A follow-on to last Friday’s post about the BSA’s recent worldwide study linking software piracy rates with the proliferation of PC malware:

Jeff Williams, principle group program manager for Microsoft’s Malware Protection Center, announced that Microsoft has come out with a report revealing that malware infection rates are directly correlated with the reluctance of those running counterfeit copies of Windows to use Windows Update, the service that pushes OS patches out to PCs.  (Microsoft’s research on malware infection rates was also used to draw similar conclusions in the BSA’s own study.) 

But according to Gregg Keizer of Computer World, Microsoft’s numbers don’t add up.  Here are a couple of excerpts from a column he published on Monday. 

(more…)

I just stumbled upon a rather frightful Business Software Alliance (BSA) report revealing the relationship between software piracy and internet security. The report concludes that the higher a country’s piracy rate, the higher their malware infection rates. (Read the entire report here.)

 The BSA offers two primary reasons for this phenomenon:

•  Individuals running software that was illegally obtained often don’t have access to critical vendor-issued security patches that prevent malware from infiltrating their PCs. (I’d also guess that in geographic regions with high piracy rates, consumers are generally less likely to spend money on tools (or professionals) designed to protect and/or repair their PCs should an infection occur.)
• Often times, sites distributing pirated software and/or piracy tools actually embed malware into their downloaded products or employ other means to make visitors’ computers vulnerable to infection.

While the BSA focuses its efforts on trying to cut off the distribution of pirated software at the source (through the legal process, as well as through a practice called “takedowns”), this approach is—in my estimation—equivalent to chasing apparitions; as known channels are shut down, new channels simply open up. Rather, the BSA needs to find a way to educate consumers, primarily in developing countries where incomes are low and piracy is high, about the ways in which indirect costs of using pirated software often exceed the savings. While the BSA dedicates considerable resources to education, it appears to me that the bulk of their efforts target businesses, where piracy tends to be more the result of careless licensing practices than internet piracy—and the security issues are therefore much less of a concern.

(more…)

I just read an utterly scathing column in ComputerWorld in which James Gaskin blasts the BSA for what he claims is a common practice of using “extortion tactics” that are especially punitive to small businesses. In his indictment, Gaskin lists a number of grievances he suggests exemplify the “Big Three” software vendors’ (Microsoft, Adobe, AutoDesk) contempt for small businesses.  Gaskin asserts that the BSA is notorious for “bullying small companies that don’t understand all the rules, lose their paperwork, or have proof stolen by a reward-hungry disgruntled employee.”  

I’ve never been through a software audit myself, so I can’t offer any validation or repudiation of his accusations. As such, my biggest criticism of the article is that Gaskin offers up no examples of or testimony from specific companies or individuals that have actually undergone a BSA audit. His only source on record for the article is a law firm, Scott & Scott LLP, who specializes in defending companies targeted by the BSA—not exactly the most impartial source, if you ask me. 

(more…)