How to check the integrity of your Process Lasso installer - for your protection

Started by Jeremy Collake, March 19, 2012, 07:20:58 PM

Previous topic - Next topic

Jeremy Collake

Since there are an increasing number of sites distributing unauthorized copies of Process Lasso Pro, or rogue download sites injecting 'wrappers' around Process Lasso's installer, I figured I'd inform our user base as to what to look for when you get Process Lasso. The safest place to download it from is always this site (whether bitsum.com or a mirror we point you to).

1. Extract the ZIP archive approximately 1-2MB in size. If it is 3MB or more, STOP - something has been added.
2. There should be *one* executable named ProcessLassoSetup.exe, approximately 1-2MB in size. If it is 3MB or more, STOP - something has been added.
3. It is digitally signed as 'Bitsum LLC'. You can verify this signature by right-clicking on the EXE, going to 'Digital Signatures' and select 'View Details'. Make SURE the signature says 'valid' and not 'invalid'.
4. Once you verify the integrity of the installer, you've verified the integrity of ALL files in the installation.
5. Beware of 'keygens' or 'cracks'. Some might work, others will infect you while appearing to work.

This applies to all modern versions of our software dating back to v3. We know some aren't going to stop pirating our software, so we are now interested in harm reduction ;). We at least don't want you to infest yourself when you pirate our software. Many user reported bugs we've tracked back to malware or unnecessary and obstructive third-party applications.
Software Engineer. Bitsum LLC.

Jeremy Collake

One BIG CONCERN I have for users who download cracks, keygens, and pirated software is that some percentage of it contains not only regular malware, but rootkits. While malware is bad, rootkits are the ultimate in malware. A rootkit embeds itself in the OS at a low level and intercepts requests for things like process information and 'hides' itself by returning all data, except that of its own process(es). Through API hooks, it makes itself invisible. Sadly, once you *get* a rootkit, they are near impossible to remove without a complete OS reinstall, or very delicate work. To even detect one is a pain, and to do so while booted requires that they not be coded right. A rootkit that is coded 100% correctly would be completely hidden at boot, no matter what. Hiding its processes from scanners, hiding its network activity, hiding its disk I/O ... it's a scary thought. All it takes is ONE rootkit and your entire PC is forever compromised. Security software typically will miss the latest generation of malware too, since it is regenerated daily, so it can hardly be thought of as some absolute defense.

What are my chances?

Not good, unless you are the head of a warez group I guess ;p. Don't take chances. Please. I've SEEN this with my own eyes NUMEROUS times. I am SURE there are safe and legitimate pirated copies of software out there, but I am also SURE that there are even more that have malware of one type or another. Whether you end up with a rootkit, and/or a zombie machine, the KEY to having a stable PC is making sure you know what has been installed. By 'installed', I don't mean the Programs and Features list, I mean simply 'run'. Some prefer Portable Editions of products because there is no installer. That's fine, but I just wanted to make it clear that malware will install itself whether there is an installer or not ;). Yes, that's very elementary there, but not everyone is a techie, so I'm trying to lay out all the facts as best I can. Sadly, I'm not a better writer ;o.

Do your own homework. You'll find this is true. This is how single individuals get control of hundreds of thousands of 'zombie' PCs, without those owners even knowing it. These are known as botnets. Then these botnet owners get together and form groups.

How to know if you have a rootkit

You can NEVER be certain. There are a few rootkit detectors out there that rely only on FLAWS in *certain* rootkits to detect them. Obviously, they don't detect rootkits that have those flaws corrected.

What to do if you think you have a rootkit

Reinstall the OS from *scratch*, reactivate from *scratch*, run as a Limited User, and be EXTREMELY aware of *every* program you give elevated rights to. It should be signed, so you know who it came from. All our software is signed, for instance. However, the NAME doesn't necessarily mean a lot, so you've got to double check. Get software only from reliable, trusted sources.

Stay clean. I can't tell you how many bizarre system troubles of users I've spent hours examining -- only to find some malware as the root cause.

Consider this case: You love Process Lasso, and you want a Pro license. So, you download a keygen or crack for it. You've got Process Lasso Pro, whohoo! However, what else do you have, now? What is the value of knowing you are secure?

This is NOT FUD, this is simply the TRUTH. This is REALITY. Don't take my word for it. Do your own homework. Look closer at what you get. Why is a pirated copy megabytes larger than our official distribution, for example? Little clues like that can help.

TIP: Check for the Bitsum Technologies digital signature on our installer (though beware of forgeries that are not authentic and will be voided at the CA root authorities). Now, if there is OTHER STUFF in there besides our installer -- well then, it doesn't belong there and I can not say what it is ;o
Software Engineer. Bitsum LLC.

sys-eng

Rootkits can be removed but you are absolutely correct that they are generally undetected when looking from within the Windows OS.  Most antivirus programs have a boot-time scan option, and it should be run weekly.

WareZ and torrents are as safe as pornography sites.  Probably not as safe as drinking from a creek in a city.

Jeremy Collake

Quote from: sys-eng on March 18, 2013, 11:13:25 PM
WareZ and torrents are as safe as pornography sites.  Probably not as safe as drinking from a creek in a city.

Both are definitely unsafe, though I tend to disagree a bit. Warez get executed by the user (in the case of applications), giving them an increased chance at intrusion. I have worked in the security field and analyzed several popular applications that were distributed on the warez scene. Often, the application will appear to run fine, but a rootkit or other malware will be installed transparently.

The end lesson is: If you're going to pirate, make sure your source is highly reliable. I am not certain whether such a source exists to be honest. Even those that have 'noble' intentions may accidentally distribute some malware in their quest to proliferate more warez.

Security software will never protect you, that's one thing you can count on. They are perpetually behind the curve. These days, they are more likely to alert you to benign threats in the form of false positives than detect anything actually harmful. It's an industry driven on fear, and one that I constantly complain about.
Software Engineer. Bitsum LLC.

faizan33

Rootkits can be removed but you are absolutely correct that they are generally undetected when looking from within the Windows OS.  Most antivirus programs have a boot-time scan option, and it should be run weekly.
Cut down your exam stress by using our latest [url=http://www.braindumps.com/MCITP.htm]braindumps[/url] and high quality [url=http://www.vmware.com/]VMWARE[/url] and [url=http://www.caltech.edu/]California Institute of Technology[/url].

BenYeeHua

And it should be blocked by your AV, so if you get a rootkits when you are using a AV that has monitoring enabled(most should has this), you should think about change to other AV. :)

Jeremy Collake

Consider this: If security software really worked well, nobody would have malware/virus problems. The fact of the matter is that the worst thing a user can do is rely on their security software.
Software Engineer. Bitsum LLC.

BenYeeHua

Yup, each of them has difference issues like compatibility, as there are too much software, and many of them are hard to reach to fix the issues.
And the security level will be lower if you disconnect the internet too, as the cloud is the very important scanning engine for killing newest virus, and how long the virus will be start killing/collected by the cloud engine.

They also having difference level of killing it and fix the file, like Microsoft MSE or WD, they don't kill the downloader or original source/software that will create the virus(if I am right), so the Windows user will stop using MSE or WD, and switch to other security software.
(Just Microsoft don't want steal the money from other security software, or you will know what's happen :))