« Style Master Windows 3.5.2 upgrade released | Main | free xhtml course online »
April 09, 2004
An open letter to anyone tempted to use cracked software
G'day,
Imagine you received the following email
Hi,
you don't know me, and to protect me from the law I must remain anonymous, but I am offering something stolen that you want, and which would otherwise cost you a lot of money, for no cost at all! All you have to do is run the attached executable file, and it will make that stolen item available to you.
Cool eh?
What's the betting that you wouldn't run the executable? What's the betting that only an imbecile would run the executable?
But you know what, there is a good chance that someone you know has done something very similar. I can guarantee that millions of people will do it today. Not "clueless newbies" who have only been using computers for a short while and haven't an idea what could go wrong. I'm talking about people with at least a modicum of, and often much more computer knowledge and experience.
I'll tell you who these people are in a short while, but let's for a moment think about the kind of risk someone who does this may be running.
This executable file might erase your hard disk. Completely and irretrievably. As a software developer I can't tell you how trivial it is to write such an application. Maybe an hour's work. For some it would take just a few minutes.
But it could actually do much worse things than that.
Any and all of the unencrypted information on your hard disk is most likely easily accessible to an application. At its leisure it might trowel though your files, gaining access to financial and other information, and send it off just about anywhere to be, well, misused. Better have a close look at those credit card statements. Check your online banking.
It might search for information on your hard disk which you may well not wish others to know about. Emails to a lover whom your husband or wife might not be too keen about, pornography, evidence of fraud - who knows? Access to any sensitive information makes you a pretty simple target for blackmail.
It could download or install criminally pornographic images on your system, and then notify say ASACAP that it believes the person connecting with your IP address has downloaded such images.
Or just to mess with you, it might send offensive emails from your email address to people in your address book. Imagine your mum opening up an email from you featuring a jaunty narrative of your amorous exploits with a donkey. Or a note to your boss listing the chief porn and gambling sites you enjoy. People do nasty things just for kicks.
It might install spambots, and other malicious applications which turn your computer into an open relay for spam. You know the deluge of weird emails we get every now and then, the viruses and worms like the recent slammer? That's a big part of how they propagate.
You may not have heard of DDOS or "distributed denial of service" attacks. These are the orchestrated use of computers running malicious software which their owner knows nothing about to deluge websites with requests to such an extent that these servers simply cannot serve the legitimate requests they receive. How does this software get onto these computers? Often people actively but unknowingly install it.
OK, OK, we all know that it is indescribably stupid to just run executables from anyone we don't trust. Only an ignoramus would do so. So what's my point?
As I said, millions of people do it every day. Not from an email attachment they receive, but worse, these morons actively seek out executable files from people who claim to be criminals, and who guard their anonymity with considerable skill and effort.
Who are these indescribably naive tossers? They are anyone who downloads a crack for legitimate software, a crack which enables them to use that software without paying for it.
Usually the crack comes in the form of a small executable posted on a crack or warez site which claims to "patch" a limited version of some software (say a demo version) and make it the equivalent of a full one. In most cases these cracks do what they say. But what else are they doing?
After all, these patches are simply executable files, running unprotected on a system. All of the unpleasant scenarios I outlined above are more than feasible on most systems.
People who use cracked software know that it is both illegal, and unethical. But that doesn't stop them. So I am not going to bore you or them with the arguments and reasons why they shouldn't do it.
But because I am such a good guy (I am you know) I'll give those people some valuable advice.
If you use cracked software you are running full executable files from people who zealously guard their anonymity because they are knowingly committing criminal acts. You are in effect giving these criminals complete control over all of the information on your hard disk, and operation of your computer. How unbelievably stupid is that?
You expose yourself to all of the scenarios I outlined above, and I'm sure many more I can't begin to think of.
And you contribute directly to the growing DDOS, virus and spam disasters that much diminish the value of the internet and the web for all of us, and about which you probably complain yourself.
best wishes,
John Allsopp
p.s. To amuse those with consciences and brains I've decided to run a little competition.
Imagine that in the next few days, I'm going to release a psuedo-crack on the world. 50% of the time it will install a free version of Style Master, the other 50% of the time it will do something rather nasty.
I'd like to hear your ideas. What is the most heinous thing you can imagine an exe file doing? Post your ideas in the comments section over the next week and I'll bear them in mind. Most creative and amusingly cruel suggestion gets a free copy of Style Master (the real one).
For the record I can tell you that we software developers, in the few spare hours that we don't have to spend improving our security systems and fending off DDOS attacks, put a considerable amount of creative energy into thinking up horrible things we could do to those who want to steal our software. So you're going to have to reach deep to come up with something worse than us.
Anyhoo, our cracker friends might get a free copy of my very useful software, or their college supervisors may be emailed a photo of them performing unnatural acts on a goat. At best! It all depends on the malevolence of the blogosphere.
Do your worst.
April 9, 2004 | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341cbf7d53ef00e5502107a58833
Listed below are links to weblogs that reference An open letter to anyone tempted to use cracked software:
Comments
This is why intelligent pirates use serials not patches.
But here's my suggestion:
step 1) Work out what the pirate calls themselves. You can probably get this from their email client config, or mIRC nick if it's installed, at worst use the username.
step 2) Use a text-to-speech engine to generate samples of intelligent and thoughtful comments, such as '$pirate_name is a cheap ass-hat'.
step 3) Search for mp3s, and overwrite the middle third of each track with a loop of the samples created in step 2.
Since anyone using cracked software is probably also doing a fair bit of MP3 trading, you'll not only destroy their music collection, you'll mess up their reputation as well.
Posted by: Jonno | Apr 13, 2004 11:29:35 AM
Cracks could do worse than just delete everything on your harddrive.
It happen for my friend once. One crack changed every file on his harddisk to same text files with some text inside (this computer was cracked by... bla bla bla). In this case I could not recover his data with recovery software because content of every file was overwritten.
Posted by: Realbox | Apr 13, 2004 7:52:52 PM
How about a bit of code that randomly changes the keyboard mapping for text entered into password fields. The user would never know since he can't see the actual text, but none of his passwords would work. And if he tried to enter new passwords the second one would never match the first. Truly maddening.
Posted by: recess | Apr 14, 2004 4:07:50 AM
john, lemme see now, how about the formula that enables someone to predict the winning lotto numers every week? does that count as torture?
Posted by: stuart murdoch | Apr 14, 2004 10:15:44 PM
Hmmm...
50% of the time crack StyleMaster
10% of the time crack StyleMaster, then write the results of Mersenne's theroum to the hard drive, for all numbers 1 - 257, in a different file every time StyleMaster is used
10% of the time crack StyleMaster, then erase a random port, every time StyleMaster is used
10% of the time crack StyleMaster, then copy the files to 10 other directories, every time StyleMaster is used
10% of the time crack StyleMaster, then erase random .dll's, every time StyleMaster is used...
And that wasn't even thinking hard.
Posted by: BubaDragon | Apr 21, 2004 7:05:09 AM
how about removing the BIOS or installing a new start screen whit the text "bad move" and a password that is random created every time the computer starts
Posted by: H.Andersson | Apr 26, 2004 7:48:01 PM
I am a peruvian 60 year-old trying to learn on my own web design because I love it and because I need to earn an extra cash since my retirement pension gives me about $100 a month!
While I love your work and highly appreciate your free courses and would never use a crack version of your software, I must point out something that you probably don't realize because you live in a developed country.
It is true that for your standards the price of your software is cheap, but consider a peruvian web designer who makes $5 an hour if he is lucky, very skilled and a great salesperson. Do you think now that your software or any other is really cheap?
Unfortunately, wether prices are cheap or expensive depends on each one's economic reality. Sad, but true.
Posted by: Rox | Apr 27, 2004 11:43:11 AM
Roz,
at westciv, we really are sympathetic to the needs of our users, and the web development community more generally. And that certainly includes the issue of affordability.
We have a genuine desire to make our software and other products more affordable to those ouside the developed world, and to others such as students who aren;l usin them professionally.
for a small company, this can prove very difficult. Who is a student? How can they demonstrate that? Which countries should be considered outside the developed world? What about people from the developed world working in those countries.
We continue to pnder these issues, and hopefully will have some solutions downthe track.
Thanks for your comments, much appreciated,
john
Posted by: John Allsopp | Apr 27, 2004 11:58:52 AM
Personally, I think the worst punishment comes in the form that is not obviously malignant software. For example:
1) Have your program lie dormant for a week or so to prevent the thief from connecting the terrorizing events to your download.
2) Spoof a message from investigations@fbi.gov, informing the thief that he has come under investigation due to possible illegal activities...that his IP address was compromised in one of the recent FBI raids cracking down on IP theft. A warrant for his PC is being drafted, and his ISPs logs are being subpoena'd. And leave it at that for a few days...if he reformats and wipes his drives, oh well...at least you invoked a terrified response.
3) If he's still in the ballgame, then follow up with another message that, due to some basic searches of his ISP logs, they have reason to believe he HAS participated in numerous illegal activites up to and including software theft. The subpoena has gone to a federal judge for approval, and that his only recourse is to contact his local FBI branch office and explain his circumstances under Case #41287.
So far, you've still not tipped him off that this is anything more than genuine. If he's real smart, he might be able to figure out that the email is coming from his own IP address...but honestly, I'd relegate that to less than 5% of email users (it may be different being packaged with your software, as now we're dealing with web developers...but it should still scare the daylights out of them).
3) So, if he hasn't already removed the software, you're free to launch a negative ad campaign, sending emails to everyone in his address book saying, "Hi...I'm glad you're my friend. Did you know that I'm a software thief? Yep, it's true. I knowingly search shady (often porn related) web sites to find cracks for software. And you know what? I don't just do that for the real expensive software suites...I'm too cheap to even pay $10. But don't worry, you're my friend. I'd never cheat you. Well, at least not unless a buck is involved!"
THENNNNNN, you can start executing all the normal nasties that come with the territory.
~j3r
Posted by: j3r | Apr 30, 2004 6:27:39 AM
See people the things that can happen to you if you use cracked software?
john
Posted by: John Allsopp | Apr 30, 2004 8:45:45 AM
And who win that real copy of Style Master? :-D
Posted by: Joshua | May 1, 2004 9:33:06 PM
Lots of good ideas thus far; however, I think the really good ones are being overlooked. Since web developers of one sort or another are going to be the ones pirating the software, any "horrible thing" that might be done should hit where it hurts most -- the work these pirates are attempting to create using the cracked software.
With a rigged version of StyleMaster I would say randomly change the CSS generated to produce some interesting results. The possibilities are endless here. Change all background colors to lime green and all links to hot pink.
Something more devious would be to save a copy of the original CSS and load it instead of the altered CSS, so that no matter what changes are made, the alterations can never been removed (in effect).
Posted by: Jesse Wilson | May 5, 2004 1:29:44 PM
I'm slightly dubious of downloading the new beta of Style Master now :-o
How about posting random messages to all and sundry in their address book that they have 'come out' of the closet and are moving in with their same sex childhood sweetheart?
or... how about inserting expetives into the text of an email just as they click send?
or... send an email from them to FAST informing them of the perps crime?
or... sign them up en-mass to as many dodgy email lists/porn sites as you can muster?
Posted by: Richard@Home | May 5, 2004 11:56:07 PM
Surreptitious corporate sabotage. I am amazed viruses don't already try and do this.
Wiping a hard disk, remapping keys, replacing all files with "ha ha ha you've bin had" and reporting the pirater to some official agency, those are all either recoverable (reinstall and restore backups) or not practical (FBI are not going to follow up on every email they get saying Joe Bloggs is pirating Fireworks, Macromedia wouldn't either, too small fry, too much work).
But surreptitious sabotage or info-gathering within a corporate network, now that could become serious.
As a joke a few years ago we wrote an EXE and planted it on our financial directors machine. For a week it would go into his Excel invoicing system and modify various figures pretty much randomly (we emailed copies back to us). It drove him nuts and we stopped the joke when one day he said, just before he was to phone a client, that he was confirming with me that Project X was really 25% behind in billing.
Now that was a bunch of geeks within a small company having fun and nothing serious happened.
Now days we have sensitive info on our network. Imagine a crack that once installed sat in the background and either emailed out copies of sensitive documents (most companies name or have common keywords in these documents so finding them is no serious matter) or surreptitiously modified values. Nothing too major, just minor values changed, add a few percent here, minus a percent there. The accounting department managing the billing of 20 projects won't notice a 5% increase, but the client sure as heck will and that will become an ex-client.
It could also connect to internal SQL databases, send out connection details or in the case of financial/ecommerce systems credit-card details etc. Heck, it could place orders using existing data and have the goods shipped out.
As one poster mentions, let the crack lay low for a week to avoid initial port checking and then once the heat is off, start sabotaging and sending out sensitive information. Have it published on the corporates home page.
