Posts tagged "piracy"

clinicallyawesome

Copying Windows Binaries

Maybe this is piracy, maybe it’s not. I have a tool installed on my computer and when new programs are installed it discovers them and pops up a lovely prompt asking if I will allow the executable to be copied to some computer somewhere. I haven’t looked into it deeply but it doesn’t seem to be aware of software licenses and whether the license for that binary allows for it to be redistributed. Maybe it is and maybe it’s not. It doesn’t seem like the tool is based on some kind of prior agreement between the tool author and the owners of each and every software package that it’s prompted me to allow copying their binaries. If it did, it doesn’t seem like it would need to ask me if it’s okay, except to honor my privacy. Maybe this copying falls under “Fair Use” or maybe it’s just not worth suing over. Maybe it’s piracy and I’m an accomplice.

The tool in question seems to be an inherent feature of Windows 7. It may have been in Vista, which I skipped. If I recall correctly the prompt says it’s part of Windows Defender which I believe is part of Windows security. The obvious conclusion is that it’s grabbing the file to analyze it for malware. If it is, it seems like it could just run a few different cryptographic hash functions over it and if any one of them differ, then it copies the file. I don’t think it’s doing that because I’m sure I’m not the first person to install the latest Acrobat Reader appropriate for my platform. What are they doing with them? Maybe we help them collect binaries for competitive analysis and it’s not just strictly for security.

Maybe it isn’t enforceable or no one would dare sue Microsoft, but it seems to me like I’m violating someone’s copyright or license.

| Comments
1 note
clinicallyawesome

It Wasn’t Me, It Was the Seeder Worm

The media cartels like to hold the user of an IP address liable for any file sharing done through that IP. So if someone breaks into your WiFi and runs bittorrent it’s your fault. To some degree I believe that it’s the responsibility of the individual to secure their network that problem is basically intractable. At any rate, you could have DMCA invoked on you for whatever happens on your assigned IP address. I’m fairly sure the legality of this is debatable, especially looking at the response templates provided by the EFF for TOR users, but I’m a hacker not a lawyer.

Who’s liable if my server gets infected with Slammer or Conficker? It came to my system from some other system. Shouldn’t the owner of that IP be liable? I haven’t heard of any legal pursuit to that effect. It would seem that if you get infected with a worm it’s not your fault and you won’t be held liable.

To put this in perspective, if someone gains access to your network and uses it for file sharing you’re liable because you control the security of your network. If your system gets a worm and is infecting other systems on the Internet you’re not liable, even though you control the security of your server. Worms cost definite, calculable loss of revenue. File sharing may cause loss of revenue but no one’s really sure and there’s no way to know much.

What if the next big worm surreptitiously installs a minimal bittorrent client. It then randomly grabs one of the top 100,000 torrents from on of the top 50 torrent sites and runs it to seed? What if the next java plugin/flash/acrobat/Active X exploit did the same? What if this seeder tool was created as a Metasploit payload?

Are you liable for file sharing because you got infected with malware?

| Comments
2 notes
clinicallyawesome

Half-game Downloads

It’s valuable to give you only half of what you paid for.

http://hellforge.gameriot.com/blogs/Hellforge/EA-Games-Everything-On-The-Disc-Is-A-Demo

So to foil pirates they’re only giving you half the game on the disk. The rest you have to download… having already paid for the game. This isn’t a patch or content update, this is content they just didn’t put on the disk.

Mr. Riccitello says:

So the point I’m making is, yes I think that’s the answer [to piracy]. And here’s the trick: it’s not the answer because this foils a pirate, but it’s the answer because it makes the service so valuable that in comparison the packaged good is not.

My thoughts:

The great thing about a game on a disk is that I can go to the store, buy it now, and play it now. The great thing about a downloadable game is that I don’t have to leave the house provided I’m willing to wait a bit.

This synergistically combines the worst aspects of both technologies.

So here’s an idea. To stop criminals we’ll sell handguns without firing pins. Then we’ll let you order the firing pin from our website at no charge. We have thus revolutionized the way people think about buying handguns and have added value to our website. Oh, and stopped criminals from getting firing pins somehow.

| Comments
clinicallyawesome

Software Piracy (A Parable)

YAR! The diseased dangerous life fer me, HO HO!

GRR… had a nice, long, well-written article almost done and lost my draft. Here’s the abridged version

I don’t normally pirate software. I used to years ago, but got sick of it and switched to Linux for my desktop (already had it on my server). I found an application for Windows that I really wanted but it was $500-600 which is a lot of money for something I might not like.

So I pulled it down off BitTorrent. Knowing it might be a malware vehicle I grabbed an Open source virus scanner and scanned it before installing. It came up clean and I ran the patcher to disable the licensing check. A few hours later my Automatic Updates are turned off and won’t come back on.

I start throwing all the free and open source malware removal tools I can at it and have little success. After three days (interleaved with work, sleep, etc) I think I’ve got my system clean but it required editing my NTFS partition from Linux and hand-hacking my registry using chntpw. I used to know quite a bit about removing Windows malware but I’ve gotten rusty, what with all this Linux and Mac OS X usage and all.

I learned a lot in the process but I estimate I spent 12-18 hours in this mess. Most of the time I can’t actually use my computer because I’m not willing to supply any login credentials to a compromised system. If I assume that my the value of my time is reflected by my gross salary, I spent about $400-600 worth of time on this, not counting the loss of my free time. Since the software costs $500-600 it probably would have been cheaper for me just to buy it.

| Comments