Jump to content

Malware on the installer, yes or not? how would you fight piracy?


Eduard Gasull

Recommended Posts

@walterg74

Because it’s a violation of privacy? Because it’s unethical? Because it is ILLEGAL?

 

Yep, its true, technically its a violation of privacy! but if your words are true, technically you are "attacking"  the liberty of a person put him in prison for kill someone.....  I mean who did the violation first, the pirate who crack the installer or the enterprise who try to protect his work for some who try to steal it and now can start legal actions against this thieve.

 

Link to comment
Share on other sites

1 minute ago, Eduard Gasull said:

@walterg74

Because it’s a violation of privacy? Because it’s unethical? Because it is ILLEGAL?

 

Yep, its true, technically its a violation of privacy! but if your words are true, technically you are "attacking"  the liberty of a person put him in prison for kill someone.....  I mean who did the violation first, the pirate who crack the installer or the enterprise who try to protect his work for some who try to steal it and now can start legal actions against this thieve.

 

 

Lol yeah that’s not how the law (or society works). If you put malware in my machine, you are the one doing the violation. And also this is not about “first or second”. You break the law, you pay, period. (And fyi, just in case you don’t know, just logging on to a system without permission is against the law and punishable with prision currently). 

Link to comment
Share on other sites

The important key here is that piracy hits directly to the entertainment industry. My country sadly is one of the most ho suffers this illness. Spain and Nueva Guinea are the top countries in terms of illegal downloads. I can´t even work here in the music industry because people don't pay for music. So what? what do we do? The law usually seems to act very slowly in those cases, and for sure in the vast majority they don't have a resolution, so they need the industry to take aggressive tactics like FSLabs?

Link to comment
Share on other sites

 If you put malware in my machine, you are the one doing the violation.....

 

No the action is work like that, you crack my work, the malware goes active! no at reverse way. I mean way of defending not an attack. that is an important fact if you not break the law there's no malware to have in mind. 

If we, as a society, do nothing... so what do we do? hope that good person does not steal, continue letting this kind of people be unknown the immensity of the network? 

Link to comment
Share on other sites

  • Deputy Sheriffs

@Eduard: It doesnt matter who did what first. For both cases as we have them here, at least in Germany are explicit laws. And the fact that it is harder to catch a pirate, acting in the dark does not allow you to take illegal actions too. So simple it is.

Link to comment
Share on other sites

  • Deputy Sheriffs
Just now, Eduard Gasull said:

and if any aerosoft staff read this topic please move it to the radio charter section, i read Mathijs answer after open this topic.

it is already there ;)

Link to comment
Share on other sites

Hey Guys ,

If Aerosoft puts an Malware or Virus type of File in their installer(if its cracked), is your Antivirus Program just blocking the File which allows Aerosoft Staff Members to kill your PC ?

I mean Avira just blocks everything which tries to connect something to something...

Link to comment
Share on other sites

I just read this, (which I send in the Picture)

Surely....

You cannot build an UNCRACKABLE Installer but Pirates are just good awful.....

So yeah here is the Statement of Mathijs Kok ...

 

Please login to display this image.

Link to comment
Share on other sites

9 minutes ago, mopperle said:

@Eduard: It doesnt matter who did what first. For both cases as we have them here, at least in Germany are explicit laws. And the fact that it is harder to catch a pirate, acting in the dark does not allow you to take illegal actions too. So simple it is.

Thanks for move the topic

I do not know how laws or justice react in Germany, hopes better than in Spain. Both of my parents work in the cinema industry as I do, And here we have suffered a lot because of piracy. Here I open my eyes, hoping that its a dream when i hear how people defend piracy as freedom and as a right to access culture. They think that cracking a software, watch movies or listen to music in an illegal way is right, a basic right. Then they are always complaining about corruption, and they don't realize that is the same action: " i can steal without no consequences? ok, let's do it". (the only difference is maybe a single crack steals 70€ or 35€ and the corrupted politician steals 1.000.000€) but is the same fact. 

