Microsoft Blogger States “Pirated Software is NOT More Susceptible to Malware!”

I see Microsoft’s Terry Zink has revised his post — it now says "I have temporarily removed this post while I look at some more data."
But on the Internet, you can’t really retract anything. Here’s Terry’s original article:

Are pirated versions of software more susceptible to malware?

Today, November 11, 2009, 8 hours ago | tzink

One of the pieces of conventional wisdom that goes through my head is that if you install pirated versions of software, then your computer is more likely to be infected with malware.  It makes sense; in order for spammers/malware authors to take control machine, they offer users cheap software.  Yet this cheap software comes with a heavy price tag – you relinquish control of it to the whims and fancy of the spammer or malware writer to do nefarious things like spam, host phishing pages, host fast flux, serve as a command-and-control center, and so forth.  Furthermore, individuals with pirated software are also much less likely to download security updates and therefore remain exposed and vulnerable for longer periods of time and, therefore, more prone to malware infection.

That’s the theory.  But is it true?

To test this, I compared the data in the Microsoft Security and Intelligence Report and the Business Software Alliance Piracy Study.  I used Microsoft’s metric of CCM, Computers Cleaned per thousand executions of the Malicious Software Removal Tool.  I extracted the countries in common between the two reports and ran two correlation studies, one for 1H 2009 compared to the 2008 piracy rate, and another for 2H 2008 compared to the 2008 piracy rate.

Below are the top 10 countries for CCM in 1H 2009 and the change from 2H 2008 (green is good and represents a decrease, red is bad and represents and increase):


I have removed Serbia and Montenegro as it represented an outlier.  Note that 4 of the top 6 countries (Turkey, Spain, Saudi Arabia and Taiwan) have all had substantial increases of malware infection (and removal) compared to the previous six months of the year.  Below is a table of rates of piracy for the top ten countries:


For interest’s sake, here are the best countries with the lowest rates of piracy:


You can see that the US has the lowest rate of piracy which surprises me a little bit given that so much spam comes out of the US.  Next, to determine if there is any relationship between the two of them, I calculated the statistical correlation between the two and plotted a scatter plot.  I did this comparing the 1H 2009 CCM to the rate of 2008 software piracy, and then the 2H 2008 CCM to the rate of 2008 software piracy.  Below are the results:



In 1H 2009, 0.8% of the variance of the rate of piracy is associated with the CCM, and in 2H 2008, 1.1% of the variance of the rate of piracy is associated with the CCM.  In other words, there is no statistically significant relationship between the rate of software piracy and the rate of malware detection.

Quite frankly, this surprises me.  It completely goes against my theory that I spoke about at the start of this post.  The SIR does suggest that update service usage declines as the rate of software piracy increases but there there are too few data points to make any conclusions.  It is possible that pirated versions of software do not update as frequently and are therefore more prone to being exposed longer.  However, if this were true one would expect there to be at least some relationship between the rate of piracy and the CCM metric.

But for now, the evidence does not support the theory.

About blakehandler

BLAKE was a Microsoft MVP and award winning programmer with over 20+ years experience providing complete Windows and networking support for small to medium sized businesses. BLAKE is also Jazz Musician and Instructor for residential clients on the Los Angeles West Side.
This entry was posted in The Knews. Bookmark the permalink.

1 Response to Microsoft Blogger States “Pirated Software is NOT More Susceptible to Malware!”

  1. Terry says:

    I need to go back and look at some of the outliers; the small countries can skew the statistics and imply that there is no relationship.But on the first pass through, mathematically, I did not find a relationship between the two (other than perhaps a weak one between CCM 2H 2008 and 2008 software piracy rate). That does not imply there is none, however (correlation, or the lack thereof, does not imply no causation). I would need to also measure the rate the MSRT adoption and update frequency to find more meaningful relationships.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s