Friday, August 1, 2008

Inside Emerging Technologies

Building an arsenal for fighting software piracy

Every day we learn more about software piracy groups, their networks  and the financial impact they wreak on the software economy. Piracy is not new, but vendors are beginning to recover revenue and reduce piracy through a combination of new and existing strategies and technologies.  

The opportunities for revenue recovery are significant. According a recent study conducted by Business Software Alliance (BSA) and Framingham-based IDC, nearly half of the one billion PCs installed worldwide have pirated, unlicensed software.

While there are no magic bullets to stop piracy, vendors typically target three aspects of the piracy ecosystem: the piracy groups that release “cracked” software, the channels that make it easy to access cracked software, and infringing organizations.

Microsoft Corp. combined licensing, activation, software protection and tracking capabilities in their Vista release. As a result, the company realized $164 million of potentially lost revenue in the third quarter of 2007.

Although not every vendor has the resources to match Microsoft’s anti-piracy efforts, most high-value software vendors at least ensure that a valid key is required to use their software.  While licensing and activation can reduce casual piracy or license overuse, they are easily disabled by expert pirates through a technique called binary tampering. 

Newer software protection approaches combat this piracy method by protecting the software itself. This is done through obfuscation, which masks components of code so it cannot be tampered with, or by encrypting the code.

Obfuscation, code encryption, anti-debugging and anti-tampering techniques are aimed at deterring reverse engineering. These protection approaches must be layered to deter the efforts of sophisticated piracy groups. 

Interdiction-based services are designed to disrupt the distribution of cracked software through the piracy networks with techniques ranging from website takedown notices to collecting Internet addresses and other infringement data. Vendors can upload “dummy software” onto the peer-to-peer network to frustrate people sharing pirated software. However, these approaches have limited effectiveness due to the resilient nature of the web and P2P networks; it’s akin to playing “Whack a Mole.”

The most promising of newer technologies, Piracy Business Intelligence, protects software while allowing companies to fight back, recover lost revenue, and aid in sales and marketing efforts through lead generation. It provides a deeper understanding of who is pirating software and in what markets. Most important, it gives those software makers a much-needed bartering chip when ultimately confronting the perpetrator.

Previous efforts to recover revenue relied on whistleblowers, audits, and other insider information. Piracy Business Intelligence adds stealth “phone home” technology to gather data on license overuse or piracy. This active method identifies organizations using pirated software and offers ways for vendors to regain lost revenue. 

Choosing the right combination of anti-piracy approaches requires a review of the current threats, problem geographies, licensing system used, and the attributes of software. A software protection strategy may be the best fit where you need to secure the IP itself, or the time to crack a release is short and the volume of release activity is high. Also, implement protection early in the product’s lifecycle. Building license management into an application early in the process will prevent sophisticated cracks and limit cracker knowledge.

A piracy detection and reporting capability has the potential to quantify specific piracy rates for a product and gather forensic evidence on organizations using unlicensed software. That system must operate unnoticed by the infringing organizations.

There is no quick fix to stop piracy. Piracy groups find new ways to wreak havoc and steal revenue. The trick is to employ a combination of technological and intelligence gathering resources and continually sharpen skills to fight these thieves.

Joseph Noonan is president and CEO of V.i. Laboratories Inc. in Waltham. He can be reached at 781-398-3400.