 

Many countries inside of European Union, has begun to insert more transparency in the public accounts to control the corruption 

 

Maybe putting a malware that steals your personal data its illegal of course but I go deeper into what that kind of strategies is for. Because as you very well said its hard to catch a pirate, I think this is a good way to catch it. In the US as far as i know in some states they control your traffic information and if they detect some illegal downloading they stop your network services.  What I'm trying to say and think people don't understand me (i know my English skills are horrible) Is that the industry needs to defend their work, is a must.  the strategies right now have been demonstrated that are not too efficient.

 

Link to comment
Share on other sites

You can't combat one illegal action (=Piratism) with another (=Distributing malware and obtaining private information illegally). This is not how civilized sociality works. There are legal avenues for combatting piratism.

 

Mathijs is on the point with his post.

Link to comment
Share on other sites

6 minutes ago, Fragged^2 said:

You can't combat one illegal action (=Piratism) with another (=Distributing malware and obtaining private information illegally). This is not how civilized sociality works. There are legal avenues for combatting piratism.

 

Mathijs is on the point with his post.

yeah I know, Mathijs was very wise in his answer. But don´t our security state corps forces try to obtain private information illegally from people who catch or predict fo ISIS, for example. I if we do not find a problem on this to fight terrorism why yes to fight piracy? are we sure we see a pirate or piracy as an act of delinquency that is spreading practically without consequences?  I think we have to do something efficiently, maybe you are right guys the FSlab way is not a good way to fight but clearly is the more effective tactics that I have seen from know after ILock method, as avid does. 

Link to comment
Share on other sites

I would never disagree with the intent of a creator to protect his/her intellectual property or their right to do so. Not even so much the method this developer chose. What offends me is that they did not disclose it to the consumer. A clear and obvious statement or warning that they have coded a very strong anti-piracy software, the specific circumstances that would cause it to execute, a clear definition of the information it would extract, and the how that information would be used and finally a caution not to proceed with the purchase if the consumer does not want this on their PC. However, they did not do this. They forced it upon the consumer, and that is unethical. 

Link to comment
Share on other sites

3 hours ago, Eduard Gasull said:

 If you put malware in my machine, you are the one doing the violation.....

 

No the action is work like that, you crack my work, the malware goes active! no at reverse way. I mean way of defending not an attack. that is an important fact if you not break the law there's no malware to have in mind. 

If we, as a society, do nothing... so what do we do? hope that good person does not steal, continue letting this kind of people be unknown the immensity of the network? 

 

Regardless if you were a valid customer or not the malware IS still there, and from I've also read the data was exfiled with unencrypted transmission and the data was not encrypted either. To make matters worse, the target server was not behind a firewall and has RDP open to the world. So are you still alright with it being on your system?

I've had previous dealings with Lefteris when I was on the beta team. His actions didn't really surprise me in the least, probably why he was shown the door at another well known developer. 

Link to comment
Share on other sites

  • Aerosoft

bEduard, 

  • They broke the law by adding malware to an installer
  • This malware was installed with ALL users, the malware was at least for some time on the users system
  • This malware cracked your browser and collected ALL you passwords and usernames, FSL claimed this was only done when an illegal serial was found, but never was able to proof this
  • The illegally stolen data was send without any protection to FSL servers
  • They told customer to disable AV software to actively hide this fact

After they were outed at https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/?st=JDTCGK8E&sh=ab17abb5

  • They removed the illegal part of the installer
  • They went to great lengths to apologize (refunding customers etc.),
  • They beat about bush a bit, calling it DRM etc but in the end admitting clearly and openly what they did. They admitted violating the law.

These are not accusation, not impressions, not interpretations, but cold hard facts. Even FSL does not refute them.

 

The security of your system is extremely important. Because we are a customer of FSL and installed the version with malware we had to assume our systems were compromised and had to change server passwords. We simply could not accept FSL statement that the malware only stole when an illegal serial was found. Doing that would be absolutely irresponsible. We have customer data on our systems (YOUR data) and it was potentially compromised. Every customer who had that installer on his system has to take measures or believe FSL. Seeing the history of FSL we decided to play it save and reset the login data on the servers. Did not make our server peeps happy.  But we simply can't take any risk with customers data. Of course we reported the possible intrusion of our systems to authorities. Law requires that when customer data is involved. We would violate the law is we would not report it.

 

Again, I have no idea why you would defend this. 

