Beware of Key Generators
Twenty years ago, a key generator was a machine in the hardware store that made duplicates of your house keys. Today, a key generator (or keygen) is a tool that software pirates use to illegally activate or unlock commercial software. Aside from the obvious ethical issues, there's another reason why you should steer clear of these things. Read on to learn about the hazards of keygens…
What is a Key Generator?
“You can’t cheat an honest man” is an old proverb, and it has its complement: it’s pretty easy to cheat dishonest people. That’s why malware distributors love to target people who steal software, music, movies, games, and other intellectual property. One of the favorite traps set for pirates is the key generator.
Sure, you could plant a virus or Trojan in a complete software package. But why bother uploading hundreds of megabytes to various sites, or making such a large package available to downloaders, when a small file of a few thousand bytes will catch just as many fish?
Trial versions of programs are available from the developers’ sites. What pirates often want is a license key that transforms a trial version into a full-featured version that never expires. Programs that generate illicit license keys are called “key generators” or “keygens” for short.
Keygens don’t have to be very big. All they need to do is prompt the user for the same registration data that the software does and then use the same algorithm that the software uses to generate a license key. A few dozen kilobytes of code are ample for these simple tasks. The small keygen packages are often spread more widely and quickly than gigabyte-sized packages containing pre-cracked software.
Now Playing on YouTube…
If you visit The Pirate Bay Bittorrent mega-site and search for the word, “keygen,” you’ll be rewarded with many hits. (It’s safe to go and look, but don’t download anything if you wish to avoid a malware infection or a warning from your ISP.) But malware distributors are also using YouTube to spread their poisoned programs.
Many pirates are also music and video junkies. Keygen videos provide entertainment bait as well as the promise of free software. The video portion is usually of low production value, and the “music” that accompanies many keygens is ripped from 1970s video games. (There are even libraries of tunes known as "keygen music" or "chiptunes" for the convenience of miscreants who post these links.)
On the keygen video page, you'll find a link to download the actual keygen program. It's like playing Russian Roulette, only the odds are a lot worse. The most likely outcome of clicking that link is that you'll get a nasty malware infection, or become ensnared in a botnet. (See BOTNET ALERT: Are You Vulnerable?)
An acquaintance of mine who works for a software development company says that keygen videos targeting the company’s products pop up daily on YouTube. The company swiftly reports the illicit content and YouTube is responsive in taking it down. But not all firms are as diligent in protecting their intellectual property, he says. Many keygen videos have remained on YouTube for years, gathering thousands of views and an undeserved reputation for legitimacy.
The reason for the longevity of some of these keygen videos may be a form of counter-terrorism. It's entirely possible that some bogus keygen videos are posted by the very companies whose software the keygen program is supposed to steal. “Poisoning the well” of keygen Torrents and videos with malware-infected keygens is one way to discourage piracy.
You might think that Google, owner of YouTube, would proactively police its video site for any sign of keygens and remove such content without waiting to be asked. But that would take an army of keygen cops, so the removal process relies on user reports of keygen videos.
The comments left on Torrent pages and YouTube pages are not reliable indicators of a keygen’s safety. Positive comments (“It works, no infections!”) are often left by the malware distributor and/or his co-conspirators. Negative comments (“Hey, my antivirus software says this file is infected with…”) are either removed by a page’s owner or explained away by the owner’s shills.
“Don’t worry about the anti-virus alert, it’s a false positive” is the usual advice. There isn’t any reason why an uninfected keygen program would trigger a false positive in an anti-virus program. All a keygen does is accept input, generate a string of letters and numbers, and display it to the user. So if your anti-virus warns you not to run a keygen, something else buried in the keygen is causing the alert.
In almost all cases, a key generator is a tool that's designed to help people do something illegal. Think of it as the digital equivalent of a lock picking kit. Honest people have no need for either. The irony is that there are so many bogus key generators now, that even the dishonest have reason to avoid them.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 11 Apr 2014
|For Fun: Buy Bob a Snickers.|
Geekly Update - 10 April 2014
The Top Twenty
Is Carfax Reliable?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Beware of Key Generators (Posted: 11 Apr 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved