Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Microsoft links malware rates to pirated Windows

PCs running bogus Windows more likely to be infected because pirates won't use Windows Update

Microsoft today said computers in countries with high rates of software piracy are more likely to be infected by malicious code because users are leery of applying security patches.

"There is a direct correlation between piracy and the malware infection rate," said Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center. Williams was touting the newest edition of his company's biannual security intelligence report .

According to Williams, the link between PC infection rates -- the percentage of computers that have been cleaned by the updated monthly Malicious Software Removal Tool, or MSRT -- and piracy is due to the hesitancy of users in countries where counterfeit copies abound to use Windows Update, the service that pushes patches to PCs.

China's piracy rate is more than four times that of the U.S., according to Microsoft's report, published today, but the use of Windows Update in China is significantly below that in the U.S.

Brazil and France also have a higher piracy rate, and lower Windows Update usage, than the U.S., Microsoft maintained.

But the company's own data doesn't always support William's contention that piracy, and the hesitancy to use Windows Update, leads to more infected PCs. China, for example, boasted a malware infection rate -- as defined by the number of computers cleaned for each 1,000 executions of the MSRT -- of just 6.7, significantly lower than the global average of 8.7 or the U.S.'s rate of 8.2 per thousand.

France's infection rate of 7.9 in the first half of 2009 was also under the worldwide average.

Of the three countries Microsoft called out as examples of nations whose users are reluctant to run Windows Update because of high piracy rates, only Brazil fit William's argument: Brazil's infection rate was 25.4, nearly three times the global average.

Other countries with higher-than-average infection rates, however, also have high piracy rates, according to data published last May by the Business Software Alliance (BSA), an industry-backed anti-piracy organization, and research firm IDC. Microsoft is a member of the BSA.

By Microsoft's tally, Serbia and Montenegro had the highest infection rate in the world, with 97.2 PCs out of every 1,000, nearly 10%, plagued by malware. Turkey was No. 2, with 32.3, while Brazil, Spain and South Korea were third through fifth, with infection rates of 25.4, 21.6 and 21.3, respectively.

The BSA put Serbia's piracy rate, the percentage of the in-use software that's not licensed, at 74% in 2008, while Turkey, Brazil, Spain and Korea had estimated piracy rates of 64%, 58%, 42% and 43%, respectively. By comparison, the U.S.'s piracy rate was pegged at 20%, and the worldwide average at 41%.

Although Microsoft wants users to patch vulnerabilities with Windows Update, people running counterfeit copies of Windows have traditionally been less-than-eager to apply fixes, believing that Windows Update will recognize their software as illegal and mark it as such with nagging on-screen messages.

Microsoft's anti-piracy efforts, particularly the technology it pushes to users that sniffs out unlicensed copies of Windows, have met with resistance. Last year, for example, Chinese users raised a ruckus when Microsoft updated its Windows Genuine Advantage (WGA) anticounterfeit validation and notification technology.

American users have complained about the technology, too. In June 2006, Microsoft infuriated users by pushing a version of WGA to XP users via Windows Update, tagging it as a "high-priority" update that was automatically downloaded and installed to most machines. A year later, a day-long server outage riled thousands of users who were mistakenly fingered for running counterfeit copies of Windows.

The 2006 incident sparked a lawsuit that accused Microsoft of misleading customers when it used Windows Update to serve up WGA. Last month, Microsoft filed a motion opposing a move by the plaintiffs to turn the case into a class-action lawsuit .

Microsoft's security intelligence report can be downloaded from its Web site in PDF or XPS document formats.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: BSA, Business Software Alliance, IDC, Microsoft
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Windows, Microsoft, malware
Latest Blog Posts
Whitepapers
  • Eight threats your antivirus won’t stop - Why you need endpoint security
    News headlines are a constant reminder that malware attacks and data loss are on the rise. High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the Internet for legitimate purposes. This paper outlines eight common threats that traditional antivirus alone won’t stop, and explains how to protect your organisation using endpoint security.
    Learn more »
  • Chapter 2: Protecting Enterprise VoIP Services
    The enterprise network is a complex system, and implementing VoIP brings a new level of complexity into the mix. In addition, security threats are real and many and assuring QoS delivery is a technical challenge. In deploying VoIP, you’re integrating voice technology with the critical data infrastructure. Building process and documentation controls into network operations provides the information about the corporate nervous system to manage a secure operating environment. You use this information to build a layered defense into the network. By gathering knowledge and applying it to defend the network in depth, you can deliver secure, reliable, available VoIP service across the enterprise.
    Learn more »
  • Web 2.0 in the Workplace Today
    More than a decade after the term ‘Web 2.0’ was coined, many businesses are still nowhere near to taking full advantage of the collaborative technologies the term refers to. Undoubtedly, confidence is growing in relation to using tools such as Facebook, Skype, Twitter, and indeed many more organisations are using such technology now compared to even just a couple of years ago. But the fact remains that a worrying amount of businesses seem to be operating a ‘lockdown’ approach – an approach that I’m sure many Board-level staff know is simply not good for business in the long-term.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources