Cyber Essentials certification requires that all of your software is supported by the manufacturer, updated regularly and protected from malware and when it comes to buying software, the widespread guidance is: Only use software that is from an official source that is approved by the manufacturer/vendor.
All of your software needs to be licensed and supported. This means that you have a legal right to use it and that a vendor has committed to support it by providing regular updates (patches).
There are numerous software manufacturer or vendors, common examples include Microsoft, Apple, Cisco, Adobe and Oracle. The two largest ‘official sources’ for mobile apps are the Google Play store and the Apple app store.
Buying software directly from the vendor can be very expensive and at times, difficult to find and slow to acquire. In practice, most organisations develop a trusted relationship with a reseller who can source and purchase software on their behalf. Resellers come in all sizes, from the really big ones such as Computer Warehouse and Currys/PC world, to the medium ones such as Softcat and CDW and smaller ones like Fortem-IT.
How do you pick a reputable re-seller?
Some software can only be purchased directly from the vendor, but most software can be purchased through a reseller who is accredited by the vendor and buys the software at cost price to sell on. Despite the reseller adding a profit margin of between 3-20% (depending on the software), it is usually still cheaper to buy software through a reseller than directly from the vendor.
If you are interested in a piece of software, go to the vendor’s website. Most will have a distributer or reseller page where they will have a list of accredited partners who sell their products. Microsoft is so huge that they sell their products via a distribution channel who then sells on to resellers who in turn sell to end users.
The vendor must provide the future date when they will stop providing updates for their software. Finding out how long your software is going to be supported will determine how long it will be functional before you need to purchase more. This may influence your decision about which software you invest in.
It’s worth noting that if you are a sole trader or micro company (less than 25 employees), you will not be able to buy your IT through most resellers (with the exception of the large retail stores such as Currys/PC world). In your case, it is safest to buy directly from a large reputable IT store or directly from the vendor. Although tempting to search up special deals on the internet, it is ill advised as the following section explores.
Dodgy, dangerous and dud software
There are thousands of websites selling software, many offering considerable savings compared to the official sources. However, software acquired from questionable sources may be counterfeit and unlicensed. You may risk receiving a code that doesn’t work or not receiving a code at all. Your software may be of an inferior quality and unable to receive ongoing support and there is also a high chance your software will contain malware.
Quite a lot of software is downloadable for free and although some is fine to use, it is important to realise that there is often a hidden cost or a catch. Most free products, harvest your data and sell it to advertisers, others give you a few basic features and then charge for anything extra. Other free or dubious downloads can be located on cluttered webpages which can contain misleading ‘download now’ buttons that trick users into installing different programs. Sometimes, along with the program you want, unwanted software is sneakily downloaded in the background. This is known as bloatware, foistware and adware and includes search engine toolbars, media players and web browsers.
These ‘Potentially Unwanted Programs’, or PUPs are designed to make money for the developer or download website, however, they also take up space, slow down your PC and can threaten your privacy. They’re a nuisance to get rid of and can also be a vector for viruses and malware.
Mobile apps
In the case of smartphone and tablet apps, despite multiple software marketplaces existing out there on the internet- the advice is simple- you should only install apps from the app store on the device. Stick to Google Play on Android devices, the Apple App Store and identified (Apple approved) developers on Apple devices and the Appstore on Amazon Fire tablets. Downloading third-party apps to your phone is the most common way to get a virus.
Official App stores provide access to thousands of applications (apps) that have been vetted and approved by the manufacturer before being released for download. They are more likely to be virus-free and meet guidelines for decency, profanity and quality. Apps installed directly from a website and other app stores, however, could be laced with malware and your phone or tablet may be pre-configured to block this kind of installation.