Obviously, keygen writers do not contact AV companies to complain, which both means they never get whitelisted if there's a false positive, and which means that AV algorithms are not properly trained to distinguish "safe" keygens from trojans the way they are other software.įinally, some AV companies will specifically highlight keygens. The AV company will whitelist them, use this to train their algorithms better, and so on. Related to the above - when a legitimate software vendor has their software incorrectly flagged by the AV's algorithms, they'll contact the AV vendor to complain and work this out. (For example, I recall there's a certain kind of compression that will make many kinds of AV freak out because almost no legitimate software uses it and lots of virus-writers do.) Some of this machine learning ends up learning to highlight software made using "sketchy" tools - tools that are rarely used to make anything official. This might seem insane, but from the perspective of a "typical" internet user it makes sense - very few people actually run rando executables, and when they do they probably shouldn't.Ī lot of antivirus relies on machine learning. When they see an executable, downloaded from the internet, on your computer, and it's not one they've seen much elsewhere, they freak out. Lots of antivirus today relies on reputation scores to evaluate if a file is safe. Several reasons why a keygen might trigger AV:
0 kommentar(er)
