tech98001

my point exactly, they are the average joe types, and I refuse to spend large amounts of my time making sure a crack made by l33t_hack3r_dud3 somewhere in p2p land is safe, which in the end is very close to impossible to ensure anyways. (at this point you can only say whether it is somewhat likely to be safe, far better to err on the side of safety.) Better to leave well enough alone and practice safer computing by using trusted software.

Well, NO, you want us to say that technically your choice is wise and your sister's is not. But this is not the case. 3/43 (without knowing WHICH AV marks them on VirusTotal) is NOWHERE near being a sign that those files actually contain a Virus of ANY kind. All it means is that checking throroughly those files would be wise, but in actual practice, and depending greatly on the specific files and on the specific AV's that detect them, probabilities are much greater that they are false positives then that they actually contain a virus or malware. The files may be affected by a Virus, but you need to actually PROVE this by ANALYZING them, your "specific" argument about VirusTotal and 3/43 - as is - is moot. The "general" problem is elsewhere. Your sister, and consequently your mom, are doing an illegal activity - no matter if limited to a handful of pirated games. What you should really do is instead of trying to prove on semi-statistical basis (with no grounds in this particular case) that using WAREZ is wrong because they contain virus, convince them that using WAREZ is wrong from a moral and legal standpoint and should not be used. Go out, work some more, get a few extra bucks, BUY the games your mom likes to play, give them ORIGINAL to her as a present. jaclaz my point about "3 strikes" is a baseball analogy. As I said, "many positive results." If i put up the files on virustotal.com i believe there were a lot more than 3 scanners coming up with results for legitimate malware, not cracks. Something a lot closer to 28/43, not 3/43. Whether the files are infected or not, well there is a such thing as false positives, but when they are testing positive for trojans or worms, not just the fake cracked software signatures, well it is enough reason to purchase the software legitimately or at least avoid using those files, (unless you want to spend your time studying each file individually to ensure there is no virus infection, which frankly, I do not.) It is unfortunate that the question of morality will carry no bearing with my sisters, so i must unfortunately focus the technical/wisdom side. Thanks for the response though. I also thought it plain my question is not strictly a technical question, but a more complex question involving issues of trust, time, and yes technical issues. I always install software from a trusted source. I do not bother with warez, for reasons of trust, time spent to ensure cleanliness of file (which only raises the likelihood of a clean file, doesn't guarantee,) and yes, first and foremost, morality. It is also a question of risk. Last but not necessarily least, the question of wisdom. Is it wise to behave this way? No, in my opinion, it is very stupid. I will simply post the question to Steve Gibson of Security Now. http://twit.tv/sn He is a very well known and very highly regarded person in the computer security world. If he answers it on his podcast I will forward the answer to my sisters. I've listened to him for several years now, and I can tell you I already know what his answer will be: "LEAVE IT ALONE. It is a bad idea, an unnecessary risk." Basically exactly what my point is. Exactly the point they are taking issue with. And cmon, manually examining the file is a huge waste of time. I fear I've wasted enough time already on this post. Seriously though. How many of you would install a game crack obtained through p2p coming up with many positive results for malware? Wouldn't you at least TRY to find a clean crack from a slightly more reputable source to use first? Why not just purchase the game and avoid the question altogether? Why would you engage in such risky and foolish behavior? Do you really have the time it takes to ensure the safety of your computer, using files such as this? I do not. I wish to spend my time on other more worthwhile things. I may end up buying her the games in question. Right now I have other priorities for my money.

im not sure i made myself clear, this is not a shared computer, these games are for my mom, it is on her computer, my sister does not live with my mom. In the end the decision is up to my mom, what this forum post is about is more to the effect that it is inherently unwise to download game crack files (1 strike) from p2p software (2 strikes) that get plenty of positive malware results on virustotal (3 strikes). This post is about what the right choice would be, what would you do on your own computer if presented with this issue? Why? It is especially for those who have a good depth of understanding of the issue. I agree I would NEVER allow these files to run on my own computer.

I need your help to settle part of a dispute. There is a lot more into this, family stuff, I wont bore you with the details. There is one point I am trying to make in particular. I believe those of you experienced in computer security will readily back up my points. I help my family (mom, brother, and sometimes sisters) with their computers. My sister likes to go to my mom's house and install things on my mom's computer for her to use. One thing in particular I didn't pay attention to for a while, but I am putting my foot down now. There are games my sister has downloaded (I believe from p2p file sharing software like Shareaza). Since I am responsible for the security of my mom's computer I have begun recently (yes should have done this a long time ago) to put my foot down and say "no more." Software obtained from torrenting, p2p, and pirate websites are well known to often (VERY often) contain viruses, and these files are no exception. I have scanned these crack files on www.virustotal.com which scans the files with about 40 something virus scans, and i have repeatedly come up with many positive results for malware on these files. I don't remember exactly what results, but it was plain that they were infected. However, my sisters refuse to listen to me, constantly claiming I am just "paranoid." Yes even in the face of my claims of finding malware with virustotal. One of my sisters says she has scanned the file in the past with 2 different virus scans which found nothing, and so therefore there is no malware infection. Regardless of how I point out my findings, and explain to them the nature of virus scans not finding everything, they refuse to listen. This virus subject has come up a couple of times so far, but they have not yet brought the files to me to demonstrate. I believe I'll have to wait until the games are reinstalled on my mom's system again before I can just send them to virustotal right in front of my mom in order to demonstrate... two virus scans do not a clean file make. 43 virus scans with no result do not a clean file make, but these files get quite a few positive results on the virustotal website. I fully realize there is a such thing as false positives, but when it comes to various game crack file downloaded from p2p (roughly speaking, about 15 game cracks total for about 15 games), all or most of them coming up with positive results... well you get the point. Warez is notorious for malware. I wouldn't let those files run on my computer. Would you? As for my "credentials," I am self trained. I have admittedly done extensive reading on the subject, and have currently switched to studying BSD security for enterprise networks. I am very good at spotting the effects of malware on a system. I have managed openbsd and freebsd firewalls and webservers, command line linux webservers, all running apache with mysql, I've built and managed several websites. I am familiar with snort IDS, and other intrusion detection systems, I understand quite well how virus scans work. I know Windows operating systems for the most part, inside out. I am proficient in the Linux and BSD operating systems. I've worked a year or so in Microsoft tech support (often removing viruses,) and have done on and off tech support part time for various people over a period of roughly 8 years. Usually friends refer me to people who need help. No official credentials, but I am good at what I do. They still refuse to listen to me. Anyone care to respond to them? It would be nice to hear the opinions from some credible professionals I can refer them to. Thanks. I'm just trying to do the right thing and keep the family's computers clean.

Hi, Glad to sign up for the forum. I'm a tech from California. Thanks