Counterfeit Software on the Rise, Poses New Risks to Consumers

Editor’s Note, Dec. 7, 2009 –
This article was amended post-publication to add additional consumer-protection information.

REDMOND, Wash. — Dec. 2, 2009 — Consumer reports of counterfeit software, often riddled with viruses, have doubled over the past two years, and today Microsoft is holding a Consumer Action Day to highlight the risks of counterfeits and connect people with resources that can help them.

As head of global anti-piracy enforcement for Microsoft, David Finn leads a team of lawyers, paralegals, investigators and forensic specialists working with governments, businesses, partners and customers to ensure that people are protected from the perils of non-genuine software.

PressPass spoke with Finn leading up to today’s event to talk about the consumer risks of counterfeit software, and how a new wave of sophisticated cybercrime is motivating more people to take action against counterfeiters.

PressPass: What is Consumer Action Day all about? Why are you doing this?

Finn: During the past two years, consumer reports of counterfeit software, often containing malware and viruses, have doubled to more than 150,000. These are voluntary reports from people who have come to us via online Web sites, such as How to Tell, with powerful stories about the problems they’ve encountered with counterfeit software.

We’re seeing some sophisticated scams today, and consumers need to know, No. 1, there’s a serious risk to using counterfeit software, and No. 2, they don’t need to take it. Microsoft will help them. Consumer Action Day helps gets the word out and then backs it up with hundreds of educational and enforcement initiatives around the world — all aimed at protecting consumers.

PressPass: Do consumers really buy into the idea that counterfeit software puts them at risk?

Finn: Absolutely. More and more consumers believe they are at risk if they buy or use counterfeit software, and you know what? They’re right to be concerned.

Today it is all too common for software pirates to tamper with genuine code. Yet this can easily go unnoticed by the average software user. Indeed, the fact that you can’t see what is being added or removed by pirates underscores the insidiousness of the problem. Think about it — why wouldn’t a criminal syndicate that manufactures counterfeit software merely add a few lines of malicious code in order to compromise the security of your computer and victimize you a second time by stealing your identity or personal information?



Sophisticated packaging makes it difficult to distinguish the genuine product (right) from the counterfeit (left).

Having said that, we know a lot of people still think of software counterfeiting as a victimless crime. Yet I think we’ve hit a tipping point. The sheer increase in the rate of counterfeit software reports is remarkable. In fact, of the cases announced today, an overwhelming majority were the direct result of consumer reports. To file a report, which is completely voluntary, you need to fill out a Web form and provide some detailed information. Given how precious people’s time is, we know you have to be pretty mad to take the time to do that. And we’ve had 150,000 people around the world submit these reports in the past two years.

So there is just no question about it. Consumers are increasingly recognizing the reality: Counterfeit software puts them at risk. And people are seeing that friends and family members are struggling with the harm inflicted by counterfeit software: viruses, identity theft, lost time and productivity, lost business and financial data, you name it.

So I really think consumers are starting to think about it in a different way. Do I really want to play around with this? Do I really want to put my system and confidential information at risk? Do I really want to take the chance, given how much I rely on my software and computers in my daily life?

And, increasingly, consumers are taking action, they are feeling empowered. They don’t want to put their systems and confidential information at risk, and so they are fighting back and helping us track and trace the counterfeiters.

PressPass: You mentioned a couple of examples, but do you have any real numbers about how counterfeit software puts consumers at risk?

Finn: Well first, I never do a single interview around the world without citing a data point from a risk-of-counterfeit study conducted by IDC (a provider of global technology intelligence) in 2006. It was so powerful to me that I never stop talking about it: Twenty-five percent of Web sites offering pirated software were distributing malicious code that could undermine IT security and performance.

In that same report, IDC shared a study done by another party that purchased counterfeit versions of Microsoft software from resellers in 17 countries and conducted an exhaustive forensic examination. And you know what they found? One-third of the counterfeits wouldn’t even start due to vulnerabilities or malware. Talk about risk!

More recently, a study by the Harrison Group (a consulting firm) found that companies using unlicensed or counterfeit software were 73 percent more likely to experience the loss or damage of sensitive data and have critical computer failures lasting 24 hours or more.

Consumers need to know we’re not talking about some average Joe copying his install disk here. Software piracy has become much more sophisticated. More and more, there are serious criminals engaged in this.



“People are seeing that friends and family members are struggling with the harm inflicted by counterfeit software: viruses, identity theft, lost time and productivity, lost business and financial data, you name it,” says David Finn, Microsoft’s head of global anti-piracy enforcement.

PressPass: What is Microsoft doing to help consumers who’ve been burned?

Finn: I think the biggest thing is that we’re giving them the opportunity to report it — and when they do, we investigate and take action. We have a tool that allows consumers to contact us and tell their stories through a number of online venues, but especially through our How to Tell Web site.

We think this can have a significant effect, the same way traffic cameras that catch people who run stoplights have helped reduce collisions in busy intersections. The criminals who are selling counterfeit software should know that “the cameras are on,” and the next customer they victimize could turn them in.

We saw this in action a couple of years ago when the big China criminal case came down — consumers had become part of the judicial process. This was the largest counterfeiting case in history, and it culminated in 2007 when China’s Public Security Bureau raided facilities in southern China owned by a criminal syndicate suspected of producing more than $2 billion of fake Microsoft software.

We were able to track down these pirates because consumers in different countries helped law enforcement find the criminal syndicate. How? They reported the counterfeit software that they had unknowingly purchased and provided the evidence needed by the investigators.

The result: Eleven defendants were ultimately convicted and sentenced to lengthy prison terms. We’re seeing a lot more of this active consumer role in the judicial process, leading to enforcement against the criminal syndicates at the upper end of the supply chain, and counterfeit resellers and distributors further down the chain.

PressPass: What if people are concerned about sending information that is too personal or information that might get them in trouble with the retailer that sold them counterfeit software?

Finn: I think that people who have gone through this are more concerned with the fact that they’ve been conned or have installed bogus software.

It‘s voluntary and confidential to submit information to Microsoft about your software, where and when it was purchased, and any other information. We’ve had people submit copies of invoices or e-mails from their distributor. And this system seems to be working.

PressPass: What should consumers do if they think they’ve been duped?

Finn: Do what thousands of others have done. If they install software and their computer starts acting strangely, or if they’ve purchased a product and it just doesn’t seem right, they should go to How to Tell and check it out. It’s easy, voluntary, confidential, free and totally worth it in terms of peace of mind.

And to avoid the situation entirely, consumers should only purchase from a reputable dealer or via the Microsoft Online store in available countries; they should insist on being sold genuine Microsoft products when they buy a computer loaded with software or when they by stand-alone software; and they should ask for an assurance from the salesperson that their software will pass Microsoft’s online validation test, which checks to see whether Microsoft’s software is genuine or not.”

And of course, if they learn they don’t have genuine software, report it! We investigative every single complaint we get.