Microsoft: Most PCs running pirated Windows in China have security issues

Microsoft finds widespread piracy in PCs sold in China, warns consumers in new campaign

Microsoft has launched a new anti-piracy campaign in China, which intends to highlight the security risks of buying counterfeit software.

In a recent investigation, Microsoft purchased 169 PCs from shops in China and found that all were installed with pirated versions of Windows, with 91 percent of them containing malware or deliberate security vulnerabilities.

"What we are finding is that increasingly cybercriminals are targeting both businesses and consumers right here in China," said Nick Psyhogeos, vice president of Microsoft's original equipment manufacturer (OEM) business solutions group.

The U.S. company has long battled China's software piracy, which is among the highest in the world. Last year China's illegal software market was valued at close to US$9 billion, while the legal market was valued at $2.7 billion, according to a study by the Business Software Alliance.

Microsoft on Thursday said users of the counterfeit Windows software are often saddled with unreliable PCs running malware that can steal users' credit card and bank account information. The anti-piracy campaign is being launched during a busy holiday season in the country.

Over an 18-month period, Microsoft said it conducted its "most extensive forensic survey" of PCs bought in China, by purchasing computers from Chinese shops and "IT malls," which can feature dozens of different small vendors in one building. Of the 169 PCs running pirated versions of Windows, 59 percent were already infected with malware, and 72 percent featured altered Internet browsing settings that intentionally sent users to scam and phishing websites.

Some of these PCs contained a malware known as "Nitol," which when activated through a pre-installed music player can remotely log user keystrokes and spy on users through the computer's webcam. More than 70 percent of the systems also had their Windows update, Windows firewall, and user account control warning functions disabled, making them vulnerable to cyber attack.

"Counterfeiters have pitched this story to consumers that software piracy or pirated products themselves don't cost anything, they're free. They've also pitched the story that it works just fine, it's good enough," said Psyhogeos in a media briefing. "Neither of those statements are accurate."

The PC brands that were found pre-installed with counterfeit Windows software include big names such as Acer, Asus, Dell, HP, Lenovo, along with smaller Chinese vendors. But Microsoft said the piracy is believed to come from further downstream in the supply chain, through resellers who are loading the counterfeit software and malware into the products in order to lower the cost of PCs sold.

OEMs that make the PCs will often install a non-Windows operating system such as FreeDOS on the product, Psyhogeos said. This makes it highly likely that a third-party will later install a pirated version of Windows on the PC during its distribution.

As part of Microsoft's new "Keep it Real" campaign, the company has notified 16 Beijing-based resellers, who were found repeatedly selling PCs pre-installed with counterfeit Windows versions, to stop the piracy. Microsoft will consider legal action as a last resort.

Join the CSO newsletter!

Error: Please check your email address.

Tags Windows desktopsMicrosoftintellectual propertysecuritydesktop pcshardware systemslegallaptopsExploits / vulnerabilitiesmalwareWindows laptops

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts