Bit9 Survey: Unauthorized Software Running On 37% Of Computers

While a majority of organizations have policies prohibiting unauthorized software, the policies are not being enforced in many organizations, according to Bit9

April 9, 2009

3 Min Read


04.08.2009 - Waltham, MA - Bit9, Inc., the pioneer and leader in Enterprise Application Whitelisting, today announced the results of a survey on the ubiquity of unauthorized software in enterprise and government networks. According to the survey of more than 250 IT managers, 77 percent of the respondents have software usage policies in place, yet an alarming 37 percent have found unauthorized software running on more than half of their computers.

The survey targeted organizations in excess of $1 billion. It revealed that while a majority of organizations have policies prohibiting unauthorized software, the policies are not being enforced in many organizations. With software usage policies so frequently disregarded, it's no surprise that only 34 percent of survey respondents report feeling confident that in 2009 their business will be protected from harm caused by unauthorized or malicious software. Additional findings from the 2009 Bit9 Unauthorized Software Survey include the following:

Unauthorized or malicious software causes up to 25 percent of user downtime

Since the majority of respondents identified themselves as representing companies with over $1 billion in revenue, eliminating up to a quarter of total employee downtime by proactively blocking unauthorized or malicious software offers a significant opportunity for cost-savings.

The most problematic unauthorized software is malicious software not caught by existing defenses (44 percent)

Malware that has evaded reactive security poses a major problem for enterprises and highlights the shortcomings of traditional, reactive security approaches such as signature-based AV, which only protects against known malware, leaving companies open to unknown, targeted or zero-day attacks.

29 percent of respondents do not have a software usage policy that prohibits employees from downloading software to their computers at their discretion In today's heightened threat environment, this is a startling figure that demonstrates many enterprises still lack the balance of technology and process required to protect their assets.

Results from the survey underscore the need for companies to adopt proactive approaches to endpoint security, such as Application Whitelisting, to prevent unauthorized software from being downloaded and running in organizations.

Application Whitelisting is a proven, proactive way to secure endpoints (laptops, PCs, servers, kiosks, etc.) against the threats posed by unauthorized software, while giving organizations control and visibility into their IT systems. Rather than scrambling to react to the latest malicious piece of software, IT administrators using application whitelisting ensure that only software applications on the corporation's list of approved software are permitted to execute.

"Software usage policies are like today's highway speed limits where they are often considered guidelines rather than strictly governed regulations. This cultural tolerance opens doors for targeted attacks, crimeware, failed audits and licensing abuse," said Tom Murphy, chief strategist at Bit9. "Bit9's approach to Application Whitelisting helps IT managers regain complete control over their systems by 'policing' all software before it can execute."

The Bit9 Parity Application Whitelisting solution provides IT and security professionals with the ability to identify and decide which applications and portable storage devices are approved and appropriate to run in their specific environment, while blocking any unauthorized software or devices that can introduce risk or business disruption.

About Bit9, Inc. Bit9 is the pioneer and leader in enterprise application whitelisting. The company's patented application control solutions ensure only trusted and authorized applications are allowed to run, eliminating the risk caused by malicious, illegal and unauthorized software. Unlike traditional, reactive controls that try to scan and prevent the never-ending list of unauthorized software, Bit9 leverages the Bit9 Global Software Registry -- the world's largest database of software intelligence - to ensure only authorized applications can run, delivering the highest levels of desktop security, compliance, and manageability. Bit9 customers include companies in a wide variety of industries, such as retail, financial services, healthcare, e-commerce, telecommunications, as well as government agencies. Founded in 2002, Bit9 is privately held and based in Waltham, Massachusetts. For more information, visit or call +1 617.393.7400.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights