What’s the risk?

Could using counterfeit software be risky in and of itself? Yesterday we posted a report done for us by the research firm IDC that investigated what risks someone might face using counterfeit software. Some of the results are pretty surprising. Most surprising to me were the degree to which even searching for hacks or cracks is dangerous and the high percentage (59%!) of files downloaded from P2P networks that were infected or tried to install or compromise the downloading system in some way.

You can read the summary of the research at this page or directly download the full report here (PDF). These are the top data points that came out of the work:

• 25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious or potentially unwanted software.

• 11% of the key generators and crack tools downloaded from Web sites contained either malicious or potentially unwanted software.

• 59% of the key generators and crack tools downloaded from peer-to-peer networks contained either malicious software or potentially unwanted software.

A couple of other things popped out at me after digging into this issue myself and reviewing the research IDC did. First, I was surprised to see that many of the web sites that tried to infect a system were built to look like ‘community’ oriented sites where hacks and cracks are made available for sharing. These sites are trying to trap people searching for ways to work around license requirements and they’re doing it by posing as sites that might be useful, but probably not harmful, to the user. Second, the findings of the research suggest that those who are inclined to sell counterfeit software may also be increasingly tampering with or adding unwanted software to their product that provide more opportunities for them to make money. One possible explanation for this observation might be that with increased awareness of security issues, more people than ever before are installing anti-spyware and antivirus products, and turning on firewalls making it harder for spyware and other malware to be effective. The IDC study has compelling evidence that shows the planting of malicious software when the operating system is first installed or the use of a recognizable and trusted software title as a Trojan is becoming increasingly prevalent.

In the interest of full disclosure, and to explain some of my excitement at the release of this information, I would like to say that I was involved in setting up and sponsoring this project on behalf of Microsoft. This is an issue that I’m pretty close to and I’ve been advocating for some time within the company for us to do this research to show in a quantified way the risks of using counterfeit software. I was very glad earlier this year when I found out we were going to be able to pull this project together and that I would be able to help tell the story. Of course a number of others helped with this project. In particular I’d like to thank the people in our security group who helped analyze dynamics of the malware and tampering that were discovered on websites, in counterfeit media and other places.

On that note, I’ll tell a story soon about a personal experience I had with a site that falls squarely within the 25% described above.

Again, the summary page of the report is here and the full report can be downloaded directly here (PDF).

Comments

  • Anonymous
    October 26, 2006
    Clearly, windows needs better security so none of those are a risk.

  • Anonymous
    October 27, 2006
    The comment has been removed

  • Anonymous
    October 27, 2006
    The comment has been removed

  • Anonymous
    November 01, 2006
    The comment has been removed

  • Anonymous
    November 02, 2006
    The comment has been removed

  • Anonymous
    November 04, 2006
    I was speaking broadly: Malware causes system downtime and slowdowns. A false-failure on Windows Genuine Advantage causes system downtime and slowdowns. To WGA's credit, it will not cause dataloss, but malware likely will. Malware typically pops-up annoying windows on a user's screen.  So does Windows Genuine Advantage. Malware disables features of a user's computer.  So does Windows Genuine Advantage. As I've said in other comments, you seem to underestimate the damage that "just a few" Windows Genuine Advantage false positives cause.   The best Microsoft will do when WGA fails is apologize.  Despite the likely increased revenue from stricter license enforcement, Microsoft won't compensate end users. At least malware authors go to jail when they get caught.  When WGA fails, we just hear an empty and insincere* apology from Microsoft.

  • I know that you probably really really mean it when you say you're sorry.  But in this situation, anything that isn't compensation for lost work time or usability is insincere and meaningless.

  • Anonymous
    November 06, 2006
    And expanding a bit, the point of my post is to raise awareness of some of the risks that are associated with using operating systems with Windows Genuine Advantage

  • Anonymous
    December 15, 2006
    The comment has been removed

  • Anonymous
    March 05, 2007
    Over the weekend we learned that the widely covered 'Vista Brute Force Keygen' turned out to be a hoax.

  • Anonymous
    March 05, 2007
    Over the weekend we learned that the widely covered 'Vista Brute Force Keygen' turned out to

  • Anonymous
    August 25, 2007
    The comment has been removed