So many companies run on common systems with common document formats (Word, Excel, Exchange, SQL, ASP, PHP, .NET and now XML) that finding and sending or modifying this data is not hard. Once inside a network security is pretty loose and look at what kind of user most piraters are; sysadmins, developers, users with high-access accounts. Also plenty of developers working from home with nice VPN connections straight into their corporate network. So you can lock down your on-site computers but you can't lock down every single off-site developers machine.
So in affect, an automated trojan. Don't raise suspicion by opening up ports to let in the hacker, make the trojan the hacker and have it send out through normal, unguarded channels (email).
Overt, crash-the-system thinking is IMO a good thing compared to what a virus could really do. Maybe these hidden saboteurs already exist and we just don't notice them or companies keep mum about finding them to avoid embarassment?
Posted by: Paul Watson | May 7, 2004 7:06:55 PM
Send an incriminating email to the BSA.
Posted by: anon | Jun 14, 2004 1:56:26 AM
Yes, keep this blog up and your sales are sure to skyrocket!!!
Personally, I wouldn't trust a person with such a vengefull and overall sick imagination farther than I can spit.
It seems all posters above have alot of "repressed" needs.
All you need is some "justification" and you're ready to assume the role of malicious hacker/virus writer etc yourselves, and wreck havoc on another person's property (an eye for a tooth and a head for an eye seems to be your motto).
All under the happy leadership of Mr. All$hop (I like your definition of conscience and brains and the direction to which you push creative thought).
Well in my opinion it's a good thing there are people with the skill to "look inside" closed code like yours, because imagine (and you have proven that you can) what a sick individual like yourself could do to unsuspecting people's property, because you "thought" they were attempting to crack you precious text editor.
Oh, a little reality check:
1. It is an established fact that users of pirated software do not amount to lost revenue, because only a statistically insignificant part of their number, is a potential customer to begin with.
2. Cracks, serials and general discussion about a software (the not so underground grapevine) is one of the biggest avenues of FREE publicity for the product. What is forbidden is coveted! This ultimately expands its legitimate user base making it a "standard"
3. This is why some of the most successful, widespread and profitable products (archive tools, media players, text editors, IM and chat programs) are among the most pirated ones and at the same time you don't see their developers making too much fuss about it...
What do you think was the deciding factor in making Winamp, Winzip, mIRC, Ultraedit, FlashFXP et.al rule over vastly superior and comparatively priced products, other than the attention of the "crackers".
Of course there is always the possibility that all posts above are from the same person, as I find it difficult to believe there is such abundance of stupidity.
I guess I'll know as soon as this post is censored or deleted :)
Keep up the paranoia.
Posted by: bsa rules | Nov 11, 2004 10:36:43 AM
bsa,
you seem to miss my point.
This is a public service announcement. This is awhack on the head with aclue stick for people stupid enough to use cracked software.
You use cracked software and you are knowlingly and deliberately running an executable unprotected on you system that was written by a person who admits to being a criminal.
I am suggesting to you and anyone who cares to read this post just what might happen if you take such a risk.
Imagine if someone knocked on your door an said:
"Give me the keys to your house, and I promise to leave a stolen TV one night while you are out."
You'd give them the keys wouldn't you?
Thought not.
So your reality check is a non sequitur. This is about the choice people make to run executables on their systems obtained from anonymous sources who are knowlingly breaking the law, and the things that such executables could do.
Next time you get whacked by spam, think on this, it is coming from ordinary computers, connected by cable to the net, that have been unknowingly turned into spam senders often by people running cracked software which cracks install said software.
Oh, these crackers are doing all this for nothing out of the goodness of their heart eh?
Right.
Who needs the reality check eh?
J
p.s. the demo version of Style Master runs with limited features for ever after 30 days unlimited.
So am I the greedy one?
My site has been offering free web development resources (widely acknowledged as about the best there are) for years.
And I am the greedy one?
We make older versions of our software available as freeware.
And I am the greedy one?
Check on various news groups for my name going back over a decade, and see how much free advice I've given. Ditto many web development mailing lists.
Wanna know how this stuff gets paid for?
