Is attempting to kill Piracy actually killing Internet Security?

Snipehunter's picture

In the midst of a conversation with my fellow business partners at Skyward* Corp, the following thought occured to us:

1) More and more, we're seeing crowd sourced reporting used as a method to determine if files are safe or not. This is most notable with the Norton line of products (of which I am a fan, I will admit).

2) Presuming your truly crowdsourcing and anyone can file a "this is shady report", it might be possible to flag a legitimate file as "shady" to these crowdsourced security products by providing enough reports from enough unique IPs to reach critical mass and affect the way the product deals with instances of the legitimate file on clients' computers.

3) There's a legitimate business interest in acting on #2 if you are a company attempting to enforce copy protection on your products: By flagging every "crack" and "keygen" as shady (despite no real security risk), you ensure every means to bypass your copy protection is detected and removed by these security products before they can used, thus turning the creators of these programs into copyright police at minimal expense to your own operation.

4) Practice #3 above will become obvious to users of "cracks" and "keygens" over time as enough people take the risk, try them anyway and determine nothing untoward has happened. As they are a social community, pirates will share these findings and that knowledge will lead to widespread "denial" of the security programs warnings, defeating any benefit that may have been seen by using practice #3 anyway, but more importantly:

5) With more and more users being told to ignore the warnings of their security programs, an exploitable behavior will become obvious to malware crafters and then real "keygens" and "cracks" will become even greater targets for infection, leading to a serious issue for security companies, as their programs "prove to be ineffective" in these cases.


OK, OK, point 5 is a little extreme, but it is a legimate problem, don't you think? How many users have already bypassed their internet security to run a program that, if it hadn't been for the copy right holders flagging the file as inappropriate, would have done nothing at all to their systems? Sure, I may be thinking things over a little too much, but isn't there a possibility that internet security has already been compromised on hundreds of systems because some media or software company decided a security company should be their copyright police?


- Snipehunter

Enhanced by Zemanta
Technorati Tags:Technorati Tags: