Beware of Key Generators
Twenty years ago, a key generator was a machine in the hardware store that made duplicates of your house keys. Today, a key generator (or keygen) is a tool that software pirates use to illegally activate or unlock commercial software. Aside from the obvious ethical issues, there's another reason why you should steer clear of these things. Read on to learn about the hazards of keygens… |
What is a Key Generator?
“You can’t cheat an honest man” is an old proverb, and it has its complement: it’s pretty easy to cheat dishonest people. That’s why malware distributors love to target people who steal software, music, movies, games, and other intellectual property. One of the favorite traps set for pirates is the key generator.
Sure, you could plant a virus or Trojan in a complete software package. But why bother uploading hundreds of megabytes to various sites, or making such a large package available to downloaders, when a small file of a few thousand bytes will catch just as many fish?
Trial versions of programs are available from the developers’ sites. What pirates often want is a license key that transforms a trial version into a full-featured version that never expires. Programs that generate illicit license keys are called “key generators” or “keygens” for short.
Keygens don’t have to be very big. All they need to do is prompt the user for the same registration data that the software does and then use the same algorithm that the software uses to generate a license key. A few dozen kilobytes of code are ample for these simple tasks. The small keygen packages are often spread more widely and quickly than gigabyte-sized packages containing pre-cracked software.
Now Playing on YouTube…
If you visit The Pirate Bay Bittorrent mega-site and search for the word, “keygen,” you’ll be rewarded with many hits. (It’s safe to go and look, but don’t download anything if you wish to avoid a malware infection or a warning from your ISP.) But malware distributors are also using YouTube to spread their poisoned programs.
Many pirates are also music and video junkies. Keygen videos provide entertainment bait as well as the promise of free software. The video portion is usually of low production value, and the “music” that accompanies many keygens is ripped from 1970s video games. (There are even libraries of tunes known as "keygen music" or "chiptunes" for the convenience of miscreants who post these links.)
On the keygen video page, you'll find a link to download the actual keygen program. It's like playing Russian Roulette, only the odds are a lot worse. The most likely outcome of clicking that link is that you'll get a nasty malware infection, or become ensnared in a botnet. (See BOTNET ALERT: Are You Vulnerable?)
An acquaintance of mine who works for a software development company says that keygen videos targeting the company’s products pop up daily on YouTube. The company swiftly reports the illicit content and YouTube is responsive in taking it down. But not all firms are as diligent in protecting their intellectual property, he says. Many keygen videos have remained on YouTube for years, gathering thousands of views and an undeserved reputation for legitimacy.
The reason for the longevity of some of these keygen videos may be a form of counter-terrorism. It's entirely possible that some bogus keygen videos are posted by the very companies whose software the keygen program is supposed to steal. “Poisoning the well” of keygen Torrents and videos with malware-infected keygens is one way to discourage piracy.
You might think that Google, owner of YouTube, would proactively police its video site for any sign of keygens and remove such content without waiting to be asked. But that would take an army of keygen cops, so the removal process relies on user reports of keygen videos.
False Flags
The comments left on Torrent pages and YouTube pages are not reliable indicators of a keygen’s safety. Positive comments (“It works, no infections!”) are often left by the malware distributor and/or his co-conspirators. Negative comments (“Hey, my antivirus software says this file is infected with…”) are either removed by a page’s owner or explained away by the owner’s shills.
“Don’t worry about the anti-virus alert, it’s a false positive” is the usual advice. There isn’t any reason why an uninfected keygen program would trigger a false positive in an anti-virus program. All a keygen does is accept input, generate a string of letters and numbers, and display it to the user. So if your anti-virus warns you not to run a keygen, something else buried in the keygen is causing the alert.
In almost all cases, a key generator is a tool that's designed to help people do something illegal. Think of it as the digital equivalent of a lock picking kit. Honest people have no need for either. The irony is that there are so many bogus key generators now, that even the dishonest have reason to avoid them.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 11 Apr 2014
For Fun: Buy Bob a Snickers. |
Prev Article: Geekly Update - 10 April 2014 |
The Top Twenty |
Next Article: Erasing a Hard Drive? Not so Fast... |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Beware of Key Generators (Posted: 11 Apr 2014)
Source: https://askbobrankin.com/beware_of_key_generators.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Beware of Key Generators"
Posted by:
narumanchianji
11 Apr 2014
while I appreciate your observations, you may also look into cases of genuine software users who lost their key and like to get it back. thousands of genuine users used these key generators to get back their lost keys knowing pretty well that the keygenerator may also contain malware. once they get back their keys, they used the antivirus programmes to wipe out key generator and the malware it installed.
it is equally possible that all antivirus programmers may generally consider any key generator to be classified as malware so that they may not be able to steal keys, pirating. though a key generator is genuine and it may not contain any malicious programme, unscrupulous users may install and use it to generate keys for their stolen software. keygens are therefore good and also bad
Posted by:
oluka peter
11 Apr 2014
thanks bob for this informative article, just like the many other articles you run on your blog.
Posted by:
Phil
11 Apr 2014
An interesting article, Bob. But I would prefer you had not brought attention to this because, in my opinion, those who steal software deserve whatever infection might hit their computer. In fact....considering the cost of some of the more complex programs....Adobe Creative Suites for example....people who pirate copies should be convicted of felonies.
Posted by:
Robert Kemper
11 Apr 2014
Thanks Bob, for the timely warning on keygens.
much appreciated.
Posted by:
Jason
11 Apr 2014
It's not necessarily true that a malware-free keygen wouldn't be flagged by anti-virus. Some anti-virus products will flag keygens because they are "hacker tools."
Posted by:
Peter Ballantyne
11 Apr 2014
Couldn't agree more Bob. I have worked and played with computers since my first little Sinclair ZX81, and in my wild old days I used to deliberately go hunting in the wild wild west of the early Internet for these things.
Then one day my computer got well and truly clobbered. As I only had one machine which I used for both work and play it was utterly disastrous. In the end a total format and rebuild was needed, but it also swept away all my business data, and guess who was too dumb back then to worry about backups.
It almost destroyed the business I relied on to provide for me and my family. And it jolly well served me right. For years now I am careful to only buy legitimate software straight from the manufacturer, oh, and to have good backups. After all, it's only intelligent self interest isn't it?
Excellent reminder Bob. And something every user needs to heed. Thanks yet again.
Posted by:
Kirill
11 Apr 2014
Thanks for a good laugh! Pretty simple logic can eliminate all threats you mentioned here. Actually everybody knows about trusted sources. Yeah, even for such evil, as keygens, there are trusted sources!
By the way, if keygens are so dangerous, you always can find a serial number itself. The most funny part that those serials could be released by a software developer. Confused? Try to google, for example, UltraISO promotion in PC User magazine Australia in 2009. So you can get license without paying a single penny and be a honest person.
The real Russian Roulette is to sign agreements with absolutely legitimate honest businesses without reading fine prints. I bet you will consider all those cyber crooks much more honest, that those guys.
Posted by:
Andrew
12 Apr 2014
Of course, savvy pirates will treat keygens as suspicious, and run them sandboxed or use an application like Acronis True Image (pirated, of course :-) ) to reset the PC after generating and recording the keygen.
Another problem is that many so-called keygens just display a randomly selected key from a short list of "valid" keys. When software producers get wind of this they block these keys so that they are no longer valid - only effective if the program has to communicate with the software producer's server, or if the pirate installs an update containing the blocking.
Posted by:
Ray Marsh
12 Apr 2014
G'day Bob, re key generators interesting article mate, raises more questions than it answers. I personally think that no matter how good or up to date our online protection is we are really up against the "BAD GUYS". Research appears to be ongoing to either find a way in or develop one, don't think we will ever be truly safe.
Posted by:
MmeMoxie
12 Apr 2014
Bob, excellent article, as usual. It really is time, to be reminded of using software programs, from The Pirate Bay and other websites, that gather nothing but, Crack Warez programs.
XMarks website has a good list, of the Top Crack Warez websites, so that you know to avoid them. What really surprised me, was the usage of You Tube, to spread Crack Warez and Malware, at the same time!!! I know that, I have been leery of You Tube.com, for some time now. I can't explain it, You Tube just seems to big and massive, to keep good control over videos and I don't think, You Tube really wants any kind of control, anyway. Anyway, here is the website, with XMarks list. By the way, XMarks is part of Last Pass ... So, this is a legitimate list.
http://www.xmarks.com/topic/hack_crack_warez
Yes, I have used a KeyGen program. I purchased, the Upgrade version of Windows XP Home. I wanted the Windows XP Pro version ... So, I got a hold of a "pirated copy" of Windows XP Pro. I felt "justified", since I really had purchased the Windows XP Home version, for around $100. I didn't think, I needed to pay anymore money, for the Pro version. Was I right??? NO!!! Did I still do it ... Yes.
I didn't have any problems, until Windows Genuine Advantage or WGA came along, to "validate" if, you had a Genuine Windows Product!!! This occurred, around 2005 or 2006. I couldn't get any updates and I was being "threatened", that my Windows XP Pro would be made useless.
Next step ... I learned how to eliminate the WGA, on my computers. Problem solved, until Microsoft found ways to keep re-activating WGA. Must admit, this made me crazy and nuts. For me, it was a real time battle ... Microsoft verses Me!!! Bottom line ... I was going to WIN this battle, too!!!
After months of "playing games" with WGA ... I finally, found a wonderful program, that was honestly legit. Ok ... How can a KeyGen program be legit? Easily, people honestly do LOSE their License Key Code/Number, for their Microsoft Products or other Companies products, all the time. They need to re-install and have misplaced the paperwork, that has the License Key Code/Number! However, this KeyGen was strictly for Microsoft products.
It didn't cost an arm and a leg, either. It was a small program, well written and it worked! NO bad stuff, with it, either! It was a clean program. I think, I paid either $14.95 or $19.95 for it, which is extremely reasonable, when someone is in a bind.
Bottom line ... Would I ever do that again??? NO!!! I will definitely, pay for any program, that I choose to use, period. It wasn't worth, all of the aggravation, that I went through, just trying to "stay ahead", of Microsoft's race to eliminate all pirated copies of Windows Software Products, be it Windows, Office or whatever ... Microsoft has a mindset to WIN!!!
So, I would much rather be apart of the accepted gang ... Then to be a gangster, any day. :)
I am now, a proud official owner of Window 7 Pro-64Bit and even purchased the Windows 7 Pro-32Bit, for $139.00! I installed that version on, my "older" computer ... Before I got this one, I am using right now.
Posted by:
Digital Artist
13 Apr 2014
I like the way you consistently promote honesty and integrity. You might have mentioned that almost any software worth stealing has a very close cousin available as freeware, so why steal? Keep up the good work!
Posted by:
robert
19 Apr 2014
I don't do it and, as far as I am concerned, anyone who does do it gets what they deserve and I personally hope it causes their entire computer to crash and make it completely unusable so that they have to go buy a new one. Unfortunately, even that would not prevent some of them from doing it again with their new computer. Like Rachel said on Friends, "once a cheater, always a cheater."
Posted by:
Lky0000
20 Apr 2014
Oh, man. What a bunch of baloney! It's nothing more than the promotion of his pc matic. I'm not going to defend the piracy, but anyone with half a brain can distinguish a malware laden keygen - learn to read the comments section and use VMs to be absolutely safe. Anyway, I kept reading until I saw YouTube reference :) haha.
Posted by:
sacratti
21 Apr 2014
Yes, there may be need for "lock picking kits" as for "keygens" as well. If you lost your homekey as well as your software key, you`ll need help of a prof. unlocker,who will often, nearly always take hundreds of bucks for his "work" and often destroy your housedoor. I once ran a microsoft service pack update and microsoft detected a "false key" what wasn`t true, but they destroyed many files on my hd with whatever trojan or virus!!!! Hundreds of midi files I programmed myself where put in the nirvana, unable to get them back. As well it is known, that B. Gates "stole" his first OS from IBM,as many other companies steel knowledge a.s.o. from their workers, not paying`m the right way. The great companies concentrate to market leading comps and force or even blackmail people to buy their products, even with unneccessary updates or unsupported software etc.
Posted by:
MmeMoxie
22 Apr 2014
Bob ... I really MUST respond to Lky0000!
I don't know where you get your information, but, Bob Rankin does NOT promote PC Matic!!! Bob Rankin does NOT promote any one software program. What he does is try out various software programs, to see if they work or do what they claim to do. Basically, Bob researches for not only himself, but, especially for us, his fans and readers!!!
Plus, Bob is a "guest" writer at PC Pitstop, like all of the others. PC Pitstop reaches out to their Contributors, like many, many other Newsletters on the Internet, these days. Does money exchange hands? I honestly don't know nor do I care. All of these Contributors deserve to live, just like the rest of us. Plus, where has Bob EVER charge for any of his Newsletters, packed with great information???!!!
I am sad, that you could make such comments about Bob. Sorry, but, I have been a fan and reader of his, since, 1996 and I trust him. What I love about Bob, the most ... He even allows your comments, on his website, to show that he is not biased or prejudiced. For me, that takes a mighty man, to share the "bad" comments, along with the "good" and informative ones.
I really wish, more people were like you, Bob, ... Honest, fair and knowledgeable ... And, these are rare qualities, indeed.
EDITOR'S NOTE: Thanks for the kind words. And for the record, I receive no payment from PC Pitstop for my newsletter contributions. I do it to bring new readers to this website.
Posted by:
old_crow
22 Apr 2014
While I am not a regular reader of this site may I defend the observation of Lky0000? Unfortunately, until I saw the post by MmeMoxie I too agreed that you were simply defending PC Matic. Then I went back to look at the original article. I got to this article via PC Pitstop where BELOW Bobs byline there were several paragraphs about how PC Matic was being ripped off by pirates with keygens. While it was in italics and signed PC Pitstop it definitely gave the impression of being the authors words. I think this was probably the case with Lky0000 as well. Bob, I do agree with your sentiments about keygens in particular and software piracy in general but you might ask PC Pitstop to put their comments above your byline and not after it to alleviate this kind of confusion in the future.
EDITOR'S NOTE: Good point, thanks.
Posted by:
Rich
01 Nov 2016
"Think of it as the digital equivalent of a lock picking kit. Honest people have no need for either."
Without a qualifier such as "Most" in front of honest your statement is false.
I carried a set of lock picks and "slim jims" for many years in my vehicles.
In my misspent youth I worked for a locksmith and learned the trade.
Many honest people such as locksmiths, police or just people who like to tinker or are curious, such as myself have a need.
Aside from that good article.
Since there is so much good freeware out there as well as good Linux distros I've never seen a need use commercial software though I have donated when using a few of my favorite programs.
Keep up the good blogging.
The email I provided is real, but never checked as you can probably tell by it's name.
Posted by:
Johnny
26 Aug 2018
Hello,
I want to start by saying your articles are great & I respect them. But there are times [honest people] have reasons to do what corporations deem [dishonest] in their greed?
I do not defend (getting software by [other]means as a whole). However, there [ARE] exeptions to this rule? I bought the [at the time quite expensive] GOTY Edition Fallout 4 on disc. I wanted to [own what I bought]. Not have a {considered a lease} by a third party company digital download. When I went to install my [legally purchased disc game]? It immediately started to install STEAM, along with a [rediculously HUGE] bunch of unneeded [bloatware] to inforce their DRM policy. I do not like STEAM, and was angered to find my disc was nothing but a fancy [preboot] to a STEAM download. Plus I had to create a STEAM account I [did not want], and log in to get said download & play my game. I use mods to build better cities. STEAM tried to sell me mods that are readily free litterly [anywhere else]. Add to this the mods are not [simply uninstall with a free service in 1 click] like for instance [NEXUS]. Mods got broken with an unneeded [patch with no warning] as well, that STEAM runs often unneededly in a completed game for this very reason. I ended up downloading a pirated copy, and installing it to divorce my game from the STEAM account I [never wanted to begin with]. It runs GREAT with no STEAM, and my MODS don't get broken. I [paid for this game. I own it, and feel 0% guilt doing this?
Posted by:
Johnny
26 Aug 2018
I left out something. I am sorry. [YES I did use a keygen] albeit a bit nervously, but it was worth the risk. I am aware keygens are often used to get something never paid for, but that is not [always] the case. Your articles are really good. Not critisizing you. Just pointing out that everyone who uses a keygen isn't simply a [dishonest person wanting everything free]? lol :)
Posted by:
Silica
02 Feb 2021
“Don’t worry about the anti-virus alert, it’s a false positive” is the usual advice. There isn’t any reason why an uninfected keygen program would trigger a false positive in an anti-virus program. All a keygen does is accept input, generate a string of letters and numbers, and display it to the user. So if your anti-virus warns you not to run a keygen, something else buried in the keygen is causing the alert.
says the guy whos obviously never wrote software for Windows before, lol
printf("hello world\n");
AV: is this "generic.tr0jan.A"?