Problem solve Get help with specific problems with your technologies, process and projects.

Shareware applications vs. commercial software

Considering using a shareware application? In this information security threats Ask the Expert Q&A, SearchSecurity's resident expert Ed Skoudis examines if commercial software product are more secure than shareware applications.

Are shareware applications more vulnerable to security risks than commercial software?
Not necessarily. It all comes down to how much you trust the developer. A poorly developed commercial application could have far more security holes than a carefully constructed shareware application. Shareware is merely an economic model, not a design or implementation methodology. Thus, good and bad software security can come from either model, and neither is inherently more or less secure.

However, when it comes to poor security, you may have more legal options with commercial software. While commercial vendors try to relinquish responsibility for poorly designed applications through complex license agreements, if you can prove they were negligent, and they knew about security holes, you could file a claim based on the software you purchased. However, in a shareware environment, because you haven't paid for the software, from a legal perspective your options could be limited.

Also, look beyond the license agreements, and consider the support option. Most commercial application developers offer support for security flaws, and issue patches periodically, whereas some shareware developers offer great support while others do not. The latter are the hobbyists, who may have created a great program, but then moved on to other things, leaving their software orphaned from a support perspective. While software orphans exist on the commercial side, they're more plentiful in the shareware community.


  • Visit our resource center for news, tips and expert advice on how to work with information security vendors.
  • This was last published in July 2006

    Dig Deeper on Open source security tools and software