 

 

 

 

 

Link to comment
Share on other sites

Just to clarify:

Independent sources stated that this particular malware extracted passwords from the Chrome browser specifically. People who use Chrome, but do not save their passwords in their browser, or people who use different browsers, should not be affected, according to those reports.

 

This clarification should not be interpreted as a defense of FSL, though: I am not allowed to burgle a burglar's home in order to get things back he stole from me. Or: Becoming a victim does not entitle me to act as an offender.

Link to comment
Share on other sites

  • Deputy Sheriffs

Just to clarify:

 

the test.exe malware is the only thing FSL admitted to. I am not saying there is more but I can also not say that was all. Trust is gone with them. 

 

 

Link to comment
Share on other sites

The thought that people (even the most loyal FSLabers) are trying to find some justification for what has been done is very disturbing. This line of thinking might go all the way and could see future governments getting enough support or defence for chips within people with the ability to kill/hurt them when going against the law. I know that's an extreme example, but when you think about it, it's the same principle. If people are able to find justification for the former they are certainly capable of finding justification for the latter.

Link to comment
Share on other sites

How can anybody defend this? So someone pirated the stuff and then you think that sending ALL of his PASSWORDS to an unencrypted, RDP open server is OK? Are you crazy? On HTTP channel even a 3rd party can stole your passwords during communication, or FSL could sell them (note that I don't say they were or they will, but you can't be sure). This could destroy the life of a family if there were e.g banking passwords in that list. Do you still think it's okay because someone in the family (maybe a 12 yeard old child, who is using common computer with his/her parents) pirated an FS addon?  Of course storing banking (or any other for that matter) password in your browser is a horrible idea, but not everyone are computer experts or can think about the possible consequences. It was not DRM, it was malware.

 

It was activated only when a blacklisted serial found, said by fs labs. How can they be sure that there won't be any software issue? They can't. Will you defend this when your serial will accidentally became blacklisted (that wouldn't be the first time when software issues can cause something like that, think about false alarms in antiviruses, or online activation issues in any modern application with online activation), and when you next run the installer your passwords sent to their server?

 

Also with this being publicly known, any hacker could run test.exe on a machine which has the old FSLabs installer on it, and can redirect the password data to his own server. Do you realise how dangerous is this, not to mention that this was completely illegal, and violates the law in almost every civilized country, incl. the USA, the whole EU, Canada, Australia etc. Also I think this could bankrupt FSLabs if there will be lawsuits against them, that clearly shows how stupid this move was.

Link to comment
Share on other sites

16 hours ago, Mathijs Kok said:

Again, I have no idea why you would defend this. 

 

 

 

 

 

 

Because it returns the hit. And let's talk clear it´s a very effective way to catch a pirate

 

Yes, you are right it´s not ethical.

Yes, they are violating our privacy.

 

In other yours Matijs you are very right in your answer.

 

But let's imagine that:

1. they put in an advertisement or a message that the installer will collect your system data if the installer detects a crack or an abnormal installation.

2. in the installation process you get that message again, a warning of whats going to happen if you break the law. 

3. they add this feature to the installer and not a malware itself.

 

I other words they act with transparency. Do you guys see this wrong?

 

in the other hand, i had to say that I didn't know how that installer act and I didn't know they didn't make any warming. I just read the new in one of ower most important newspaper in Spain : "La vanguardia". And I didn´t know they hit your copyright inserting your files in their product which definitely for me means FSLABS won´t see any penny of my wallet again, by the way, I never used any FSLABS product because I am an aerosoft fan.

 

But I must be admitted, that strategy is very effective. If it broke the rules, then it is needed to find another similar solution that is within the law parameters. But seriously Mathijs, report pirate links or youtube videos should not be your work. I think Europe needs a special police department who only fights this kind of crime.

It is not fair that I can not work in music, because of a dead industry partly because people consider my work a basic right and that I have to unwrap € 50,000 to produce an album for the love of art and culture.

And it is not fair that people who work to design the sound of the AS A320, be his salary and job opportunity be reduced or undervalued (with the ton of ours that needs the design of  3D sound, sorry speak the sound because is my field) 

with this, i´m not saying that aerosoft does not fight piracy, of course you do! I´m only saying that the industry needs other strategies.

