IT departments that don’t tightly control what software users download may want to consider doing so based on recent research from Microsoft on the most common sources of malware.
When malware gets on a company’s network, the culprit is often something a user downloaded. And in particular, users may be infecting their companies’ networks by trying to download pirated software for free, according to Microsoft’s most recent Security Intelligence Report.
One common method of getting software for free is to download a key generator that creates a code that can be used to unlock a trial version of an application. Not only is that illegal, but it’s also dangerous, as the sites the key generators are downloaded from are often unsafe, and the software itself is frequently bundled with malware.
In fact, 76% of machines monitored by Microsoft for its report that had key generators installed also contained malware. But despite the compliance and security risks, use of key generators has become so widespread that it’s now one of the most common security threats out there.
Key generators are often used for pirating games, but they’re becoming common for obtaining enterprise software, too, Microsoft warns. Among enterprise PCs monitored, 10.2% had a key generator installed, which was up from 7.6% in last year’s study.
Among the software most commonly associated with malicious key generators were Adobe Photoshop, AutoCAD and Sony Vegas Pro, in addition to games such as Call of Duty and Half-Life.
Set user download policies
To prevent malware infections, many IT departments may want to set tighter controls on what software users download. Of course, pirated software should be one of the items banned, along with illegal music and video downloads, which also create security risks in addition to compliance problems.
Microsoft also recommends organizations block peer-to-peer downloading software, which is a common source for those troublesome downloads, and use Windows’ security features to blacklist potentially unsafe applications on users’ PCs.