO, you want us to say that technically your choice is wise and your sister's is not. :realmad:

But this is not the case. :(

3/43 (without knowing WHICH AV marks them on VirusTotal) is NOWHERE near being a sign that those files actually contain a Virus of ANY kind.

All it means is that checking throroughly those files would be wise, but in actual practice, and depending greatly on the specific files and on the specific AV's that detect them, probabilities are much greater that they are false positives then that they actually contain a virus or malware.

The files may be affected by a Virus, but you need to actually PROVE this by ANALYZING them, your "specific" argument about VirusTotal and 3/43 - as is - is moot. :(

The "general" problem is elsewhere.

Your sister, and consequently your mom, are doing an illegal activity :ph34r: - no matter if limited to a handful of pirated games.

What you should really do is instead of trying to prove on semi-statistical basis (with no grounds in this particular case) that using WAREZ is wrong because they contain virus, convince them that using WAREZ is wrong from a moral and legal standpoint and should not be used.

Go out, work some more, get a few extra bucks, BUY the games your mom likes to play, give them ORIGINAL to her as a present. :)

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

im not sure i made myself clear, this is not a shared computer, these games are for my mom, it is on her computer, my sister does not live with my mom. In the end the decision is up to my mom, what this forum post is about is more to the effect that it is inherently unwise to download game crack files (1 strike) from p2p software (2 strikes) that get plenty of positive malware results on virustotal (3 strikes). This post is about what the right choice would be, what would you do on your own computer if presented with this issue? Why? It is especially for those who have a good depth of understanding of the issue. I agree I would NEVER allow these files to run on my own computer.

Well, NO, you want us to say that technically your choice is wise and your sister's is not. :realmad:

But this is not the case. :(

3/43 (without knowing WHICH AV marks them on VirusTotal) is NOWHERE near being a sign that those files actually contain a Virus of ANY kind.

All it means is that checking throroughly those files would be wise, but in actual practice, and depending greatly on the specific files and on the specific AV's that detect them, probabilities are much greater that they are false positives then that they actually contain a virus or malware.

The files may be affected by a Virus, but you need to actually PROVE this by ANALYZING them, your "specific" argument about VirusTotal and 3/43 - as is - is moot. :(

The "general" problem is elsewhere.

Your sister, and consequently your mom, are doing an illegal activity :ph34r: - no matter if limited to a handful of pirated games.

What you should really do is instead of trying to prove on semi-statistical basis (with no grounds in this particular case) that using WAREZ is wrong because they contain virus, convince them that using WAREZ is wrong from a moral and legal standpoint and should not be used.

Go out, work some more, get a few extra bucks, BUY the games your mom likes to play, give them ORIGINAL to her as a present. :)

jaclaz

my point about "3 strikes" is a baseball analogy. As I said, "many positive results." If i put up the files on virustotal.com i believe there were a lot more than 3 scanners coming up with results for legitimate malware, not cracks. Something a lot closer to 28/43, not 3/43. Whether the files are infected or not, well there is a such thing as false positives, but when they are testing positive for trojans or worms, not just the fake cracked software signatures, well it is enough reason to purchase the software legitimately or at least avoid using those files, (unless you want to spend your time studying each file individually to ensure there is no virus infection, which frankly, I do not.)

It is unfortunate that the question of morality will carry no bearing with my sisters, so i must unfortunately focus the technical/wisdom side. Thanks for the response though.

I also thought it plain my question is not strictly a technical question, but a more complex question involving issues of trust, time, and yes technical issues. I always install software from a trusted source. I do not bother with warez, for reasons of trust, time spent to ensure cleanliness of file (which only raises the likelihood of a clean file, doesn't guarantee,) and yes, first and foremost, morality. It is also a question of risk. Last but not necessarily least, the question of wisdom.

Is it wise to behave this way? No, in my opinion, it is very stupid. I will simply post the question to Steve Gibson of Security Now. http://twit.tv/sn He is a very well known and very highly regarded person in the computer security world. If he answers it on his podcast I will forward the answer to my sisters. I've listened to him for several years now, and I can tell you I already know what his answer will be: "LEAVE IT ALONE. It is a bad idea, an unnecessary risk." Basically exactly what my point is. Exactly the point they are taking issue with. And cmon, manually examining the file is a huge waste of time. I fear I've wasted enough time already on this post.

Seriously though. How many of you would install a game crack obtained through p2p coming up with many positive results for malware? Wouldn't you at least TRY to find a clean crack from a slightly more reputable source to use first? Why not just purchase the game and avoid the question altogether? Why would you engage in such risky and foolish behavior? Do you really have the time it takes to ensure the safety of your computer, using files such as this? I do not. I wish to spend my time on other more worthwhile things. I may end up buying her the games in question. Right now I have other priorities for my money.

Edited by tech98001
Link to comment
Share on other sites

my point about "3 strikes" is a baseball analogy. I never said anything about how many results. If i put up the files on virustotal.com i believe there were a lot more than 3 scanners coming up with results for legitimate malware, not cracks. Whether the files are infected or not, well there is a such thing as false positives, but when they are testing positive for trojans or worms, not just the fake cracked software signatures, well it is enough reason to purchase the software legitimately or at least avoid using those files, (unless you want to spend your time studying each file individually to ensure there is no virus infection, which frankly, I do not.)

