So how long have software hackers been around?

[TheHawgHorde]

Recently I have been looking over at the dishonest side of the software world, mostly out of curiosity of course.
I find it almost alarming at the sheer amount of hacked software that is available today. I would like to know how long this has been going on and what these companys are doing to stop it?

Hackers had XP on the streets 30 some days before it was released! I am sure Bill Gates has some of the smartest people on planet earth working for him..yet the hackers still beat him....perhaps some 25 year old guy that still lives at home with his parents?

I wonder what sort of a $$ loss Gates has taken from hackers.

I have seen sites with literally thousands of hacked programs listed that could be worth millions or billons of $$.

Now you have file sharing programs available and Joe 6 Pack can go fetch him a copy of XXX 3.0 software for free, if it gets widespread enough software makers will have to take drastic steps to stop it.
My guess is that the file sharing will be the first to go.

 

[Nothinman]

I would like to know how long this has been going on

As long as commercial software has been around.

and what these companys are doing to stop it?

Wasting money on new methods that get cracked in the same amount of time as the older ones.

I am sure Bill Gates has some of the smartest people on planet earth working for him

That's debatable =)

I wonder what sort of a $$ loss Gates has taken from hackers.

Probably negiligable. OEMs and big corporations fill his pockets well.

I have seen sites with literally thousands of hacked programs listed that could be worth millions or billons of $$.

Yes, but those that steal it probably wouldn't have bought it anyway so it's not a total loss. Like Lightwave or 3dsmax, there's no way I'm paying tens of thousands of dollars for software I'll never use, but when I was into the warez scene I sure had a copy as soon as it was released. It doesn't make it any better, but it's something to consider.

Now you have file sharing programs available and Joe 6 Pack can go fetch him a copy of XXX 3.0 software for free, if it gets widespread enough software makers will have to take drastic steps to stop it.

The 'drastic' steps are things like WPA, which are worked around anyway. But I'm glad I use Linux now and don't have to worry about that sh!t =)

My guess is that the file sharing will be the first to go.

Can't, there's no full-proof way to determine if a data stream is a file, audio, q3 etc so the only way to really get rid of it is to turn off the Internet. Kill off one P2P network and another is created with different ports and a different protocol, maybe even encrypted this time which means no inspection of the stream can happen.

 

[Iron Woode]

Originally posted by: TheHawgHorde
'dard side'

2nd post and still needs a spell checker.

 

[thornc]

Since there is software...

 

[singh]

There are ways to 'secure' software, but you can only guard it from 99% of the hackers and for the rest, it is usually only a matter of time. I also think that it is also much harder to secure software that runs on Open-Source Operating Systems.

 

[Nothinman]

I also think that it is also much harder to secure software that runs on Open-Source Operating Systems.

If you mean secure software from being pirated, the OS has little to do with it.

 

[TheOmegaCode]

So how long have software hackers been around?

I thought you meant script kiddies at first...

Hackers are people who typically rip software apart to learn from it. i.e. "I hacked my kernel," etc. You're referring to crackers...

 

[DeRusto]

I'm with Nothinman on this one

 

[singh]

Originally posted by: Nothinman

I also think that it is also much harder to secure software that runs on Open-Source Operating Systems.

If you mean secure software from being pirated, the OS has little to do with it.

Yes, that's what I meant - secure software from being pirated. I think that many 'pirate-proofing' methods do depend on the OS. If I can modify the OS at will, then I can fool the software much more easily than if I didn't have the source code. Simple programming, really.

 

[scottrico]

Dark side?

Just use kazza.

Bill gates does have some smart people working form him,
but the internet community is well informed, highly trained and extremly motivated.
A few thousand "experts" are no match agaist the millions of power users on the net.

 

[Abzstrak]

Quote
Originally posted by: Nothinman
Quote
I also think that it is also much harder to secure software that runs on Open-Source Operating Systems.


If you mean secure software from being pirated, the OS has little to do with it.



Yes, that's what I meant - secure software from being pirated. I think that many 'pirate-proofing' methods do depend on the OS. If I can modify the OS at will, then I can fool the software much more easily than if I didn't have the source code. Simple programming, really.

Does not sound like the voice of experience to me. Granted I have not done any OS level programming, but I fail to see you point at all. Perhaps if you exploited a bug, but we all know that open source bugs are fixed faster than closed source.....

 

[singh]

Originally posted by: Abzstrak

Quote
Originally posted by: Nothinman
Quote
I also think that it is also much harder to secure software that runs on Open-Source Operating Systems.


If you mean secure software from being pirated, the OS has little to do with it.



Yes, that's what I meant - secure software from being pirated. I think that many 'pirate-proofing' methods do depend on the OS. If I can modify the OS at will, then I can fool the software much more easily than if I didn't have the source code. Simple programming, really.

Does not sound like the voice of experience to me. Granted I have not done any OS level programming, but I fail to see you point at all. Perhaps if you exploited a bug, but we all know that open source bugs are fixed faster than closed source.....

If I could shut of all "OS" level protections like unrestriced memory and register access, I can defeat a lot of the protections built into programs. This is very easy to do if you have the OS source code. A lot of advanced techniques are also defeated this way since certain 'intelligent' programs encrypt their executable code and decrypt it in memory.

Also, some software these days come with a hardware device that is required to run the software. Having the OS code would make it much more easier for me to simulate and defeat the program.

Of course, everything I mentioned can be done regardless of whether one has the OS source code or not. But it just takes longer, and is much more of a hassle with closed-source Operating Systems.

 

[n0cmonkey]

Originally posted by: TheOmegaCode

So how long have software hackers been around?

I thought you meant script kiddies at first...

Hackers are people who typically rip software apart to learn from it. i.e. "I hacked my kernel," etc. You're referring to crackers...

No he isnt, he is refering to hackers and pirates. I will use WPA as an example. A hacker is someone that sees a problem and tries to find a way around that problem. It may not be the best way, but its usually interresting. These problems do not have to be computer related by the way. A hacker found a way around the problem of WPA. Pirates on the other hand, spread the hacked program around.

Pirates would have been the best word to use in the thread really, but there is no use argueing symantics.

 

[n0cmonkey]

Originally posted by: singh

Originally posted by: Abzstrak

Quote
Originally posted by: Nothinman
Quote
I also think that it is also much harder to secure software that runs on Open-Source Operating Systems.


If you mean secure software from being pirated, the OS has little to do with it.



Yes, that's what I meant - secure software from being pirated. I think that many 'pirate-proofing' methods do depend on the OS. If I can modify the OS at will, then I can fool the software much more easily than if I didn't have the source code. Simple programming, really.

Does not sound like the voice of experience to me. Granted I have not done any OS level programming, but I fail to see you point at all. Perhaps if you exploited a bug, but we all know that open source bugs are fixed faster than closed source.....

If I could shut of all "OS" level protections like unrestriced memory and register access, I can defeat a lot of the protections built into programs. This is very easy to do if you have the OS source code. A lot of advanced techniques are also defeated this way since certain 'intelligent' programs encrypt their executable code and decrypt it in memory.

Also, some software these days come with a hardware device that is required to run the software. Having the OS code would make it much more easier for me to simulate and defeat the program.

Of course, everything I mentioned can be done regardless of whether one has the OS source code or not. But it just takes longer, and is much more of a hassle with closed-source Operating Systems.

I will have to agree with singh on this right now, there are some amazing things you can do with kernel modules

Of course, strategies similar to the WPA may not be affected by the OS and having the OS source may not help... So I guess I agree with both sides

 

[Nothinman]

If I can modify the OS at will, then I can fool the software much more easily than if I didn't have the source code. Simple programming, really.

But I can write a driver or service to do what I need usually because OSes like Windows allow hooks into almost everything. Look at daemon tools for a good example, it's main feature is a fake CDROM driver that emulates copy protection schemes on top of ISOs.

If I could shut of all "OS" level protections like unrestriced memory and register access, I can defeat a lot of the protections built into programs

You can't shutdown virtual memory protection without breaking the whole VM system.

Also, some software these days come with a hardware device that is required to run the software. Having the OS code would make it much more easier for me to simulate and defeat the program.

I thought of that too, but it would be just as easy to write a serial port driver (or paralell or whatever) that emulates what you want in Windows.

But it just takes longer, and is much more of a hassle with closed-source Operating Systems.

Not really, Windows allows you to hook into almost everything via driver, all you have to know is the paths the data flows through the OS.

A lot of advanced techniques are also defeated this way since certain 'intelligent' programs encrypt their executable code and decrypt it in memory.

Attatch to the program with a debugger and you can alter it's memory space just without the OS source.

 

[singh]

But I can write a driver or service to do what I need usually because OSes like Windows allow hooks into almost everything. Look at daemon tools for a good example, it's main feature is a fake CDROM driver that emulates copy protection schemes on top of ISOs.

