Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Is there a Correlation between Stolen Software (Piracy) and Security/Patching?

Is there a Correlation between Stolen Software (Piracy) and Security/Patching?

  • Comments 4
  • Likes

Remark: A few weeks ago I made a post where I asked you about the correlation between Piracy and Security. I was talking about Piracy (stolen software) and got a lot of answers about Privacy (Data Protection) smile_wink. So the following post is about stolen and illegal software…

I was recently asked in a panel whether there is a correlation between piracy rates and malware infections in a given country. I am convinced that this is the case in the consumer space because I suspect many pirated copies are not protected. But can I prove it?

You might have seen it: We recently filed some cases regarding piracy in different countries. These cases go after software resellers who allegedly violated Microsoft’s copyrights and/or trademarks by illegally selling counterfeit software and software components via online auction sites – which is a serious kind of fraud.

But where I would really like to understand more is when it comes to the relationship between Piracy and Security/Patching. To me, there are different “types of piracy”, which might have different impact on security:

  • Criminals that steal software and then sell it. From my personal experience the end-user is often unaware of the fact that he/she is running non-genuine software. So, there is a good chance that Automatic Update is switched on
  • People downloading pirated copies of software from peer-to-peer networks or other sources. Here the problem is different as these people most probably do not have any patch management solution switched on.

To be clear: Some time ago, we decided to deliver critical security updates via Automatic Update to non-genuine versions of our products. This is not to protect the thieves but to protect the ecosystem. I often get push-back that this is not true, so let me clarify.If you go to the download center or Microsoft Update you will not be able to access these sites with pirated copies but switching on Automatic Update will allow you to get the critical Security Updates.

The reason why I am telling you this is because I would like to do some statistical exercises with you. There is data on Malware Infection Rates in our Security Intelligence Report. This data is compiled from results of the Malicious Software Removal Tool which is mainly delivered through Microsoft Update and Automatic Update. So, we will see mainly machines that are getting regular updates.

If we look at the countries in EMEA, this is the extract from the report which shows the 15 countries in which we found the most infections and the 15 in which we found the least in H1 2008 (the number is the number of infections we find per 1000 executions of MSRT):
Country Rate
Algeria 19.5
Libya 19.5
Portugal 19.6
Yemen 20.1
Lebanon 20.2
Macedonia 21.1
Jordan 21.6
Tunisia 21.9
Turkey 21.9
Saudi Arabia 22.3
Egypt 22.5
Iraq 23.6
Albania 25.4
Morocco 27.8
Bahrain 29.2
Afghanistan 76.4
Country Rate
Rwanda 4.2
Austria 5.2
Germany 5.3
Finland 5.7
Latvia 6.3
Denmark 6.8
Switzerland 6.9
Czech Republic 7.1
Italy 7.1
Ireland 7.3
Belarus 7.6
Sweden 7.6
Netherlands 7.8
Nigeria 8.2
Poland 8.3
Norway 8.3

So, this is about malware.

Let’s look at at Piracy figures now, using figures from a report by the Business Software Alliance. So, let’s do the same and look at the 15 worst and 15 best countries in terms of piracy (these are 2007 figures):
Country Piracy
Albania 78%
Kazakhstan 79%
Côte d'Ivoire 81%
Kenya 81%
Nigeria 82%
Montenegro 83%
Ukraine 83%
Algeria 84%
Pakistan 84%
Iraq 85%
Libya 88%
Yemen 89%
Azerbaijan 92%
Moldova 92%
Armenia 93%
Country Piracy
Luxembourg 21%
Austria 25%
Belgium 25%
Denmark 25%
Finland 25%
Sweden 25%
Switzerland 25%
Netherlands 28%
Norway 29%
Israel 32%
South Africa 34%
Ireland 34%
UAE 35%
Czech Republic 39%
Hungary 42%

So, what does this tell us? Well, nothing really yet. So, from here, what we could do is looking at the rankings. (Being an engineer, I love to play with figures :-))

I started to compare the rankings of the different countries and tried to understand the difference in the relative ranking between Piracy and Malware Infection Rate. Let me give you an example: Switzerland ranks 5th lowest on Malware and 2nd lowest on Piracy. So, the difference there is 3. Ukraine, on the other side ranks 22nd on Malware but 51st on Piracy – so, there is a difference of 29 which is significant. So, they are doing about average when it comes to the malware infections but really bad in Piracy (actually in Ukraine 83% of all software is not genuine).

If we draw a graph with these differences it shows a clearer picture than the tables above:

So this tells us that most of the countries just rank about 5 places apart between Malware and Piracy!

Even though we are only covering PCs with the Malicious Software Removal Tool running in the malware infection rate, most countries that are bad/good on infection rate are bad/good on piracy.

But with this statement, this would lead us to the next question: Why is this the case? There might be different reasons for that:

  • We know that Peer-to-Peer networks are a source for malware. So there is a good chance that people who deliberately steal software have it on Peer-to-Peer networks, or other untrustworthy sources, and get the malware from there.
  • People who pirate software are careless anyway and do not run Anti-Malware software, or have it but do not update it
  • People who pirate software do not patch their PCs because, in their mind, they think that running Microsoft Update or any other update mechanism will lead to them being caught. This would be interesting to investigate further but unfortunately I have no data I can make public on Microsoft Update hit rates in the countries above.

To make one point clear: The statements above are mere speculation. Today I have not enough intelligence available in order to strengthen one of the points above. On the other hand I think I have shown that there might be a correlation between Piracy and Security and I would guess it would be easier to convince consumers to patch their machines (and therefore get basic protection) if they run genuine copies rather than stolen copies!

Roger

Comments
  • Why should some one steal your crapped,crippling Software?

    Linux is allways better,, more secure and a better invest then Windows and all Software running on it. The is no reason why Business andMission critical things should based on it.

  • I am in a house where 10 other guys rent rooms, the IP provider has said that there is pirated software that is contributing to us being kicked of this network. Further some of the guys are using the same operating systems on multiple computers . Extreme gaming is contributing to network crashes which also has the same software being  used on multiple computers. How do I prove this and save the network. Sincerly James Eidson SirAlbert1@msn.com MCSA # 2482188

  • Hi James,

    it is kind of impossible to say what is going on in your network. I do not really think that it is connected with piracy but more with your bandwidth use

    Roger

  • A very interesting take on this subject. With advances in software protection, one wonders what a more recent analysis would reveal.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment