I understand that sharing video, photos, documents etc. is relatively safe because the data is not executed in the processor as instructions. How come people are willing to download and install pirated software though? How can one be confident that it does not contain malicious addons? Are people just don’t know the risks? Or are there protection mechanisms that I am missing? I mean since the software is usually cracked there is not much use in comparing checksums with the originals, is it?

  • MrPoopyButthole@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    We are seeing on our corporate network lots of browser hikackers that connect to c&c and are used in botnet DDOS as a service. Once you install x software it sets up a persistent service that keeps modding chrome.exe etc

    Firewalling the .exe that you installed does nothing to stop the calls to c&c

    • b1ab@lem.monster
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Fair point. Malware can tunnel through existing comms, thus firewalling the exe would do little to protect you.

      That’s why I recommended a multilayered defense and practicing good opsec.

      An exe that installs a service, modifies unrelated executables, and sends comms through an unrelated application would be a catastrophic failure in any good defense.

      If your system is this wide open then you’ll be likely to have all sorts of problems from non pirated software. Such as freeware that installs adware.

      I have tried to find these in the wild to no avail.

      • MrPoopyButthole@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Unfortunately the machines that get infected are not fully controlled by us but they get networking and internet from us (space rental in the building), so we isolate them as much as possible and we black hole all the bad traffic on the router level.

        Our machines all have EDR and strict security policies. Not much gets past that.