[vegadw]

I think to an extent Microsoft is the guilty party here. For may cracks Windows Defender will trip saying "Win32/Keygen" even if there's no actual malware https://www.microsoft.com/en-us/wdsi/threats/malware-encyclo...

This trains people that do a lot of piracy to be used to turning off their antivirus to let something through, which is fine until it's not. It's like drugs, if we know a subset of the population will do them no matter what, we should make it safe for them to the extent we can. False positives, causing people to ignore actual positives, creates a market for these things.

[Aurornis]

Bundling malware with keygens is a very common practice. It helps because the victim doesn’t suspect anything is wrong when the thing they downloaded appears to work, unlike the sham downloads in the linked article. Gives the attackers more time to exploit the system.

You also need to look at the bigger picture: Keygens are something you very much do not want anywhere in a corporate environment for obvious reasons. Being able to flag them on Windows machines is very valuable.

[vegadw]

Then make it a flag for windows machines on a domain account or otherwise set to be a "business PC". Doing it on consumer systems is still a problem. A false positive flag for malware - or calling any keygen malware - is still a problem. It sholudn't be removing keygens from the system because they're keygens. You shouldn't have to add exceptions for them. If they actually contain malware, great, yes, please flag them. If they're not and it's my personal computer, then if I choose to download some cars, that's none of their business.

[catsma21]

some brands put cocaine in soda, let's ban soda altogether

[landr0id]

Windows Defender believes that my Rust egui application is a trojan, but magically if I compile it with a different toolchain it's no longer flagged :p

There's something seriously wrong with A/V heuristics.

[snailmailman]

I’ve had similar issues across multiple programming languages. The latest is a C++ program with almost no dependencies. While I’m making changes and frequently recompiling, windows defender will randomly pop-up and let me know that it deleted my freshly-compiled binary. The change will often be something simple, and simply making any change and compiling again will randomly not get flagged.

It’s extremely annoying. It’s my code, stop deleting it. It’s not malware.

[whytevuhuni]

Given Rust's supply chain worries, maybe it really is, don't count it out too quickly.