College textbooks are notoriously expensive. Every semester university students near and far scramble for a way to avoid paying for their required reading, even if it means spending 15 hours a semester making copies or trading textbooks in private Facebook groups. Encountering this behavior on a campus is not unusual, encountering this behavior in the workplace is also not uncommon – but the damage it can cause can be devastating. Many users or office administrators looking to cut costs will turn to free versions of standard workplace software. Why pay full price when you can simply download a free program that does the same job? Well, here are a few reasons why you should think twice about downloading that free software.
We’ve encountered many workspaces that utilize free software as a substitute for Microsoft Office. We immediately require that these clients purchase access to the real McCoy. Why? These “free substitutes” are riddled with user issues and introduce both legal and security risks for environments that manage sensitive data. When hackers break into a program to make it free, they are also removing it’s security measures and creating an open vulnerability. Sure, you got in through the backdoor, but now so can anyone else. If you work in an industry that has compliance requirements, cutting costs here could potentially compromise a compliant workspace and cost you more in the long run.
Free software may not have centralized management or a dedicated team of developers to fix any issues. When the software runs into a bug, or isn’t updated, there isn’t much you can do. It’s important to keep in mind that cybersecurity is an ever-changing field, so lacking up to date security is very troubling. Many third-party vendors do not offer warranties and liability, so if things go south you won’t have much in the way of support and recourse. If you do opt for free software, be sure that it aligns with your company’s software procurement policies.
Is Free Software Secure?
There is a measure of risk associated with using any software. However, free or even open source software (OSS) presents its own unique risks. Anyone can view or potentially exploit the code for most OSS, and if no one on your team knows how to use open source software then even the process of vetting software for security risks can become complicated. You may recall the Heartbleed Bug, a vulnerability that took center stage in 2014, that can be traced to a single line of code in OpenSSL. The same bug was associated with an attack that stole vital patient data from Community Health Systems. And while you can track the CVE or National Vulnerability Database, updates can be undependable, and will mean little to nothing if you are unfamiliar with software.
Free software can often be laden with “back door” opportunities for cyber criminals to exploit. Even if the website that you are downloading off of includes a disclosure that they don’t allow malicious software. Free software will often bundle in other players, since they can make money by selling subscriptions with every download. Don’t believe us? Check out this great experiment by How to Geek. A single software download resulted in more than three browser hi-jacking extensions and one fake registry cleaner.
Free software sounds nice, and there are many benefits to OSS. However, when in the workspace it’s safer to think twice before downloading.
Not sure if your IT environment is secure? Let our team help! Click here to book a meeting with us today.
AlphaRidge is a leading MSP located in NY. With over 15 years of managed services experience, AlphaRidge experts have solutions for your specific needs. We place the highest value on the protection and privacy of your data, and we maintain transparency to you with every service we provide. Our white glove on-site and remote service is designed to demystify IT and streamline your concerns into rapid solutions, so that you can focus on what you do best. Consider our team, your team.
This blog post, in addition to any posts presented on the AlphaRidge blog are written for informational purposes only, and should not be seen as technological, financial, healthcare, legal, etc advise.