Never install warez. It will mostly fuck you. The only exception is if you are actually capable of determining whether or not said warez is safe.
I am one of those people. Most warez I have ever found post 1997 is not safe. There used to be a sort of "honor among thieves" in the warez community. There still is, but said community is not the community most people are actually interacting with then they acquire warez.
I myself have made malicious software. It's trivial to make, and nearly trivial to make such that it won't easily be detected.
consumers aren't directly affected enough to care and are unaware of the indirect effects, and the hackers aren't causing enough disruption to be drawing ire.
Only because they don't associate their constant computer problems with the bad software they installed. They think computers are buggy and problematic, they thing they have to keep buying new ones or "wiping it out and starting over." Almost every problem average users run into is due solely to running bad software.
So assuming you're not dissagreeing too strongly with the rest of what I've said, how strongly would you disagree to the idea that, your advice, while it works in the scenario you designed for it, can't be realistically implemented. Much as it would be nice to give everyone a blank windows install with chrome and a few Steam games, how are you going to do that?
It comes back to this: Much as I'd like to agree with you from an ideological perspective (I suppose I do.), the advice you provide isn't useful and no-one is willing to implement it in a realistic scenario.
Essentially, this discussion is at the convening points of several far larger discussions, ranging from the need to self educate, to the amount of resources we are willing to allocate, to what level of hardship we are willing to accept for convenience.
So assuming you're not dissagreeing too strongly with the rest of what I've said, how strongly would you disagree to the idea that, your advice, while it works in the scenario you designed for it, can't be realistically implemented. Much as it would be nice to give everyone a blank windows install with chrome and a few Steam games, how are you going to do that?
Security through user ignorance -- AKA, if they don't know how to install stuff, they can't install malware.
For better or worse, most of my family doesn't know how to install software on their Windows boxes (I gave up on trying to teach them how to do so years ago because they do it so infrequently they never remember how). This means that I usually end up installing stuff for them, hence it's all vetted by me before it gets installed. Means the odds of them getting any malware are incredibly tiny, but it also means a lot of support work for me... (I didn't say this didn't have its drawbacks)
Then again, even those who can install their own software usually have me set up their basic setup and won't install anything else before vetting it with me. They even double-check with me if it's safe to install Firefox/Chrome/etc. updates (most of them run Firefox as that was my browser of choice at the time I set up their systems).
I think the central irony is that Scott's advice is "Presentation Matters", said in the most acerbic way possible. I know surprisingly few people who ever take their own advice.
So assuming you're not dissagreeing too strongly with the rest of what I've said, how strongly would you disagree to the idea that, your advice, while it works in the scenario you designed for it, can't be realistically implemented. Much as it would be nice to give everyone a blank windows install with chrome and a few Steam games, how are you going to do that?
It comes back to this: Much as I'd like to agree with you from an ideological perspective (I suppose I do.), the advice you provide isn't useful and no-one is willing to implement it in a realistic scenario.
Essentially, this discussion is at the convening points of several far larger discussions, ranging from the need to self educate, to the amount of resources we are willing to allocate, to what level of hardship we are willing to accept for convenience.
The only cases where it can't be realistically implemented is if the user is unwilling or ignorant. There is nothing else that stands in the way. If the user is ignorant, we fix that by telling them. If the user is unwilling, then you just have to accept that your computer also belongs to hax0rz, and is not your own, and you can assume that someone has access to all of your information at all times on that machine.
I think the central irony is that Scott's advice is "Presentation Matters", said in the most acerbic way possible. I know surprisingly few people who ever take their own advice.
Apreche needs no advice for he is flawless and without error. He gives his advice to you and you will take it. End of story. Back in line soldier.
Off the top of my head - just about any PC game, Windows, and MATLAB.
Windows comes with a computer. If you build your own, it's cheap. If you can't afford Windows, use Linux or you can't afford a computer. Zillions of free games out there. Lots more are just $1 or $5. Just don't play the $50 games. I can afford to, and I can't even remember the last time I did.
Who needs MATLAB that can't afford it, and isn't at a school or business where it's legally freely available?
Off the top of my head - just about any PC game, Windows, and MATLAB.
Windows comes with a computer. If you build your own, it's cheap.
It's $100 for an OEM copy, which is pretty decent, but to some people that's quite a significant amount.
As for games, while you can get a lot out of free games, there is a significant social aspect to some games that it can really suck to miss out on, whether it's simply talking about the game with people, or the multiplayer experience.
Who needs MATLAB that can't afford it, and isn't at a school or business where it's legally freely available?
Even if you get a legal free copy it's probably going to be an old version, while the "student" edition of MATLAB is severely limited in functionality and kinda sucks.
As it turns out, there's also this as another example:
Also, Adobe's been patched. That hosts file trick no longer works.
