Do You Know the Best Ways to Thwart Software Piracy?

Bob_Fighting_PirateSoftware piracy continues to be a growing threat to software producers’ revenue and reputation as many have unknowingly left their products exposed, including market leaders like Microsoft®. To help you combat piracy I’ll review specific areas you can focus on to thwart digital theft, including one of the most effective approaches: cloud licensing servers. First, to understand how to thwart piracy it is important to understand how and why anti-piracy technologies have evolved.

Background

Software piracy is growing at alarming rates, with an estimated 43% of software being pirated at a cost of $62.7 billion in commercial value of unlicensed software[1]. The scope of piracy is broad as it affects most software producers ranging from start-ups to large companies like Microsoft who have been battling software piracy for years.

Most recently Microsoft has been embroiled in a legal battle to identify software pirates who have activated thousands of copies of Windows® 7 and Office® 2013 using stolen or abused software license activation codes. Seeing market leaders like Microsoft in the news being victims of software piracy has left many software producers concerned about their own products’ susceptibility to being pirated, and rightfully so.

Traditional Approaches to Anti-Piracy

Over the years software producers have relied on the following approaches to curb piracy, with each adding an additional layer of security:

  • Serial numbers: Serial numbers printed on CD labels allow the software to run only if the correct serial number is entered. The serial number is not tied to any specific device, therefore users can share their serial number with others without understanding that they are pirating the software.
  • Dongles: A dongle is a hardware token that was predominately uses in the 1990’s in order to curb piracy. The idea is that the software runs when the dongle is attached to the physical device. Users are not able to share the dongle, however, emulators started to appear to record and replay the expected result back to the application in order to get around dongle protection.
  • Application hardening: Software producers rely on encryption and “obfuscation” in order to hide many decision points that control when and how the application is run. As debugging tools become more sophisticated, pirates are finding new ways to patch the software to allow unlimited use of the application.
  • Activation: Activation (or software licensing) has emerged as a way to get around the pitfalls of relying on hardware (or dongles). Activation provides the most flexibility and enable software producers to change how software is priced over time. 

A common issue with each of the above approaches is that the protection code itself can run in a hostile environment (client) that can allow a determined hacker to reverse-engineer and thus bypass any protection. This is where adding a cloud license server can fortify your security position.

Cloud Licensing Servers: A New Tool to Combat Piracy

ClsAs discussed above, traditional approaches to combat piracy focus on protecting code that could potentially run in a hostile environment. Hackers and their debugging tools have become very sophisticated and can circumvent anti-piracy measures implemented by the producer.

A new trend among software producers (including Microsoft) is to bolster security by moving away from serial numbers and towards “digital entitlements.” Many video game publishers have already moved most if not all of their digital entitlements (which include licensing code) to a cloud-based license server where access is more controlled and secure than local servers.

Additionally, some producers now leverage cloud licensing servers to manage digital entitlements. Simply put, a cloud licensing server replaces the traditional local license server and moves it to the cloud, which has several benefits to producers.

Not only do cloud licensing servers make application deployment more flexible, they can also be one of the most effective tools for combating software piracy. Video game producers have been at the bleeding edge when it comes to combating piracy as they force gamers to constantly authenticate (“call-home”) before authorizing access to game titles.

Similarly, this call-home trend has crept into many on-premises applications, most noticeably Microsoft Office 2013, Adobe® Creative Cloud, and Microsoft Windows 8. All of these products routinely validate the running copy of the application by calling home to authenticate the user and/or device and to also re-arm the application (e.g. allow it to run for another 30 days).

Another benefit of a cloud licensing server is that it offers a great way for software vendors to stem loss from virtualization which is the #1 reason for accidental non-compliance. The cloud license server can’t be copied like a local license server can which prevents accidental overuse, helping end-customers stay compliant and enabling the vendor to protect and monetize their intellectual property (IP).

The harsh reality is that software can and will be pirated given the financial motivation and resources available to these digital thieves. Combating piracy is a cat-and-mouse game so you need to be proactive and leverage different approaches as piracy is a reality. Why make it easier for these digital thieves than in needs to be?

-Tu

Additional Resources:

[1] http://www.vilabs.com/resource-section/stat-watch

Based on an article in IT Briefcase

Leave a Reply

Your email address will not be published. Required fields are marked *