IT managers avoiding unlicensed software for security reasons, BSA says

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itbusiness.ca/news/it-managers-avoiding-unlicensed-software-for-security-reasons-bsa-says/49761

Among business owners, one of the biggest concerns of using unlicensed
software is the chance of installing malware through an unpatched, unsafe
version of the software, according to a new survey from the Business
Software Alliance (BSA).

In a report released last week, researchers for the BSA drew their data
from surveys of about 22,000 consumers and enterprise PC users. They also
polled about 2,000 IT managers in a separate survey.

Researchers found 62 per cent of these IT managers said the main reason
they’d avoid unlicensed or mis-licensed applications would be due to
malware, with mis-licensed software coming in the form of software used for
purposes not allowed under a licensing agreement. For example, a business
might use a software license intended for student or academic use.

Among those IT managers, their chief worries were data loss, data breaches,
and spending time and money on removing the malware from their systems. Yet
just under half, or 48 per cent of these IT managers, said they were
confident their organization’s software was properly licensed.

In Canada, the value of the unlicensed market is set at around $1.1
million, while the licensed market is worth around $3.3 million. The BSA
estimates about a quarter of the software installed in Canada is
unlicensed. These numbers come from publishers and vendors by comparing how
much software is deployed against the number of software licenses actually
shipped and sold.

“What we found a lot is that unlicensed software, from a technical aspect,
you’re talking about a system that does not get the necessary upgrades it
needs, at all, in order to consistently improve,” said Rodger Correa,
compliance marketing director for the BSA.

“Any software you purchase is essentially going to have an upgraded
version, a security patch, any sort of thing along those lines. And with
the use of unlicensed software, that essentially strips of you of any sort
of ability to get those updates … Really, it’s prone to hackers
unfortunately, and there are huge groups of people from hackers to spammers
to phishing.”

However, Correa couldn’t say how many users end up installing malware onto
their systems through using pirated or underlicensed software. He added so
far, the BSA has only done “informal tests” in the past, downloading
software from eBay and finding that an “obscenely high” amount of it
contained malware or was not secure.

He also added he is unsure about what types of software – say, pirated,
unlicensed, mis-licensed, etc.- might be the least secure.

“We have not done significant work in terms of what is the difference
between pirated software purchased on Craigslist, for example, versus what
is the difference between software purchased legally but on a different
system. For the purposes of the study, it’s pretty much taken as one and
the same, and it’s a lot of the same issues we approach in Canada,” he said.

Correa added with this year’s survey, the BSA is trying to do less “naming
and shaming” of companies that may be using unlicensed software, as some of
them may not be using pirated software – instead, they’re just using
mis-licensed software. Or they could be using underlicensed software, where
the company has paid for 20 licenses but installed copies on 30 computers.

“People have to be aware of what’s on their systems,” he said, adding
businesses can use a software asset management plan to understand what
they’ve installed.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!