Ministry to PC makers: 'Play your part in curbing malware'
By Gabey Goh March 1, 2013
- 1 in 2 PCs running counterfeit software in Malaysia infected with malware
- PC manufacturers need to do their part in curbing the pervasive nature of malware
PC manufactruers need to do their part in curbing the pervasive nature of malware.
Roslan Mahayuddin (pic), director of enforcement at the Ministry of Domestic Trade, Cooperatives and Consumerism, said that consumers are not the only party responsible for limiting the uncontrolled spread of malware.
“PC manufacturers have a part to play to ensure malware persistence in the country is reduced,” he said at a media briefing on Wednesday (Feb 26) detailing the results of a forensic study conducted by Microsoft Corp on counterfeit software and malware infections.
The study found that one in two PCs running counterfeit software in Malaysia was infected with malware – including the password-stealing Zeus trojan – across well-known PC brands.
According to the RSA 2012 Cybercrime Trends Report, the Zeus trojan alone is estimated to have caused more than US$1 billion in global losses in the last five years.
Findings from Microsoft’s Security Forensics team further revealed that pirated copies of Windows embedded with malware spread across numerous well-known PC brands, including: Acer, Asus, Dell, HP, Lenovo and Samsung.
Microsoft believes that neither the counterfeit images nor the malware originated from or were installed by the individual PC manufacturers. Rather, the computers were likely shipped with non-Windows operating systems, which were later replaced by individuals in the downstream supply chain or retail channel who deal in the illegal duplication and distribution of pirated software.
“The study shows that household name-brand devices are not exempt from counterfeit software. By selling PCs without any software, PC manufacturers are practically creating a culture where PC dealers load pirated software or where consumers are left to their own devices and are encouraged to purchase pirated DVD software,” said Roslan.
Microsoft Malaysia national technology officer Dr. Dzahar Mansor (pic), who helmed the briefing, was asked why Microsoft is not considering shifting toward a subscription model for its software or pre-install agreements with OEM partners to reduce the risk of illegal software installations downstream.
“In general, our OEM partners do pre-install our software but we cannot force them. We have to be careful because there are anti-trust and regulatory restrictions that we have to comply with,” he said.
Dzahar added that the challenge here is with more competition -- manufacturers are looking to reduce the price of PCs they can put on the market and this results in a situation where it opens up opportunities for people to install counterfeit software.
“We cannot dictate and we need to have an outreach to consumers to let them know there’s a 50% chance that you’ll be infected.” he said.
Dzahar noted that many people assume that buying a name-brand PC is all that’s required to guarantee a good and safe computing experience. There is little thought lent to the software sold with the computer, and whether or not it’s pirated.
“The hidden cost of pirated software is significant, and contrary to popular belief, can’t be remedied by simply running anti-virus software. If a consumer can’t verify that the computer they purchased was installed with a genuine copy of Windows, their risk of exposure to viruses and spyware and the potential for data corruption, theft and financial loss increases exponentially,” he added.
On the shift to subscription models, Dzahar said that moving forward, that approach was certainly the way to go and the way the company sees the market moving.
“We have already introduced subscription models with Office 365 and will continue to move into this more in the future,” he added.
To assist the efforts of PC manufacturers, Roslan's ministry plans to meet PC makers to see how this challenge can be reversed. The ministry will also intensify enforcement raids on errant retailers and dealers who are duping consumers by selling PCs with pirated software.
Roslan said that the ministry has already conducted several raids this year and that besides targeting counterfeit software DVDs, will also be concentrating on stemming the downloading of pirated software at the dealer-side.
He also admitted that conducting raids was not easy, needing much time and resources, as ministry staff have to first go undercover posing as buyers and observe the actions of sellers in order to determine whether or not they are in violation of the Copyright Act 1987.
Under the Act, the penalty for infringement is RM2,000 to RM20,000 per copy of counterfeit software.
The counterfeit connection
The Microsoft study extends research originally conducted in December 2012, examining a total of 282 computers and DVDs -- more than double the original sample -- and found an average malware infection rate of 69%, an increase of six points over the preliminary study.
According to Dzahar, 1,131 unique strains of malware in this study’s extended sample size were discovered.
“As the use of Internet-connected devices in both the workplace and at home explodes across South-East Asia, so too does the volume of sensitive data that people are willing to store on them. It’s never been more important that consumers understand and avoid the risks associated with pirated software,” he said.
Out of the five countries covered in this study, Malaysia ranked second in terms of the least amount of infected computers, with Vietnam being the most and Philippines the least (click to enlarge image).
The study also found that hard-drive swapping – where original hard drives are swapped out with drives of undetermined make – was apparent in close to 1-in-3 PCs sampled.
Across the region, hard-drive swapping is apparent on 28% of PCs; in Malaysia that percentage stood at 10%.
Of the 282 computers and DVDs sampled, 50 came from Malaysia. When asked whether the sample size was robust enough to give an accurate picture of the country’s malware landscape, Dzahar said, “Even with the sample size of 50, which was also random, what we discovered in terms of the level of infections I believe serves as a good indicator.
"But certainly there’s more to be done in terms of robustness with expanding the sample sizes in future studies,” he said.
While the sample did not include downloaded software, Dzahar acknowledged the prevalent trend of pirated software now being downloaded as opposed to being obtained via purchasing DVDs, and urged consumers to only do so via trusted sources to minimize the risk of being exposed to malware.
Keeping yourself safe
The study also underscored the need for consumers to be vigilant and proactive when making their computer purchase decisions, to ensure they do their best to curb malware persistence through genuine software purchases.
Dr Amirudin Abdul Wahab (pic), chief executive officer of CyberSecurity Malaysia, said using a computer with counterfeit software is “just like opening doors to cybercriminals” as they have no guarantee that their personal and sensitive data, activities as well as communications online on the device, will be safe from those that intend to do harm.
“We would like to urge consumers to regard security as their first priority and they must know how to protect themselves from malware and other computer viruses by insisting on genuine software when purchasing computers,” he said.
He also urged users to check out the CyberSAFE program, to obtain various tips on cyber safety and Internet security.
However, all is not bleak as Amirudin also shared that last year, 645 incidents were reported to the agency under the MyCert initiative, down from 1,012 incidents in 2011. “According to our analysis, Malaysia has not had significant outbreaks compared with previous years,” he said.
Microsoft also advises consumers to take the following steps to avoid the inadvertent purchase of pirated software:
- When purchasing a new PC, always insist on installing a genuine copy of the operating system.
- Buy from a trusted reseller and avoid deals that seem “too good to be true.”
- Ensure all software purchases come in their original packaging.
- When buying a PC with Windows, look for the genuine label and Certificate of Authenticity that Microsoft requires be affixed to all PCs on which Windows is pre-installed. As a further check after purchase, log on to http://www.howtotell.com/ to confirm the label is authentic.
Customers who suspect they’ve received pirated or counterfeit software are encouraged to report it at www.microsoft.com/piracy.