31 October 2018

New PCs in Asia found with software that can endanger users

Source: Microsoft infographic. PCs loaded with pirated software can be bought in Asia, and the installation of such software could leave users at risk.
Source: Microsoft infographic. PCs loaded with pirated software can be bought in Asia, and the installation of such software could leave users at risk.

Pirated software will likely cost users more than they bargain for. A Microsoft sweep of PCs purchased in targeted countries in Asia has revealed that more than four in five (83%) brand new PCs are loaded with pirated software.

Aimed at educating consumers and owners of small and medium-sized enterprises (SMEs) in the region, Microsoft’s Asia PC Test Purchase Sweep provides insights on the prevalence of new PCs loaded with pirated software and the risks that they can pose to individuals and businesses.

“Cybercriminals are constantly evolving their techniques to evade security measures, and embedding their malware into pirated software is one of their tactics as it allows them to compromise large numbers of PCs and access vast amount of stolen credentials with ease,” said Mary Jo Schrade, Assistant General Counsel & Regional Director, Digital Crimes Unit, Microsoft Asia.

“When vendors sell pirated software containing malware in their PCs, they are not only fuelling the spread of malware in the region but are also putting their customers’ personal information and digital identity at the mercy of cybercriminals.”

The PCs were not bought from the official stores of PC brands nor reputable suppliers, but purchased from retailers that offered PCs at a much lower cost and free software bundles. In many cases, these retailers also sold pirated software at their stores.

“We weren't trying to ascertain the piracy rate of the country; we were trying to look at it a little bit differently,” Schrade said. “We analysed the code in the operating system, to see what was in there, if there anything that shouldn't be, compared to the legitimate version,” she said.

The sweep found that one of the most common practices for vendors installing pirated software on
new PCs is to turn off the security features, such as antivirus software and Windows Defender. This allows them to run the hacking tools needed to activate the pirated software. However, this leaves PCs vulnerable to malware and other cyberthreats, and the buyers of these PCs may not even
realise that their PCs are not protected, nor notice that there are suspicious activities going on while they are using them.

Schrade talks about the sweep at a media Q&A.
Schrade talks about the sweep at a media Q&A.
The sweep uncovered that 84% of the new PCs loaded with pirated software were indeed also infected with malware, with the most common type of malware being Trojans and viruses. Trojans can allow cybercriminals to spy on users and steal private data. Another type of malware might shut off antivirus settings.

While Trojans typically depend on some form of social engineering to trick users into loading and executing them, Microsoft notes that bundling them with pirated software provides an easy way for cybercriminals to compromise and control PCs.

In a worst case scenario, infected PCs can be susceptible to data theft, including of personal documents and sensitive information such as passwords and banking details. Users can also suffer identity theft where they lose control of their social media and email accounts. Malware, running in the background, can also slow devices down.

All these factors can lead to consumers and businesses chalking up significant monetary, time and productivity losses as they work to resolve the issues.“The goal is of educating people about the risks associated with these systems when they don't have the capacity personally to see what's on there,” Schrade said.

She added that individual users are not targeted specifically. “If I just want somebody's banking information I don't want to spend the time to find out which of you has the most credit cards to access, I just want to spin around to get (as much information as possible) and then I look at it when I've got it,” she said.

“The (misconception) is that they're targeting you in particular, they're just targeting you as a victim just like all the other victims.”

And though there is often reluctance to come up with the money to secure infrastructure, the cost of the consequences of malware could be higher than the cost of securing infrastructure, Schrade added.
“People should evaluate the cost of the risk of the malware as part of the overall cost,” she said.

Associate Professor Biplab Sikdar, Department of Electrical & Computer Engineering, National University of Singapore (NUS), Faculty of Engineering, who led a team of researchers to study the dangers of downloading and using pirated software last year, agreed with Schrade. “Users usually turn to pirated software as they are cheaper. The truth is that the financial costs and risks of using pirated software are often steeper than they can imagine.

“Users need to be more vigilant when purchasing new PCs and should never fall for a bargain that appears too good to be true. The short-term cost savings are insignificant compared to the irrevocable loss of their digital identity and personal data.”

“Using genuine software is the first line of defense against cybercriminals,” said Schrade.

The most fundamental step that users can take to safeguard themselves digitally is to always insist on buying PCs from established retailers and not ones that also sell pirated software. They should also ensure that they are getting genuine software by referring to software vendors’ websites to learn how they can distinguish between genuine and pirated software.

Besides using genuine software, people can also:

• Keep software current with the latest security patches, which are always free.

“The way that these criminals operate is that they don't care who you are; they just want something of value from you. If you happen to have your software up to date, they just sprint past you to get to the person who doesn't,” Schrade said.

• Follow safe Internet practices and do not visit potentially dangerous websites, such as those that offer adult content, illegal downloads, and pirated software, as well as file sharing portals.

• Avoid using very old software which has reached its end of life and is no longer supported by the software vendor for updates and security patches.

Explore:

Download the complete infographic (PDF)

*The Asia PC Test Purchase Sweep examined a total of 166 new PCs from India, Indonesia, Korea, Malaysia, the Philippines, Singapore, Taiwan, Thailand and Vietnam.