Software Pirates Getting Bolder Too, Says Microsoft Study

 
 
By Larry Seltzer  |  Posted 2009-04-21 Email Print this article Print
 
 
 
 
 
 
 

OPINION: License violations may be the least of your problems if your business is using pirated software. This Microsoft study indicates that it's quite possible you're using such software even if you tried in good faith to buy legit software.

Software pirates are getting bolder and more sophisticated according to a new paper from Microsoft on the subject.

The main study discussed in the paper is of 30 medium-sized businesses in the U.K. which were audited by a third-party review agency at Microsoft's behest, something which the paper says happens thousands of times a year. The subset of 30 received additional scrutiny of any counterfeit products detected in the review. Eleven, or 37 percent of the 30, were found to have unknowingly purchased counterfeit Microsoft software, including both Windows and Office. The products they bought were high-quality rip-offs, and you'd have to know what to look for in order to identify it.

The paper focuses on midsize businesses that were trying to be legitimate but failed. It also discusses other studies of consumer and small business problems with pirated software, where the risks seem to be much greater. Consider the recent incident of the Mac botnet that was built with pirated applications distributed on peer-to-peer sites. Obviously things like that happen in the Windows world all the time, and these days people are probably all the more inclined to save some money, or so they think, by ripping off some faceless, wealthy software corporation.

The report describes how the sites that push pirated programs are full of exploits, how the pirated programs themselves (as with the Mac example) have exploits in them, and generally you're taking inordinate risks, even putting morals aside, in getting your software this way.

What can legitimate businesses do? For the medium-size businesses they recommend first buying only from trustworthy sources which you can locate through Chambers of Commerce, BBB or through several Websites they list. Go to Microsoft's How to Tell site to learn what to look for in packaged software. And centralize software procurement so that controls can be standardized. This last idea is especially good for a number of reasons.

Whenever I read about piracy of Windows and Office, especially the unwitting purchase of such products, I wonder how the activation problem is solved. I know there are hacks to get around activation, especially with Windows XP, but the ones I've seen generally involve some overt hacking operations such that you couldn't pass them off as legit products, unless the buyer was really, really credulous. The only way around this is to use a stolen site license; I had the impression these don't last out in the wild very long, but maybe I'm wrong. And maybe they do get canceled and this is one of the risks you run in buying such software.

I guess the reach of the pirated products shouldn't be so surprising. If you search around on eBay and places like it for the lowest price and don't scrutinize the seller all that much it's probably easy to fall for this. In such cases the amount of money you're saving compared to an unambiguously legitimate source is probably small, too small to justify the risk. Involved your company in a licensing dispute or get your systems infected from a dirty pirating site and you easily blow all the money you thought you saved.

It all makes me wonder if the answer isn't somehow to tighten up supply chains and make it so that not every little player on the Internet can sell such software. That would be a shame, since competition does keep prices down. As with so many security problems, we'll have to accept some risk in order to maintain our freedoms.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel