Trying to make a causal link between unlicensed software and malware

In its ongoing quest to warn Canadians of the perils and costs of using unlicensed software, the Business Software Alliance (BSA) has released a report that tries to prove a link between the usage of unlicensed software and a user’s vulnerability to malware.

Operated and funded by major software vendors, such as Microsoft, Symantec, and Adobe, BSA has a mandate to fight software piracy, promote the use of licensed software and work with whistleblowers to bring non-compliant businesses into license compliance. It regularly sponsors studies that claim to show the cost of unlicensed software to the economy and the dangers it can pose to businesses and consumers.

Its latest offering is a report by research firm IDC that tries to identify a link between using unlicensed software and encountering more malware, potentially putting the organization at greater risk to cybercriminal activity. The message? Lower your malware risk by using licensed software.

“Malware infections can cause significant harm, and Canadian businesses are struggling with how best to protect themselves,” said Jodie Kelley, senior vice-president and general counsel at BSA, in a statement. “This analysis shows that the link between unlicensed software use and malware is real, meaning good software management is a critical first step to reducing cybersecurity risks.”

Just how real is it though? According to the IDC report, there is a clear correlation between the rate of unlicensed software in and the malware encounter rate; the two levels rise nearly in unison. For example, Canada’s unlicensed software level was 25 per cent and its malware encounter rate was 13 per cent; Morocco on the high end has an unlicensed software rate of 66 per cent and a malware encounter rate of 34 per cent.

Of course, as the report authors admit, correlation does not equal causation – post hoc ergo propter hoc almost never applies. Still, IDC feels “there is causal evidence” (emphasis theirs) that supports the hypothesis.

Courtesy IDC
Courtesy IDC

“This statistical analysis and evidence from the field point to a clear link between unlicensed software and cybersecurity threats. Not all cybersecurity threats come from malware, and not all malware comes from unlicensed software. But it is abundantly clear that some malware does come from unlicensed software — and most malware constitutes a cybersecurity threat,” concludes the IDC report.

Some threat perhaps, although just how much remains unclear. And left unexamined in the report appears to be the behavioural aspect: is using unlicensed software really the issue, or is it about behaviour? It’s possible someone who would use an unlicensed copy of Windows, for example, might engage in other potentially risky behaviour – say, not bothering with endpoint security software – that increases their vulnerability to malware.

So does using unlicensed software put you more at risk, or do people that use unlicensed software just engage in more risky behaviour regardless of whether or not their software is licensed? Perhaps that will be the next report.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
Jeff Jedras is a technology journalist with IT World Canada and a member of the IT Business team. He began his career in technology journalism in the late 1990s, covering the Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada and the channel for Computer Dealer News. His writing has also appeared in the Vancouver Sun & the Ottawa Citizen.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs