IDC probes piracy-malware link
IDC claims BSA-backed study represents first thorough statistical analysis of connection between unlicensed software and malware infection rates
There is a strong - and probably causal - link between unlicensed software use and malware, a study commissioned by the Business Software Alliance (BSA) has concluded.
The research, which correlated BSA-IDC data on unlicensed software usage with malware encounter rates data from Microsoft in 81 countries, has been seized upon by the BSA to convince governments and enterprises that fighting software piracy has clear security benefits.
The study, carried out by IDC, showed the two variables have a correlation coefficient of 0.79 (where 1.0 represents a perfect correlation and zero no correlation). This compares with a 0.72 correlation between smoking and lung cancer and a 0.77 correlation between education and income, IDC pointed out.
The higher the unlicensed PC software rate in a given country, the more malware was generally encountered (see graph). Moldova, the country with the highest unlicensed software rate, at 90 per cent, had a malware infection rate of 30 per cent, while the US, which had the lowest unlicensed software rate, at 18 per cent, had an infection rate of just 13 per cent.
Although a connection between unlicensed software and cyber-security threats has long since been presumed, IDC claimed this is the first thorough statistical analysis of the connection between the two variables.
Despite the fact that correlation does not imply causation (IDC itself gave the example that although there is a correlation between ice cream sales and murder rates in the US, the rise in both is caused by hot weather), IDC said there is empirical evidence of a causal link.
It pointed to a 2014 study it conducted with the National University of Singapore, revealing "significant" amounts of malware in unlicensed software across more than 800 tests of PCs purchased with unlicensed software pre-installed.
"This statistical analysis and evidence from the field point to a clear link between unlicensed software and cyber-security threats," IDC said. "Not all cyber-security threats come from malware, and not all malware comes from unlicensed software. But it is abundantly clear that some malware does come from unlicensed software - and most malware constitutes a cyber-security threat."
IDC added: "For enterprises, governments, and consumers, the obvious implication is that one way to lower cyber-security risks is to reduce the use of unlicensed software."