Why is this product recovery key tool flagged as malware?

We'll be featuring an abridged Q&A from Fred Langa's LANGALIST, a feature available exclusively to paid subscribers of the Windows Secrets newsletter. Today's Q&A: Are you recommending malware when you recommend product key recovery tools?

Fred Langa

February 10, 2016

2 Min Read
Why is this product recovery key tool flagged as malware?

Q. Back in the answer to the January 20 question, you wrote, ‘To download and run tools such as Produkey, you might have to disable your anti-malware software or create an exemption. These tools are often flagged as potentially unwanted programs.’

I use two different computers, and one of them flags Produkey as a PUP, while the other one doesn’t.

You state, ‘In this case … it’s not unwanted and should be allowed to run.’

Unless I’m missing something, it seems to me that what you’re saying is really, ‘These tools contain malware, but that’s the price you have to pay in order to find your product key.’

​A. Emphatically no; I wasn’t saying that at all.

​Believe me: I have never — and will never — knowingly recommend software that contains malware!

​But some legitimate tools, such as Produkey, might be flagged as malicious by some anti-malware tools.

​Some malware does secretly hitch a ride along with unrelated "free" software, and does indeed try to surreptitiously steal product keys, which are sent back to a cyber thief. The keys are often sold on the black market.

​Produkey and similar tools aren’t doing anything covert or unauthorized. They're designed so that the legitimate owner of software can recover his/her own bought-and-paid-for keys.

​Unfortunately, some anti-malware tools can’t tell the difference between legitimate and illegitimate product-key recovery. All the anti-malware tool knows is that something is trying to recover the keys.

​The anti-malware tool then says, in effect, "I've found software that’s collecting your product keys. I can't tell if that's what you want or not, so I'm flagging the software as a PUP — potentially unwanted software."

​In this case, it's a false positive; there's nothing malicious going on. The product key-recovery actions are wanted, not unwanted — the software should be allowed to run.

Hope that clears things up!

 

(Originally published on Windows Secrets on Tuesday, February 2, 2016.)

*

Editor's note: We feature an abridged Q&A from Fred Langa's LANGALIST, a column available exclusively to paid subscribers of the Windows Secrets newsletter,. What you see here is just a small sampling of what Langa's writing for the newsletter — go here for more information on how to subscribe.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like