Regulatory framework needed to tackle non-genuine software issues
By siliconindia   |   Thursday, 27 August 2009, 01:20 IST
Printer Print Email Email
Bangalore: KPMG's latest study says that non-genuine software can harm and disrupt the smooth functioning of an organization's operations by adversely affecting the system security infrastructure. Use of non-genuine software, which is not only limited to netizens but also organizations can have serious security problems. Organizations go for cheaper or fake products on the Internet to save money and end up downloading malware. "Explosive growth of the Internet in the last two decades has made it one of the most used channels for acquiring software quickly and at the same time higher profit margins and minimal risks associated with counterfeiting/cracking of genuine software, have given opportunity to anti-social and anti-national elements to make non-genuine software available on the Internet as well as in the physical media," said Akhilesh Tuteja, the author and Executive Director, IT Advisory Services, KPMG India. The study is titled "An Inconvenient Reality- The unaccounted consequences of non genuine software usage" and it seeks to establish the direct and indirect security implications for government and corporate organizations as well as individuals when deploying non-genuine software. KPMG reviewed 50 websites offering non genuine software and/or enablers for non-genuine software usage, like key generators. The study revealed that more than 60 percent of websites providing cracks, keygens, warez or counterfeits have potential threat vectors. A system having non-genuine software can adversely impact the overall security of a network. A large numbers of hackers develop potentially dangerous software disguised as software with rich functionalities to lure unsuspecting users. These users can then become part of botnets and be controlled remotely for executing large scale attacks. Large number of students never or rarely pay for commercial software programs. According to Ipsos Public Affairs study in the U.S, this number is put at 61 percent globally and of which 27 percent use Peer to Peer (P2P) networking for downloading non-genuine software. Another recent study by IDC, indicates that 59 percent of key generators and crack tools downloaded from such P2P sites contain malware. This indicates the vulnerability of the student community in the country and globally to the security risks of using non-genuine software. The study also claims that 39 percent of organizations surveyed reported security incident of non- genuine software detection in their IT environment. Companies which use non-genuine software are 43 percent more likely to have critical systems failure. KPMG in the report suggest many security measures and also call for stricter rules to curb the use of fake software. The company also suggests that there should be faster and more focused punitive action for non-compliance, including establishment of special courts. "The objective of this whitepaper is to sensitize readers - end users, government establishments and enterprises - to the various security implications associated with usage of non-genuine software; with this intention the paper considers the results of our research, real-life cases and hypothetical scenarios to highlight the potential information security consequences of non-genuine software usage," Tuteja added.

siliconindia