The 'power' is allowing applications to control OS behavior. Drivers are very hard to write compared to applications. As I mentioned earlier, the key is time. A hacker might not want to waste days or weeks writing a driver whereas writing an application is very easy.

You can't shutdown virtual memory protection without breaking the whole VM system.

I was talking about physical memory access. Virtual Memory can be easily shut off. RAM is very cheap these days

Also, some software these days come with a hardware device that is required to run the software. Having the OS code would make it much more easier for me to simulate and defeat the program.

I thought of that too, but it would be just as easy to write a serial port driver (or paralell or whatever) that emulates what you want in Windows.

It would be much harder. I don't know if you've ever had the displeasure of writing a driver. It's hard work even when you're very experienced. An application's a piece of cake.

Not really, Windows allows you to hook into almost everything via driver, all you have to know is the paths the data flows through the OS

I know, but it isn't as easy as modifying the kernel to your will. If you don't have the source, you'll have to do everything in a round-about way. The key is time and work. The more time/work it requires the more beginner to intermediate level hackers you discourage.

Attatch to the program with a debugger and you can alter it's memory space just without the OS source

Sure, if its a matter of altering a few lines of assembly. Defeating advanced techniques requires much more powerful tools than a simple debugger.

Kernel level debuggers are very popular tool for hackers and crackers, but they can only do so much.

 

[SUOrangeman]

I don't know if anyone has every coined a similar phrase, but ...

"There weren't any crimes before there were laws."

And as someone mentioned very early in this thread, hackers, crackers, and pirates have been around since the dawn of commercial software. Oh, and let's not forget the leeches!

-SUO

 

[Nothinman]

The 'power' is allowing applications to control OS behavior. Drivers are very hard to write compared to applications. As I mentioned earlier, the key is time. A hacker might not want to waste days or weeks writing a driver whereas writing an application is very easy.

Either way I have to modify the OS, either via the source code I have or by writing a driver and both are about the same level of difficulty.

I was talking about physical memory access. Virtual Memory can be easily shut off. RAM is very cheap these days

Virtual Memory != swap/pagefile.

Virtual Memory is the act of providing 'virtual' addresses to the application so that it believes it has full access to the 2G (x86 can do 4G but Linux and Windows both do a 2/2 split between the app and per-process kernel space) of memory that may or may not physically be there. The application never sees a physical memory address, it only sees virtual addresses, so there's no way for it to access anything outside of it's virtual address space. Modern OSes rely on this and can't run without it.

Paging to disk or swapping is an added benefit of VM because it's easier to move data around with virtual addresses, if the app goes for the data the VM subsystem moved (either to another spot in memory or paged to disk) it generates a page fault and the VM subsystem looks up where it moved it and pages the data in from disk if necessary and then changes the page tables to point to the new location in memory and tells the app to go on it's way none the wiser.

It would be much harder. I don't know if you've ever had the displeasure of writing a driver. It's hard work even when you're very experienced. An application's a piece of cake.

How do you plan on working this application in between the pirated app and the OS without a driver to intercept the calls?

I know, but it isn't as easy as modifying the kernel to your will. If you don't have the source, you'll have to do everything in a round-about way.

So because I have the kernel source I automatically know how to bend it to my will? But it depends on what you're doing, MS documentation is very good in a lot of areas and if you're looking at the right one (lords knows NTFS isn't one of them) it might be easier with Windows. Have you ever opened the Linux source code and tried to figure out where something started and all the functions/paths it follows? Getting acquainted with a new set of source code takes time, especially one as big, and sometimes cryptic, as an OS kernel.

Sure, if its a matter of altering a few lines of assembly. Defeating advanced techniques requires much more powerful tools than a simple debugger.

If you know enough about the disassembled program you could stop and debug it right before it does whatever authentication and change EIP so that it jumps to the code right after a succcessfull authentication. But it depends too much on how the program works and most of the time having a copy of the OS source isn't usefull at all.

 

[singh]

Virtual Memory != swap/pagefile.

Virtual Memory is the act of providing 'virtual' addresses to the application so that it believes it has full access to the 2G (x86 can do 4G but Linux and Windows both do a 2/2 split between the app and per-process kernel space) of memory that may or may not physically be there. The application never sees a physical memory address, it only sees virtual addresses, so there's no way for it to access anything outside of it's virtual address space. Modern OSes rely on this and can't run without it.

