OPINION: License violations may be the least of your problems if your business is using pirated software. This Microsoft study indicates that it's quite possible you're using such software even if you tried in good faith to buy legit software.
Software pirates are getting bolder and more sophisticated according to a new paper from Microsoft on the subject
The main study discussed in the paper is of 30 medium-sized
businesses in the U.K. which were audited by a third-party review agency at
Microsoft's behest, something which the paper says happens thousands of
times a year. The subset of 30 received additional scrutiny of any
counterfeit products detected in the review. Eleven, or 37 percent of the 30, were
found to have unknowingly purchased counterfeit Microsoft software,
including both Windows and Office. The products they bought were
high-quality rip-offs, and you'd have to know what to look for
in order to identify it.
The paper focuses on midsize businesses that were trying to be
legitimate but failed. It also discusses other studies of consumer and
small business problems with pirated software, where the risks seem to
be much greater. Consider the recent incident of the Mac botnet that was built with pirated applications distributed on peer-to-peer sites
Obviously things like that happen in the Windows world all the time,
and these days people are probably all the more inclined to save some
money, or so they think, by ripping off some faceless, wealthy software
The report describes how the sites that push pirated programs are
full of exploits, how the pirated programs themselves (as with the Mac
example) have exploits in them, and generally you're taking inordinate
risks, even putting morals aside, in getting your software this way.
What can legitimate businesses do? For the medium-size businesses
they recommend first buying only from trustworthy sources which you can
locate through Chambers of Commerce, BBB or through several Websites
they list. Go to Microsoft's How to Tell site
to learn what to look for in packaged software. And centralize software
procurement so that controls can be standardized. This last idea is
especially good for a number of reasons.
Whenever I read about piracy of Windows and Office, especially the
unwitting purchase of such products, I wonder how the activation
problem is solved. I know there are hacks to get around activation,
especially with Windows XP, but the ones I've seen generally involve
some overt hacking operations such that you couldn't pass them off as
legit products, unless the buyer was really, really credulous. The only
way around this is to use a stolen site license; I had the impression
these don't last out in the wild very long, but maybe I'm wrong. And
maybe they do get canceled and this is one of the risks you run in
buying such software.
I guess the reach of the pirated products shouldn't be so
surprising. If you search around on eBay and places like it for the
lowest price and don't scrutinize the seller all that much it's
probably easy to fall for this. In such cases the amount of money
you're saving compared to an unambiguously legitimate source is
probably small, too small to justify the risk. Involved your company in
a licensing dispute or get your systems infected from a dirty pirating
site and you easily blow all the money you thought you saved.
It all makes me wonder if the answer isn't somehow to tighten up
supply chains and make it so that not every little player on the
Internet can sell such software. That would be a shame, since
competition does keep prices down. As with so many security problems,
we'll have to accept some risk in order to maintain our freedoms.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.