Users of unlicensed software have a one-in-three chance of acquiring malware

There’s a strong relationship between the use of unlicensed software and malware encounters as per a BSA commissioned IDC report (Unlicensed Software and Cybersecurity Threats). There have been a number of incidents that prove the same, be it the ‘Conficker’ worm spread through computers around the world in 2008 and 2009 or the takedown of the Citadel botnet — which created 5 million zombie computers across 90 countries wherein the criminals behind it had infected PCs in part by selling unlicensed versions of Microsoft Windows pre-infected with Citadel malware.

The BSA report analyzed the rate of unlicensed software use and cybersecurity threats in 81 countries where authoritative data was available on both. About 20% of PCs worldwide reported malware encounters each quarter in 2013. The figure shows the data points for both the rate of unlicensed software use and the prevalence of malware encounters in each of the 81 countries for which both encounter rates and unlicensed software rates were available in 2013.

For India, the Unlicensed software rate was 60% and Malware encounter rate was 39%. Corresponding figures for China were 74% and 25%, France were 36% and 18%, UK were 24% and 14%, and USA were 18% and 13%.

Each dot in the figure represents an individual country’s rate of unlicensed software use and prevalence of malware encounters. The pattern represents a statistically strong correlation of 0.79 between the two variables.

While this correlation neither proves nor disproves causation, it clearly shows that when unlicensed software rates are lower, malware encounter rates also are lower.

A 2014 study conducted by IDC and the National University of Singapore (NUS) revealed that significant amounts of malware in unlicensed software across more than 800 tests of PCs purchased with unlicensed software pre-installed, of unlicensed software DVDs, and of unlicensed software and activation keys downloaded from the Internet. The tests spanned a dozen countries across Asia, Europe, and the Americas.

Their conclusion: On an average, a user of an unlicensed software package has a one-in-three chance of encountering malware.

This infection rate multiplied by the number of unlicensed software packages in the world suggests there are in excess of 500 million infected unlicensed software packages in circulation. The research also found that more than 40% of consumers did not routinely install automated security updates, which can also enable malware infections of PCs.

It is abundantly clear that some malware does come from unlicensed software — and most malware constitutes a cybersecurity threat.