Why pirate / crack software often detected "is containing virus"?

anti-virus virus piracy

Sometime you have been told to whitelist the file to run the crack, it is false positive. Why some AV is detecting such virus "is containing virus"?

I know some of the crack is a fake file to crash you computer or stealing some private information, but most of them is able to making the software running in full version.

I tried to run the crack in sandbox and or use some online service like FireAMP to analyze what file, registry are created but usually there is nothing suspicious.

I think I shouldn't upload any crack sample here, but I bet if you know the answer of this question you should know where to download some sample, by the way here some of the VirusTotal scan report: Link1, Link2, Link3

Edit: I can see there is someone is voting to close this question for reason "primarily opinion-based", but this is totally not primarily opinion-based. After looking at the suggested answer, the reason is "make their target not work as intended".


I'm fairly certain crack tools are detected as malware or viruses because, by definition, they are. Their specific purpose is to modify programs and files so that they don't work as designed. They delete verification files, modify registration status and do whatever they can to make their target not work as intended.

Even though the crack allows you, the user, to use the program for free (ie you are achieving your goal with the program and making it work as you intend it to), AV doesn't care about that. If some program wants to edit another one (or edit system files), it fits the definition of what malware is.


Four reasons:

  1. Most of their customers want their software to work this way. Or, they would prefer people that believe that they do and therefore act as if they do.

  2. They are unwilling to certify such software as safe, and once they've identified it, they have to either alert or not alert. As you pointed out, much such software is malicious.

  3. Sometimes the security software is installed by someone other than the sole user of a machine. Often the person who installed that software and manages it would like to know that cracked software has been installed on his machine.

  4. Some programs use heuristics to detect malware. Programs that inspect other programs and manipulate or modify them may be automatically flagged as malware unless they are specifically whitelisted. There's no upside to whitelisting cracks and a significant downside -- that may be considered facilitating crime or may put them at risk should something they whitelisted prove to be malicious or otherwise harmful.

Related

Windows 10 Linux Subsystem How to Change User Name and PC Name for Bash Console
Restoring ~/.bashrc without using bash commands
Why doesn't Microsoft show the Windows Product Key in System Information?
How many pages can I continuously print without damaging the printer?
Get program that is stuck under task bar in Windows 7
How can I enter 2 commands on Windows command line?
Why is the file deleted not actually deleted from the hard drive?
What's the shortcut to delete selected layer in GIMP?
Partitioning a hard drive
How to find comma without following space in MS Word 2003?
What is Install-Module command in Powershell?
What does an Internet speed of 4 Mbit/s mean?