Paging to disk or swapping is an added benefit of VM because it's easier to move data around with virtual addresses, if the app goes for the data the VM subsystem moved (either to another spot in memory or paged to disk) it generates a page fault and the VM subsystem looks up where it moved it and pages the data in from disk if necessary and then changes the page tables to point to the new location in memory and tells the app to go on it's way none the wiser.

I had my terms screwed up I meant to say paging using the hard disk. Virtual Memory handling is absolutely not a problem. Just a bunch of translation tables.

So because I have the kernel source I automatically know how to bend it to my will? But it depends on what you're doing, MS documentation is very good in a lot of areas and if you're looking at the right one (lords knows NTFS isn't one of them) it might be easier with Windows. Have you ever opened the Linux source code and tried to figure out where something started and all the functions/paths it follows? Getting acquainted with a new set of source code takes time, especially one as big, and sometimes cryptic, as an OS kernel.

I have (in the past) looked at the Linux Kernel source. It isn't the best code I've seen, but then again, it isn't the worst either. The fact of the matter is, it would take a small group of intermediate-level programmers a couple of months (at most) to edit/hack the linux kernel and make a custom kernel that would be very friendly to other hackers. As a software developer, would you rather run a high-$$$ application on that hack-friendly-OS or Windows which you don't have the source for?

If you know enough about the disassembled program you could stop and debug it right before it does whatever authentication and change EIP so that it jumps to the code right after a succcessfull authentication. But it depends too much on how the program works and most of the time having a copy of the OS source isn't usefull at all.

That's assuming a lot of things. You are entitled to your opinion, but personally, I have the exact opposite view: Having the source code to the OS is always helpful.

We could debate the issues forever, but I think I've made my point, and so have you

 

[Nothinman]

Virtual Memory handling is absolutely not a problem. Just a bunch of translation tables.

How is it not a problem? The VM is probably the most complicated part of the OS, somehow I think if you have enough OS level knowledge to alter a VM system and have it work properly, you've got better things to do than try to steal LightWave.

The fact of the matter is, it would take a small group of intermediate-level programmers a couple of months (at most) to edit/hack the linux kernel and make a custom kernel that would be very friendly to other hackers

Friendly how? I still don't see what you can do with Linux that you can't do with Windows.

As a software developer, would you rather run a high-$$$ application on that hack-friendly-OS or Windows which you don't have the source for?

Eventually both will be pirated, there's no stopping it. As a business decision it would probably run on Windows to aim for the largest market, but if relevant I would want it running on Linux too.

Having the source code to the OS is always helpful.

It's helpfull, but not having it doesn't impede the 'progress' much. I think the gains of having the source for other reasons outweigh the cons by quite a bit.

 

[PC Freak]

I'd rather see 1,000 people pirate software than 1 person doing drugs.

 

[TheOmegaCode]

Originally posted by: PC_Freak
I'd rather see 1,000 people pirate software than 1 person doing drugs.

That's an, uh, interesting statement...

 

[BeauJangles]

There were release groups around when windows 3.1 came out. Some had it weeks before it was officially released.

 

[Nothinman]

That's an, uh, interesting statement...

Especially considering how many people do legal drugs like alcohol and nicotine.

 

[MGMorden]

Software makers have been trying to stop piracy ever since I can remember (and I've been using computers since the Commodore 64 days). They never have, and never will suceed. There are always people out there trying to copy the software who are just as smart or smarter than the people creating the protection scheme. Given that everything has to be accessible in SOME way for somebody to actually use it eventually, it will always be cracked.

File swapping services the first to go? Yeah right. These file swapping services have become the most engrained software for the public as a whole in a LONG time. People aren't going to give this up. They might kill the centralized services (like they did Napster and Scour, and likely will Kazaa), but by it's simple design GNUtella can't be stopped unless the ISP's start blocking the port or something in which case . . . we change the port. These companies can't keep pissing off the customers but so much before they shoot themselves in the foot. Most people who pirate software don't pirate everything, and if MS tries to start locking out file sharing a lot of people will get ticked up. A mass exodus to Linux? Maybe. I'd like that. More likely though a lot of people would move to Apple.

The best solution though is for all of us to move to Linux anyways . Most of the apps are free. I don't see anybody making money selling Linux apps, but doing custom in-house modifications would keep programmers paid (and I really think people would pay for games. they're an entertainment medium as opposed to a tool so there is always games waiting to be made and sold. as far as applications go it's getting to where we literally have almost every thing we need in the current setting, and development is slowing considerably in this area).