more context on that: https://hexbear.net/post/266293

  • blashork [she/her]
    ·
    2 years ago

    preface, I am a huge linux nerd, but also an IT and security professional

    never pirate a windows iso, they always come loaded with malicious bullshit

    Always download the iso directly, crack it, and run the various cleaning programs and de bloaters

    it sucks and it's annoying, but you really really want to avoid starting with a windows iso that isn't direct download off of m$'s website, or at least lookup the checksums and make sure the files match

    • ForteanCum [comrade/them]
      ·
      2 years ago

      never pirate a windows iso, they always come loaded with malicious bullshit

      I've actually never heard of a pirated windows ISO with malware built-in, probably mostly because reputable uploaders just aren't that hard to find for a seasoned :programming-communism: like me.

      Can you share more specifics on this?

      • blashork [she/her]
        ·
        2 years ago

        I decided to go digging to see if I could find a proper source to back me up here. I swear torrentfreak had done an article about an investigation into a lot of the most seeded windows isos and finding keyloggers and rootkits. Unfortunately my search there is coming up empty.

        However, you will find this advice on the /fwt/ thread on /g/, and as shit a place as 4chan is they do have a good piracy guide. If you download any windows iso that's pre-activated, there's no way to make sure it doesn't have a rootkit or similar in it because it now has a bad hash value. You can't guarantee it's clean. However, if you get a clean iso, even from a torrent, you know it's good as long as the hash is correct. And the thread links to a full archives of official hashes and a database of isos with good hashes you can compare them too.

        Here's the fwt guides.

        https://rentry.org/fwt https://rentry.org/ltsc

        Personally, I genuinely believe some analysis lab or university is going to do a proper investigation of common windows iso torrents, and we're going to find a lot of compromised stuff. But it's really just not worth the risk. Pirated or not, always get a clean iso and verify the hash, then use debloat tools or an svf from m$