 

Link to comment
Share on other sites

18 hours ago, fatal said:

maybe a 12 year old guy...

1

 

Yes i´m aware how dangerous it is, same dangerous of storing your bank data to apple or your passwords in google. They are private enterprises, they can do whatever they want with your data in the darkness if they want, and it would be the first time they use our data to" a non clear legal actions"

 

I mean yes you are right, i understand your point of view. But is not only one guy 12 years old, its a huge mass of users. In Spain, everybody has, at least once, hit the copyright of a movie or download a song.I will never forget the great anger that my father made me when he discovered that i was going to see Spiderman 3 in a friend's house when this movie was still in the cinemas and it had not appeared yet on DVD ... And he told me to never forget that my food, my clothes, my education were paid with the money of the film industry and that watching pirate movies would be the same as stealing him or robbing anyone on the street.

Link to comment
Share on other sites

  • Aerosoft
15 hours ago, Eduard Gasull said:

But let's imagine that:

1. they put in an advertisement or a message that the installer will collect your system data if the installer detects a crack or an abnormal installation.

2. in the installation process you get that message again, a warning of whats going to happen if you break the law. 

3. they add this feature to the installer and not a malware itself.

 

That would be slightly more ethical, but if it hacks your Chrome passwords it would still be illegal. You do seem to easily pass over the issue that they broke the law.


Fighting illegal piracy can never be done with illegal means. And with that in mind there is not a lot you can do other then block serials as we do for example in AES. You fight piracy with good products, good support, reasonable prices. That there will be people who use our products illegally is irritating, but I much rather spend time on paying customers then trying to hunt down non paying pirates. 

DRM increases the frustration with paying customers who rightly ask why they can't install again after having to format there machine after a malware infestation (my point being, if you pay for it, you should be able to use it as you like), in increases support considerably, is expensive to create and maintain (for example online activation means you got to have a very good, secure server). And the only one paying for all of that is the honest customer. As a customer for many other products I find that pretty hard to accept. Why should I pay so another company can go after pirates? What do I have to do with that?

 

 

Link to comment
Share on other sites

1 hour ago, Mathijs Kok said:

 

That would be slightly more ethical, but if it hacks your Chrome passwords it would still be illegal. You do seem to easily pass over the issue that they broke the law.


Fighting illegal piracy can never be done with illegal means. 

DRM increases the frustration

 

Why should I pay so another company can go after pirates? What do I have to do with that?

 

 

 

I think maybe doing a contract. It is known that a lot of enterprises store our data, we accepted that. As far as I know, Norton has access to our passwords and data if we store them with Norton security app. Maybe talking with justice authorities and try to make this legal in some way that no violate privacy but punish this action. 

 

Maybe some other methods are expensive but i thing its a cost the industry must cover. I´m not a project manager or a businessman, i do not know if ilok method is more profitable than the actual one, putting in balance system cost vs lost due to piracy. (BTW, it is known an approx. calculation of the money that loses the PC sim market with piracy?, I think it woul be positive to publish this to raise awareness of people about the problem ). But for example ilok method is really cool, i have it on my Pro Tools HD software, I can format my pc a hundred times, have the software installed in 2.000.000 different computers any around the world, even if is not my computer, i have my license stored in my ilok. I just need to plug my ilok and all the software installed on that system will run OK if i have the license, also you can assurance your ilok making your license be secure in case of lost or broken ilok,  is so cool and effective.

 

I'm not questioning your methods, of course, i´m nobody to tell you how to work, please don't think it that way, because is not my intentions. I love aerosoft, I´m a huge fan. But as a customer, i would pay an extra so the company can go after pirates because me as a customer I want that company to continue developing add-ons for my hobby, and not only develop, improving their technology to make my experience greater and greater, not losing money because some people think: "it´s so expensive to me i can´t pay it so lets crack it" so for me is the same as " i´m a politician i have some kind of powerfull, so lets use it to make me rich stealing public money .  Have all customers thought on that? I just my opinion I´m not saying I approval violate our privacy wich I believe is what people think when reads my post on the airbus preview forum that has 10 downvotes already.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy & Terms of Use