So, before you trot out lame pseudo arguments and character appraisal, do a bit of fact checking. Then go and put your money where you mouth is. What contributions have you made to the net, the web, and frankly the world? I couldn't tell as you choose to be anonymous
peace
john
Posted by: John Allsopp | Nov 11, 2004 10:56:37 AM
Just a simple thought. The trial version gives ample consideration to the prospect customer in knowing if we like the software enough to purchase. If we are interested in CSS then we probably have some hands on experience/knowledge in web creation. At a common rate of around $65 an hour in the city for custom site design, or nothing more than mowing a couple lawns for the so inclined. This software can be purchased. So what's the problem? Seems that people are "jumping over pennies to pick up the proverbial dollar" if they are making money with the "cracked" software. “Karma is a mo' fo' “;)
Besides certain software companies have been using “User stamps, and or hardware locks “for years... Just encrypt a small piece of code that will disable the use of the software if a certain file is modified. Or a piece of code that will disable the software if a value in the registry has changed. If it can be cracked it can be blocked too! Anyway, great site and awesome software all at the price of 1 honest hour’s labor and still have enough left over for a pound of your favorite gourmet coffee...
Posted by: Bert'o | Nov 14, 2004 11:25:30 PM
could u send me some software & exe file to crack any software
Posted by: vicky | Jun 3, 2005 12:33:39 AM
Well Vicki,
you'll need to find your own I'm afraid. They aren't hard to get. A bit like the clap really,
john
Posted by: john F Allsopp | Jun 3, 2005 8:59:10 AM
This is all verry well but how about something usefull like a program that will search out ad-ware/ spy-ware and nuke the sods.
Posted by: David | Jun 25, 2005 9:30:59 AM
Oh stop whining about cracked sofware.The people who use it know the risks of it to start with.Most average individuals can't afford to spend $500 for a piece only to find out after doing it that it was just a mass of hangs,crashes and freeze ups waiting for them.Would you buy a car before driving it a little to check it out? I wouldn't either and I wouldn't risk wasting my hard earned money on junk either.I've ran cracked software for years and I've had very few problems with it.I always scan it with a good av (cracked of course) first before executing it.Then when it turns out to be junk I just uninstall it and delete the program from my collection.People who whine about cracked software are either selling it or writing it and it's all about the money when you get down to it isn't it? I love cracked sofware!!!
Posted by: blackram | Mar 23, 2006 4:42:12 AM
Sure, some cracks are bogus. Some cracks are seemingly real but secretly install stuff. Some cracks are real and thats it.
But guess what, this applies to EVERYTHING. Take even popular freeware/pd software. Peerguardian for example. You can download the real free version, or, you can download a real free version that also has a trojan installer in it. Depends on where you download it from. Also depends on what saftey measures you take. Virus scan, registry monitors, etc..
Don't forget about your favorite media files too. Take RealMedia or Windows Media. You can, and people have, imbedded all kinds of crap inside media files.
What is being described here is in no way shape or form isolated or specialy associated to cracks & patches.
Anywho, I personaly have little sympathy for people who get caught up in this kind of stuff.
For one, to play anti piracy advocate for a second, they were trying to steal something, so tough cookies their machine got screwed up as a result. Gee, someone's CC# got stolen. Yeah, sucks to be stolen from, don't it? Just like you were trying to do from the guy who wrote that program you're trying to crack. This is more commonly know as "turn about is fair play" and "karma".
For two, to play pro-piracy adovcate for a second, they were noobs trying to dabble in things they knew little to nothing about. This is less a point about this issue but computers and the internet in general. For some reason, all the noobs who own computers and play on the internet seem to think that having to have an understanding of things, know how crap works and so on is optional. That it's learn on the fly as you go, and the virtual world out there is friendly and perfect there exclusivly to help them.
We don't let people fly planes without training first. We don't let people drive till they can pass a test of minimal knowledge and skill. Computers and the internet should be no different.
Internet, only place I've seen where criminals openly cry fowl when their illegal activities get turned around on them.
The internet is like life, it's cold and hard. No one owes anyone jack shit. One is responcible only for themselves an their own actions. If one doesn't quite get it, they are in the wrong place, are asking for and deserve whatever happens.
Posted by: someone | Mar 23, 2006 1:45:31 PM
What about simply adding a line in every html file the offender creates, with [meta name="GENERATOR" content="Microsoft FrontPage 4.0"]
That'd be just plain insulting, heh. :)
Posted by: Miles Burke | Mar 23, 2006 11:02:51 PM
Dumb people will always be around and those who dont inspect a crack before using it are asking for trouble. Even in the "warez world" the are reputable sources.
Face the fact your's and other's work will always be stolen, cracked etc... If you dont like that aspect of the work you are in, then you need to find a differnt one and quit whining about it.
The people who want to buy it will, those who dont want to won't and will move on to something else.
Posted by: Dave | Mar 24, 2006 1:34:32 AM
