Remark: A few weeks ago I made a post where I asked you about the correlation between Piracy and Security. I was talking about Piracy (stolen software) and got a lot of answers about Privacy (Data Protection) . So the following post is about stolen and illegal software…
I was recently asked in a panel whether there is a correlation between piracy rates and malware infections in a given country. I am convinced that this is the case in the consumer space because I suspect many pirated copies are not protected. But can I prove it?
You might have seen it: We recently filed some cases regarding piracy in different countries. These cases go after software resellers who allegedly violated Microsoft’s copyrights and/or trademarks by illegally selling counterfeit software and software components via online auction sites – which is a serious kind of fraud.
But where I would really like to understand more is when it comes to the relationship between Piracy and Security/Patching. To me, there are different “types of piracy”, which might have different impact on security:
- Criminals that steal software and then sell it. From my personal experience the end-user is often unaware of the fact that he/she is running non-genuine software. So, there is a good chance that Automatic Update is switched on
- People downloading pirated copies of software from peer-to-peer networks or other sources. Here the problem is different as these people most probably do not have any patch management solution switched on.
To be clear: Some time ago, we decided to deliver critical security updates via Automatic Update to non-genuine versions of our products. This is not to protect the thieves but to protect the ecosystem. I often get push-back that this is not true, so let me clarify.If you go to the download center or Microsoft Update you will not be able to access these sites with pirated copies but switching on Automatic Update will allow you to get the critical Security Updates.
The reason why I am telling you this is because I would like to do some statistical exercises with you. There is data on Malware Infection Rates in our Security Intelligence Report. This data is compiled from results of the Malicious Software Removal Tool which is mainly delivered through Microsoft Update and Automatic Update. So, we will see mainly machines that are getting regular updates.
So, this is about malware.
So, what does this tell us? Well, nothing really yet. So, from here, what we could do is looking at the rankings. (Being an engineer, I love to play with figures :-))
I started to compare the rankings of the different countries and tried to understand the difference in the relative ranking between Piracy and Malware Infection Rate. Let me give you an example: Switzerland ranks 5th lowest on Malware and 2nd lowest on Piracy. So, the difference there is 3. Ukraine, on the other side ranks 22nd on Malware but 51st on Piracy – so, there is a difference of 29 which is significant. So, they are doing about average when it comes to the malware infections but really bad in Piracy (actually in Ukraine 83% of all software is not genuine).
If we draw a graph with these differences it shows a clearer picture than the tables above:
So this tells us that most of the countries just rank about 5 places apart between Malware and Piracy!
Even though we are only covering PCs with the Malicious Software Removal Tool running in the malware infection rate, most countries that are bad/good on infection rate are bad/good on piracy.
But with this statement, this would lead us to the next question: Why is this the case? There might be different reasons for that:
- We know that Peer-to-Peer networks are a source for malware. So there is a good chance that people who deliberately steal software have it on Peer-to-Peer networks, or other untrustworthy sources, and get the malware from there.
- People who pirate software are careless anyway and do not run Anti-Malware software, or have it but do not update it
- People who pirate software do not patch their PCs because, in their mind, they think that running Microsoft Update or any other update mechanism will lead to them being caught. This would be interesting to investigate further but unfortunately I have no data I can make public on Microsoft Update hit rates in the countries above.
To make one point clear: The statements above are mere speculation. Today I have not enough intelligence available in order to strengthen one of the points above. On the other hand I think I have shown that there might be a correlation between Piracy and Security and I would guess it would be easier to convince consumers to patch their machines (and therefore get basic protection) if they run genuine copies rather than stolen copies!