It would be nice to have a blog devoted to security testing Warez releases, and then posting reports on the clean ones along with their MD5 checksums. Then, there'd be no obstacle to Scott's goal.
Maybe after finals. I'll need to upgrade my PC first, and get a VPN, but it'd be worthwhile. Usually TPB has trusted contributors that don't seem to push infected warez due to the damage it'd do to their scene rep--it'd be best to start there and investigate their claims.
But who would write the blog security testing the blogs security testing the Warez releases, WindUpBird!?
If you don't have a lot of money, it is likely that your computer is not powerful and you only have one of them. You can't afford to put potentially evil software on a separate computer. Your one computer probably isn't powerful enough for lots of virtual machines. It's better to go without some software if it will ruin your only computer. I mean, the only software I have that isn't free is Windows, games, Fraps, AnyDVD, and Premiere Elements (which sucks), and Lightroom (doesn't suck). I don't play most of the games. You can definitely get by safely on software that is free as in beer.
Just be careful that you don't get in trouble by linking to pirated material. You should be ok if you are just mentioning the contributors who seem legit rather than any particular download link or site.
As for shady sites, I really don't use many anymore. The only thing I really pirate are ROMs and other than that just the normal legit stuff is fine. I have MBAM installed on my computers just to scan shit once in a while but other than that I'm just careful about most things. If you do download shit from sheisty looking sites you probably should use something like sandboxie just to be safe.
Not a guarantee either. It depends on the method of propagation of said shady warez. Many pieces of malware use a browser or similar exploit just to get a foot into the door and then use other vulnerabilities to spread over the network. Given how the average VM has a virtual network connection to the host OS, you still can get infected. This is pretty much how RSA was hacked via an Excel/Flash vulnerability sent via email. The Flash vulnerability opened the door and the malware then spread across the network by taking advantage of various zero-day (at the time) security flaws in Windows itself.
Basically, there is no safe way to run shady software short of having a second physical machine that is not connected to your network that you can later totally nuke, MBR and all. Even that may not be safe as h4x0rz and security researchers are discovering methods to install malware in your BIOS and even on your video card's EEPROM.
Yeah, and considering that quite often you'll want to be able to transfer files over from your shady software, you have to be quite careful how you do that.
Comments
I am one of those people. Most warez I have ever found post 1997 is not safe. There used to be a sort of "honor among thieves" in the warez community. There still is, but said community is not the community most people are actually interacting with then they acquire warez.
I myself have made malicious software. It's trivial to make, and nearly trivial to make such that it won't easily be detected. Only because they don't associate their constant computer problems with the bad software they installed. They think computers are buggy and problematic, they thing they have to keep buying new ones or "wiping it out and starting over." Almost every problem average users run into is due solely to running bad software.
Much as it would be nice to give everyone a blank windows install with chrome and a few Steam games, how are you going to do that?
It comes back to this: Much as I'd like to agree with you from an ideological perspective (I suppose I do.), the advice you provide isn't useful and no-one is willing to implement it in a realistic scenario.
Essentially, this discussion is at the convening points of several far larger discussions, ranging from the need to self educate, to the amount of resources we are willing to allocate, to what level of hardship we are willing to accept for convenience.
For better or worse, most of my family doesn't know how to install software on their Windows boxes (I gave up on trying to teach them how to do so years ago because they do it so infrequently they never remember how). This means that I usually end up installing stuff for them, hence it's all vetted by me before it gets installed. Means the odds of them getting any malware are incredibly tiny, but it also means a lot of support work for me... (I didn't say this didn't have its drawbacks)
Then again, even those who can install their own software usually have me set up their basic setup and won't install anything else before vetting it with me. They even double-check with me if it's safe to install Firefox/Chrome/etc. updates (most of them run Firefox as that was my browser of choice at the time I set up their systems).
EDIT: Oh, hello Apreche. Long time no see.
Don't say Adobe Creative Suite. Just recently we discussed how to install the legit trial of Adobe and get it to work permanently without any warez.
Who needs MATLAB that can't afford it, and isn't at a school or business where it's legally freely available?
As for games, while you can get a lot out of free games, there is a significant social aspect to some games that it can really suck to miss out on, whether it's simply talking about the game with people, or the multiplayer experience. Even if you get a legal free copy it's probably going to be an old version, while the "student" edition of MATLAB is severely limited in functionality and kinda sucks.
As it turns out, there's also this as another example:
As for shady sites, I really don't use many anymore. The only thing I really pirate are ROMs and other than that just the normal legit stuff is fine. I have MBAM installed on my computers just to scan shit once in a while but other than that I'm just careful about most things. If you do download shit from sheisty looking sites you probably should use something like sandboxie just to be safe.
Basically, there is no safe way to run shady software short of having a second physical machine that is not connected to your network that you can later totally nuke, MBR and all. Even that may not be safe as h4x0rz and security researchers are discovering methods to install malware in your BIOS and even on your video card's EEPROM.