preface, I am a huge linux nerd, but also an IT and security professional
never pirate a windows iso, they always come loaded with malicious bullshit
Always download the iso directly, crack it, and run the various cleaning programs and de bloaters
it sucks and it's annoying, but you really really want to avoid starting with a windows iso that isn't direct download off of m$'s website, or at least lookup the checksums and make sure the files match
never pirate a windows iso, they always come loaded with malicious bullshit
I've actually never heard of a pirated windows ISO with malware built-in, probably mostly because reputable uploaders just aren't that hard to find for a seasoned :programming-communism: like me.
I decided to go digging to see if I could find a proper source to back me up here. I swear torrentfreak had done an article about an investigation into a lot of the most seeded windows isos and finding keyloggers and rootkits. Unfortunately my search there is coming up empty.
However, you will find this advice on the /fwt/ thread on /g/, and as shit a place as 4chan is they do have a good piracy guide. If you download any windows iso that's pre-activated, there's no way to make sure it doesn't have a rootkit or similar in it because it now has a bad hash value. You can't guarantee it's clean. However, if you get a clean iso, even from a torrent, you know it's good as long as the hash is correct. And the thread links to a full archives of official hashes and a database of isos with good hashes you can compare them too.
Here's the fwt guides.
https://rentry.org/fwt
https://rentry.org/ltsc
Personally, I genuinely believe some analysis lab or university is going to do a proper investigation of common windows iso torrents, and we're going to find a lot of compromised stuff. But it's really just not worth the risk. Pirated or not, always get a clean iso and verify the hash, then use debloat tools or an svf from m$
preface, I am a huge linux nerd, but also an IT and security professional
never pirate a windows iso, they always come loaded with malicious bullshit
Always download the iso directly, crack it, and run the various cleaning programs and de bloaters
it sucks and it's annoying, but you really really want to avoid starting with a windows iso that isn't direct download off of m$'s website, or at least lookup the checksums and make sure the files match
I've actually never heard of a pirated windows ISO with malware built-in, probably mostly because reputable uploaders just aren't that hard to find for a seasoned :programming-communism: like me.
Can you share more specifics on this?
I decided to go digging to see if I could find a proper source to back me up here. I swear torrentfreak had done an article about an investigation into a lot of the most seeded windows isos and finding keyloggers and rootkits. Unfortunately my search there is coming up empty.
However, you will find this advice on the /fwt/ thread on /g/, and as shit a place as 4chan is they do have a good piracy guide. If you download any windows iso that's pre-activated, there's no way to make sure it doesn't have a rootkit or similar in it because it now has a bad hash value. You can't guarantee it's clean. However, if you get a clean iso, even from a torrent, you know it's good as long as the hash is correct. And the thread links to a full archives of official hashes and a database of isos with good hashes you can compare them too.
Here's the fwt guides.
https://rentry.org/fwt https://rentry.org/ltsc
Personally, I genuinely believe some analysis lab or university is going to do a proper investigation of common windows iso torrents, and we're going to find a lot of compromised stuff. But it's really just not worth the risk. Pirated or not, always get a clean iso and verify the hash, then use debloat tools or an svf from m$