The Risks of Unauthorized Software

Get Started. It's Free
or sign up with your email address
The Risks of Unauthorized Software by Mind Map: The Risks of Unauthorized Software

1. Background

1.1. General

1.1.1. Installing unauthorized software programs on your computer at work may seem harmless or even beneficial but there are risks

1.1.2. But, just like the speed limit, it is a law that is often broken.

1.1.3. Like speeding, the use of illegal software may be widely condoned but it can get you into trouble with the law.

1.1.4. With the increased use of networks and the Internet in daily business computing, the potential for encountering hostile code is higher than ever before.

1.1.5. People collaborate in more sophisticated ways by using e-mail, instant messaging, and peer-to-peer applications. As these collaboration opportunities increase, so does the risk of viruses, worms, and other hostile code invading your systems. Viruses and worms often use social engineering to trick users into activating them. With the sheer number and variety of forms that code can take, it can be difficult for users to know what is safe to run and what is not.

1.1.6. If left to their own devices, many PC users will happily load applications that the IT Department “thoughtlessly failed to provide them with.”

1.1.7. And laptop users will sometimes discover that their teenage children have seen fit “to enrich” their laptop with a computer game or two

1.1.8. It’s not about recognizing the bad software, it’s about authorizing the genuine applications and ensuring that they are the only software that can run.

1.1.9. What does a certified software manager at a manufacturing company do when he can't seem to stop his end users from bringing in software from home or downloading the beta of some cool new application off the Internet?

1.2. Examples

1.2.1. games to play during break time

1.2.2. media players for the same reason

1.2.3. maybe signature files for email, weather programs

1.3. Types

1.3.1. Malicious code

1.3.2. Pirated Software warez commercial software that has been pirated and made available to the public via the Internet or an electronic bulletin board. Widely used in cracker subcultures to denote cracked version of commercial software, that is versions from which copy-protection has been stripped. Hackers recognize this term but don't use it themselves. also called illegal software

1.3.3. Unknown Software non-malicious Hostile code is not the only threat—many non-malicious software applications also cause problems.

1.4. Response

1.4.1. He goes to upper management and explains the business risks in terms they can understand -- unlicensed software can lead to audits by the Software Publishers Association and, ultimately, large fines

2. Threats

2.1. Malware

2.1.1. Freeware and low-cost software downloaded from the Internet or distributed on floppy disks or CDs can contain viruses that will infect your system and spread to other computers on the network.

2.1.2. lack of knowledge about the source

2.2. Spyware

2.2.1. Unauthorized software may contain sypware that will capture information you type and send it to marketers or criminals.

2.3. Quality and Compatibility

2.3.1. Unauthorized software may be poorly written, intended for use with a different operating system, or have conflicts with currently installed software that can cause it to crash your computer or send unwanted messages on the network.

2.3.2. Any software not known and supported by an organization can conflict with other applications or change crucial configuration information

2.3.3. Unlicensed software may cause incompatibility between programs that would normally function together seamlessly.

2.3.4. "There are support issues, there are compatibility issues. With version control and all the things associated with managing the desktop come cost factors in terms of having stray software or different software out there,

2.4. Piracy of Unlicensed software

2.4.1. Unauthorized software might be pirated (copied illegally), which could subject the University to penalties in case of a software audit.

2.4.2. impact subject to legal action and penalties

2.5. Unsupported

2.5.1. Unauthorized software, once installed is seldom kept current. The software may not contain known security flaws when installed but hackers may discover and exploit flaws. The software company corrects these security flaws and releases an updated version. Most users never update the software once it is installed and is vulnerable to the security flaws.

2.5.2. you can expect no warranties or support for illegal software, leaving your company on its own to deal with any problems.

2.5.3. Impact If you have a technical issue in need of resolution, often times a work-stopping issue, the district would not have the resources needed to rectify the situation. In addition, product upgrades – less expensive upgrades of existing products – are not available to the district. By violating or ignoring standard procedures, users create diversity among corporate desktops and ultimately cause help desk headaches By violating or ignoring standard procedures, users create diversity among corporate desktops and ultimately cause help desk headaches It's not unusual for a help desk to come to the aid of users complaining of applications that won't open, buggy versions of software, or machines that are out of memory, and then discover that a great deal of the software isn't even supposed to be there.

2.6. Software that encourages unauthorized software

2.6.1. P2P, IM

3. Consequences

3.1. impact Malware

3.1.1. loss of data on disk

3.1.2. lanch an attack

3.1.3. flood network for DOS

3.1.4. send confidential information out to the Internet

3.1.5. compromise the security of a machine

3.2. Piracy

3.2.1. Abuse of software licenses can result in financial penalties, legal costs, and damaged reputation. Additionally, administrative personnel of VBSD can be held individually liable, both criminally and civilly, for any copyright infringement that occurs within the district.

3.2.2. When using unlicensed software, the district will not be eligible for technical support from the software publisher.

4. Controls

4.1. Enforce that only approved software is installed on system computers

4.1.1. some AV products Sanctuary and Bit9 Parity provide different policy options on how to deal with unauthorized software

4.1.2. NetCensus NetCensus asset recognition software from Tally Systems. NetCensus, which runs at boot time, takes a complete inventory of the hardware and software on a PC, including software manufacturer, name, version, and serial number. he and his staff can delete unauthorized files from the network from a centralized location

4.2. Regulate which mobile code can be downloaded

4.2.1. ActiveX for example

4.3. Lockdown a machine

4.3.1. what does this mean exactly?

4.3.2. The first step is to try and make sure employees can't install applications--this will solve a big portion of the problem

4.3.3. can look up some eWP policies here

4.4. Software management process

4.4.1. MS solution

4.5. Stop it at the source

4.5.1. The second step is to realize that most of the unauthorized software and illegal software are downloaded from the Internet

4.5.2. filtering, blocking at different layers

4.5.3. threaten to log Internet download activities

4.5.4. Businesses should have a centralized managed policy to manage traffic or files that are going in or out of the enterprise

4.5.5. limit number of hours connected and at which time