What’s the risk?

Could using counterfeit software be risky in and of itself? Yesterday we posted a report done for us by the research firm IDC that investigated what risks someone might face using counterfeit software. Some of the results are pretty surprising. Most surprising to me were the degree to which even searching for hacks or cracks is dangerous and the high percentage (59%!) of files downloaded from P2P networks that were infected or tried to install or compromise the downloading system in some way.

You can read the summary of the research at this page or directly download the full report here (PDF). These are the top data points that came out of the work:

         25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious or potentially unwanted software.


         11% of the key generators and crack tools downloaded from Web sites contained either malicious or potentially unwanted software.


         59% of the key generators and crack tools downloaded from peer-to-peer networks contained either malicious software or potentially unwanted software.

A couple of other things popped out at me after digging into this issue myself and reviewing the research IDC did. First, I was surprised to see that many of the web sites that tried to infect a system were built to look like ‘community’ oriented sites where hacks and cracks are made available for sharing. These sites are trying to trap people searching for ways to work around license requirements and they’re doing it by posing as sites that might be useful, but probably not harmful, to the user. Second, the findings of the research suggest that those who are inclined to sell counterfeit software may also be increasingly tampering with or adding unwanted software to their product that provide more opportunities for them to make money. One possible explanation for this observation might be that with increased awareness of security issues, more people than ever before are installing anti-spyware and antivirus products, and turning on firewalls making it harder for spyware and other malware to be effective. The IDC study has compelling evidence that shows the planting of malicious software when the operating system is first installed or the use of a recognizable and trusted software title as a Trojan is becoming increasingly prevalent.

In the interest of full disclosure, and to explain some of my excitement at the release of this information, I would like to say that I was involved in setting up and sponsoring this project on behalf of Microsoft. This is an issue that I’m pretty close to and I’ve been advocating for some time within the company for us to do this research to show in a quantified way the risks of using counterfeit software. I was very glad earlier this year when I found out we were going to be able to pull this project together and that I would be able to help tell the story. Of course a number of others helped with this project. In particular I’d like to thank the people in our security group who helped analyze dynamics of the malware and tampering that were discovered on websites, in counterfeit media and other places.

On that note, I’ll tell a story soon about a personal experience I had with a site that falls squarely within the 25% described above.

Again, the summary page of the report is here and the full report can be downloaded directly here (PDF).

Comments (11)

  1. Rosyna says:

    Clearly, windows needs better security so none of those are a risk.

  2. MSDN Archive says:

    I’m not sure I understand the comment. The research really doesn’t have much to say about the security of Windows. The research showed that shady sites *try* to steal people’s information or otherwise use the target system, also the research documented the fact that files (not Microsoft files) downloaded from websites and P2P networks that are *supposed* to help people crack product activation for Windows and Office often actually do entirely different things. In fact most of the attempts to attack systems use methods that have been long since patched or otherwise rendered ineffective.

  3. Phil O'Serf says:

    "Could using counterfeit software be risky in and of itself? "

    I can’t see what the opening line has to do with the rest of this post.

    Using counterfeit software is not the same as seeking illegally counterfeited software.

    MS claims WGA is protecting the customer from bad retailers and bad systems vendors. In that scenarios the user thinks she has a legit system but doesn’t. WGA infoms her and now she can correct the situation and MS can go after the counterfeiter.

    So could using a counterfeit copy of windows she think she bought legitamately hurt her. Not answered here. Not even examined.

    Could seeking out illegal stuff hurt her. Usually. That is a different question.

  4. mhornyak says:

    Also, the risk of getting a virus is downtime (or data loss if you haven’t backed-up).  That’s the same risk as Windows Genuine Advantage failing.  I’m not sure why this makes counterfeit software worse.

  5. MSDN Archive says:

    I don’t quite understand mhornyak’s comment. Having WGA fail is nothing like getting a virus infection. The point of the research is to raise awareness of some of the risks that are associated with actually searching for or trying to enable the use of pirated software.

  6. mhornyak says:

    I was speaking broadly:

    Malware causes system downtime and slowdowns.

    A false-failure on Windows Genuine Advantage causes system downtime and slowdowns.

    To WGA’s credit, it will not cause dataloss, but malware likely will.

    Malware typically pops-up annoying windows on a user’s screen.  So does Windows Genuine Advantage.

    Malware disables features of a user’s computer.  So does Windows Genuine Advantage.

    As I’ve said in other comments, you seem to underestimate the damage that "just a few" Windows Genuine Advantage false positives cause.  

    The best Microsoft will do when WGA fails is apologize.  Despite the likely increased revenue from stricter license enforcement, Microsoft won’t compensate end users.

    At least malware authors go to jail when they get caught.  When WGA fails, we just hear an empty and insincere* apology from Microsoft.

    * I know that you probably really really mean it when you say you’re sorry.  But in this situation, anything that isn’t compensation for lost work time or usability is insincere and meaningless.

  7. mhornyak says:

    And expanding a bit, the point of my post is to raise awareness of some of the risks that are associated with using operating systems with Windows Genuine Advantage

  8. zephzoota says:

    oh yeah i know for a fact you go looking for a crack or a serial number ur pretty much committing computer sucide. i went on one site about 2 yrs ago and the website put a virus on my computer through a ie exploit, tried getting rid of it no use.. had to do a fresh install of windows.

  9. Over the weekend we learned that the widely covered ‘Vista Brute Force Keygen’ turned out to be a hoax.

  10. RSS It All says:

    Over the weekend we learned that the widely covered 'Vista Brute Force Keygen' turned out to

  11. The Mad Hatter says:

    Seriously. The honest person isn’t going to get hit. They don’t need cracks.

    Let’s put it another way – if you can’t afford to buy something, there often is a free (or low cost) alternative. All it takes is time, time which you should spend to evaluate your needs anyway.

    I do some design work, and I use QCad for it. For the stuff I do it works fine. Let’s face it, I don’t need all of AutoCAD’s bells and whistles for what is essentially a hobby.

    I also do programming, and for that I bought the Power Basic Console Compiler. I looked at what was available, and for the specialty work I do nothing else was suitable, it was a necessity, so I spent the cash.

    Honesty isn’t the best policy, it’s the only policy.