What’s the risk?

Could using counterfeit software be risky in and of itself? Yesterday we posted a report done for us by the research firm IDC that investigated what risks someone might face using counterfeit software. Some of the results are pretty surprising. Most surprising to me were the degree to which even searching for hacks or cracks is dangerous and the high percentage (59%!) of files downloaded from P2P networks that were infected or tried to install or compromise the downloading system in some way.

You can read the summary of the research at this page or directly download the full report here (PDF). These are the top data points that came out of the work:

• 25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious or potentially unwanted software.

• 11% of the key generators and crack tools downloaded from Web sites contained either malicious or potentially unwanted software.

• 59% of the key generators and crack tools downloaded from peer-to-peer networks contained either malicious software or potentially unwanted software.

A couple of other things popped out at me after digging into this issue myself and reviewing the research IDC did. First, I was surprised to see that many of the web sites that tried to infect a system were built to look like ‘community’ oriented sites where hacks and cracks are made available for sharing. These sites are trying to trap people searching for ways to work around license requirements and they’re doing it by posing as sites that might be useful, but probably not harmful, to the user. Second, the findings of the research suggest that those who are inclined to sell counterfeit software may also be increasingly tampering with or adding unwanted software to their product that provide more opportunities for them to make money. One possible explanation for this observation might be that with increased awareness of security issues, more people than ever before are installing anti-spyware and antivirus products, and turning on firewalls making it harder for spyware and other malware to be effective. The IDC study has compelling evidence that shows the planting of malicious software when the operating system is first installed or the use of a recognizable and trusted software title as a Trojan is becoming increasingly prevalent.

In the interest of full disclosure, and to explain some of my excitement at the release of this information, I would like to say that I was involved in setting up and sponsoring this project on behalf of Microsoft. This is an issue that I’m pretty close to and I’ve been advocating for some time within the company for us to do this research to show in a quantified way the risks of using counterfeit software. I was very glad earlier this year when I found out we were going to be able to pull this project together and that I would be able to help tell the story. Of course a number of others helped with this project. In particular I’d like to thank the people in our security group who helped analyze dynamics of the malware and tampering that were discovered on websites, in counterfeit media and other places.

On that note, I’ll tell a story soon about a personal experience I had with a site that falls squarely within the 25% described above.

Again, the summary page of the report is here and the full report can be downloaded directly here (PDF).