An open letter to anyone tempted to use cracked software
Author: John Allsopp
History: First published at John's blog, dog or higher, April 2004.
An exploration, for uninitiated, of how software cracking usually works. The article goes on to point out the risks of installing execuatbles provided by unknown parties and some of the possible consequences.
Imagine you received the following email
you don't know me, and to protect me from the law I must remain anonymous, but I am offering something stolen that you want, and which would otherwise cost you a lot of money, for no cost at all! All you have to do is run the attached executable file, and it will make that stolen item available to you.
What's the betting that you wouldn't run the executable? What's the betting that only an imbecile would run the executable?
But you know what, there is a good chance that someone you know has done something very similar. I can guarantee that millions of people will do it today. Not "clueless newbies" who have only been using computers for a short while and haven't an idea what could go wrong. I'm talking about people with at least a modicum of, and often much more computer knowledge and experience.
I'll tell you who these people are in a short while, but let's for a moment think about the kind of risk someone who does this may be running.
This executable file might erase your hard disk. Completely and irretrievably. As a software developer I can't tell you how trivial it is to write such an application. Maybe an hour's work. For some it would take just a few minutes.
But it could actually do much worse things than that.
Any and all of the unencrypted information on your hard disk is most likely easily accessible to an application. At its leisure it might trowel though your files, gaining access to financial and other information, and send it off just about anywhere to be, well, misused. Better have a close look at those credit card statements. Check your online banking.
It might search for information on your hard disk which you may well not wish others to know about. Emails to a lover whom your husband or wife might not be too keen about, pornography, evidence of fraud - who knows? Access to any sensitive information makes you a pretty simple target for blackmail.
This is one of the slickest designed pieces of sofware I have ever heard of.
It could download or install criminally pornographic images on your system, and then notify say ASACAP that it believes the person connecting with your IP address has downloaded such images.
Or just to mess with you, it might send offensive emails from your email address to people in your address book. Imagine your mum opening up an email from you featuring a jaunty narrative of your amorous exploits with a donkey. Or a note to your boss listing the chief porn and gambling sites you enjoy. People do nasty things just for kicks.
It might install spambots, and other malicious applications which turn your computer into an open relay for spam. You know the deluge of weird emails we get every now and then, the viruses and worms like the recent slammer? That's a big part of how they propagate.
You may not have heard of DDOS or "distributed denial of service" attacks. These are the orchestrated use of computers running malicious software which their owner knows nothing about to deluge websites with requests to such an extent that these servers simply cannot serve the legitimate requests they receive. How does this software get onto these computers? Often people actively but unknowingly install it.
OK, OK, we all know that it is indescribably stupid to just run executables from anyone we don't trust. Only an ignoramus would do so. So what's my point?
As I said, millions of people do it every day. Not from an email attachment they receive, but worse, these morons actively seek out executable files from people who claim to be criminals, and who guard their anonymity with considerable skill and effort.
Who are these indescribably naive tossers? They are anyone who downloads a crack for legitimate software, a crack which enables them to use that software without paying for it.
Usually the crack comes in the form of a small executable posted on a crack or warez site which claims to "patch" a limited version of some software (say a demo version) and make it the equivalent of a full one. In most cases these cracks do what they say. But what else are they doing?
After all, these patches are simply executable files, running unprotected on a system. All of the unpleasant scenarios I outlined above are more than feasible on most systems.
People who use cracked software know that it is both illegal, and unethical. But that doesn't stop them. So I am not going to bore you or them with the arguments and reasons why they shouldn't do it.
But because I am such a good guy (I am you know) I'll give those people some valuable advice.
If you use cracked software you are running full executable files from people who zealously guard their anonymity because they are knowingly committing criminal acts. You are in effect giving these criminals complete control over all of the information on your hard disk, and operation of your computer. How unbelievably stupid is that?
You expose yourself to all of the scenarios I outlined above, and I'm sure many more I can't begin to think of.
And you contribute directly to the growing DDOS, virus and spam disasters that much diminish the value of the internet and the web for all of us, and about which you probably complain yourself.
See John's blog, Dog or higher, for comments on this piece.
John Allsopp is a director at westciv and the lead developer of Style Master CSS editor. He writes widely on web standards and software development issues and maintains the blog dog or higher.