Again, you are asking on a technical board for technical advice.

Technical advice cannot be given if not "technically". :whistle:

Post the actual files to VirusTotal and post here the links to the results.

With them, you can have a guess (probably educated ;), but still a guess) of the actual probabilities those files are "false" or "true" positive.

In any case, if you want to prove your point, you need to "spend your time" analyzing the specific files.

Unlike in democracy, "votes" don't count much in the technical field, something is usually either True or False, binary 0/1, On/Off, even if from now on 3,000 members will post saying that those files are dangerous, their would be an undocumented opinion, as well the one if another 3,000 ones wil post saying that those files are perfectly safe.

JFYI:

http://www.msfn.org/board/index.php?showtopic=141734

We do know that the mentioned file is "safe", and it has been proved to be safe by several AV vendors, but after a currently 8 months long "struggle", we are still at 13/43:

http://www.virustotal.com/file-scan/report.html?id=aa68d27eeff208672bd0494a37ddf6f662135a965bb3387378cf43d605e54671-1288757982

I presume that WAREZ releasers do not care that much to convince the AV firms that their released soft is clean, even if - strangely - it is. ;)

It is unfortunate that the question of morality will carry no bearing with my sisters, so i must unfortunately focus the technical/wisdom side.

Are you saying publicly that you have an immoral sister? :w00t:

In normal family relationships this usually turns out to be REALLY dangerous...:ph34r:

:lol:

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

It is unfortunate that the question of morality will carry no bearing with my sisters, so i must unfortunately focus the technical/wisdom side. Thanks for the response though.

I also thought it plain my question is not strictly a technical question, but a more complex question involving issues of trust, time, and yes technical issues.

It should not be necessary for others to back you if your reasoning is sound. If you're looking for "yes men" then this forum may not be the best place to search.

I will simply post the question to Steve Gibson of Security Now. http://twit.tv/sn He is a very well known and very highly regarded person in the computer security world.

Perhaps not that highly regarded. It depends on whom you ask.

I fear I've wasted enough time already on this post.

You should probably stop editing that post and start a new one before you invalidate the responses it has generated already. ;)

Edited by 5eraph
Link to comment
Share on other sites

I agree, for your average Joe it is unwise. If it was my computer? I would run the items sandboxed or in a virtual machine.

my point exactly, they are the average joe types, and I refuse to spend large amounts of my time making sure a crack made by l33t_hack3r_dud3 somewhere in p2p land is safe, which in the end is very close to impossible to ensure anyways. (at this point you can only say whether it is somewhat likely to be safe, far better to err on the side of safety.) Better to leave well enough alone and practice safer computing by using trusted software.

Edited by tech98001
Link to comment
Share on other sites

Is it wise to behave this way? No, in my opinion, it is very stupid. I will simply post the question to Steve Gibson of Security Now.

Which confirms that you are not looking for a plain technical examination of a problem, but rather for someone to confirm your opinion.

What do you expect by a guy that (right or wrong :unsure:) made a career overhyping security flaws?

Personally, I prefer reading of nanoprobes:

http://web.archive.org/web/20060215171504/blog.netwarriors.org/articles/2003/11/11/shieldsup-analyzed

here ;):

http://www.startrek.com/database_article/nanoprobes

But hey, the motto is really cool:

http://www.grc.com/np/np.htm

This is our NanoProbe Technology.

It's cool. It's running. It works.

Wouldn't you at least TRY to find a clean crack from a slightly more reputable source to use first?

NO, personally i would WRITE the crack. ;)

I would be curious about which could be a "slightly more reputable source" for a crack. :w00t:

Have you got a list of reputable game crackers?

Why not just purchase the game and avoid the question altogether?

Exactly. :)

Why would you engage in such risky and foolish behavior? Do you really have the time it takes to ensure the safety of your computer, using files such as this? I do not. I wish to spend my time on other more worthwhile things. I may end up buying her the games in question. Right now I have other priorities for my money.

You do sound a bit "lazy" and "tight-handed".

Comeon, it's your mom :), she deserves the best, even if you have to fork from a few bucks to buy her a few ORIGINAL games. :angel

jaclaz

Link to comment
Share on other sites

While p2p pirated stuff can have virus in it

But hey everything any more could

The thing that gets detected with the cracks is either The legit packer or code that it uses.

That just happens to be soo widely used

That hey most common troj virus out there use it

so av engines detect it cause its just easier to track the virus that way

Link to comment
Share on other sites

  • 5 months later...

Forgive me if this is less than 'technical' response. I think you have your technical answers already. I use a virtual machine for customer supplied suspect files. not been burned yet.

My initial thought response to reading the thread was "Sod the safety aspect, it's illegal, it's theft. Steal her stuff (some things that are noticeable) from around the house and ask what the fundamental difference in behavior is before handing it back." Would it be ok to steal these games off a store shelf?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...