Ok, I need some insight before I go back into Torrenting. I need a piece of software from a less than reputable company (Wondershare). Now I know Keygens can be run through Sandboxie or a VM to get the key but how do Patches and Cracks work?
One of TorrentGalaxy’s most trusted uploaders & software patchers keeps the software updated and uploaded & includes in the download listing the www.virustotal.com report for the installation files which shows a clean listing; however the Patch shows a listing for multiple AV/Malware software which shows the Patch being a virus. So, how do I use the software if the Patch is “infected”. Am I missing something? Thanks!
You’ve got a few questions here, so let me break it down…
What is a crack?
A crack is simply a way of defeating DRM. In the old days, games would often require the game disc to be inserted before they would boot. It was a very easy way of preventing people from simply sharing the files. Because even though the game was installed and didn’t need the disc, the game would simply refuse to launch without the CD in the tray. It was a sort of physical DRM, because disc burners weren’t super common yet so copying a game disc wasn’t super easy.
So the crack simply edited the part of the game that checked for a CD. Sometimes it was as simple as removing the few lines of code that told the game to check for a CD. Sometimes it was simply a matter of telling the game that the disc was always inserted. But that’s just an early example of a crack; It was modifying a game file (or files) in some way, to make them boot even when DRM would normally prevent it.
Modern cracks are much more complicated, but the end goal is the same. Crackers are simply trying to defeat the DRM, so the program will boot. It usually modifies a few files, to get the program to boot when it normally wouldn’t. The cracks are usually fairly small in size, because the actual program .exe and a few .dll files are usually all that gets changed. So patching the program is usually as easy as moving the cracked files into the respective folder, and overwriting the legitimate files.
Why does a crack show up as a virus?
Lots of modern cracks need to do some pretty fucky things to defeat modern DRM. It often requires intercepting network traffic that the launcher would use to “phone home” to a company server. For instance, maybe the launcher checks in with a company server to verify that your program is legit. If the server responds that it is, then the program boots. So the crack would potentially need to intercept that network traffic, then spoof a response from the server. But you know what else does something like that? A virus, attempting to hide itself.
And modern antivirus softwares don’t rely on “hard” virus definitions to identify viruses. The traditional way of scanning for viruses was to just keep a massive database of known threats, then compare files against that. But that’s slow and new threats constantly need to be added in order to keep your virus scans accurate. And if a hacker is able to change their virus slightly, you’ll need to add a whole new item to the database just to target the change.
So instead, they use something called heuristics, which basically means they look at how a program operates, then guess whether or not it’s actually a virus. It uses common virus behaviors and pattern recognition to try to identify a virus. This increases the chances of a false positive, but means scans are much quicker and will catch new threats in the wild even when they haven’t been officially documented yet. But since different companies use different virus definitions for their heuristics, different antivirus programs will give false positives to different cracks.
If it’s only a few flags on VirusTotal, you’re likely going to be fine. It’s most likely a false positive from those antivirus programs.