Microsoft is trying yet another approach to end P2P file sharing of their software. Ironically it involves them investing in a Russian startup aimed at blocking bittorrent traffic by creating confusing false connections.
The only problem is it doesn't work. Well, not very well at least. They were able to block 42,000 downloads of this blockbuster. But it will cost (between $12,000 and $50,000 --dollars, nyet?).
The other problem is this tune's been sung before. (Great read, BTW, especially where they got hacked by some high school kids.) Different methods (not very good, actually) but same general idea.
This is no way to achieve software protection. This is akin the scene in Blazing Saddles where they fool the bad guys into attacking a fake town.
Microsoft and other publishers should spend their time focusing on how to make it tougher to copy their software in the first place, not how to keep cracked software from being shared.
An interesting article on torrentfreak caught my eye. They argue that the data shows that Disney's freakout over a camcopy of The Avengers hitting the torrent sites would kill boxoffice sales. Yet Thor, Iron Man, Hulk, et al are boffo boxoffice, smashing records like Thor's hammer smashing heads.
The logic, according to torrentfreak, is that the camcopy doesn't kill sales because the experience of seeing the movie in the theater is so different than watching a camcopy downloaded via bittorrent. They argue that based on the DL numbers, even if all the 100,000 people in the US who downloaded the camcopy had bought a movie ticket that would only boost revenue .05%.
I don't have any data on the lost sales (and frankly their math doesn't hold up to close scrutiny) but part of their logic is reasonable: camcopies are the theatrical equivalent to bootleg concert tapes. They are the domain of the fanboy, the collector, and the curious. Switching to music, who has the most bootleg tapes in the universe? Deadheads. And who went to the most Grateful Dead concerts? Yep, those same Deadheads.
Don't get me wrong, copying is copying. But Disney getting its tightywhities in a knot because of a camcopy? I bet if they had released TA in the US first instead of overseas the number of DLs for the camcopy would have been seriously lower. People need their fix.
So what has this got to do with piracy protection? Just that there's piracy and then there's piracy. Physical media can bring an extra dimension to entertainment that's not easily duplicated with software. Windows is Windows; Photoshop is Photoshop. A camcopy of TA is not the same as playing hookie sitting in an ice-cold movie studio on a hot day with a gallon of Dr. Pepper and a box of Jujubees looking at a 10 foot tall Hulk.
Any clown with a camcorder and a backpack can make a copy of The Avengers. But watching it will be a poor second to seeing the real deal. Software, on the other hand, needs piracy protection. Not just to protect the publisher (which is important), but to protect the consumer, too, and make sure that downloaded app isn't a trojan horse for some really nasty malware.
As the BSA prepares yet another annual report on how widespread and expensive software piracy is, the Office of the US Trade Representative has released a report criticising China for piracy.
Don't get me wrong, I'm glad they took this step. It's high time the US government started ratcheting up the pressure on China for all sorts of things. But this is not a political blog...
Some of this is worth quoting:
“I especially applaud Ambassador Kirk for drawing attention to the fact that sales of IP-intensive goods and services in China remain disproportionately low when compared to sales in similar markets that provide stronger environments for IPR protection and more open market access,” (BSA President and CEO Robert) Holleyman said. “When it comes to legal software sales, China continues to lag far behind other big emerging markets. Focusing on that bottom-line reality helps set the stage for a more results-oriented approach to curbing IP theft in China and elsewhere.”
"Disproportionately low?" Like as in, one copy? Cause everyone knows if you sell one copy in China you've saturated the market.
Software copy protection is the only answer.
Software copy protection works.
Software copy protection == real sales in China, unless they're too busy using your competitor's unprotected product. Because if you protect it with CodeMeter they probably aren't going to be cracking it anytime soon.
Time for the BSA to quit measuring piracy and start working to prevent it.
When you're a marketing guy you're always hoping for a find like this one. Basically on a Propellerhead forum someone is saying "well since I can't get a cracked version of Reason anymore I guess I'm going to have to buy it."
Why can't they get a cracked version of Reason 6? Because Propellerhead chose CodeMeter for their software protection. It looks like this:
The guys at Propellerhead are cool--they wanted their software protection to look as cool as their product does so they ordered a custom case--they call it their ignition key.
You can find cracked versions of Reason on the net, no problem. But you won't find the current version (6) on your favorite bittorrent or file sharing site. Why? Because CodeMeter is virtually uncrackable. So Propellerhead knows that if someone wants Reason, they'll have to pony up the $699 it costs. So if you think unbeatable software protection isn't possible, or if you think it only makes sense for super-expensive software, think again.
Some of the posts are arguing that the old cracks are good for increasing sales of the current, uncrackable, version 6. I've heard this line of reasoning before, usually from pirates not from developers. It's like saying "I don't mind if my car gets stolen because State Farm will buy me a newer one!" Uh, ok...
Don't want/can't afford/rather not use dongles? Try CmAct--it's CodeMeter without the hardware device. You still get maximum software protection with maximum flexibility.
Copyright infringement--which includes software piracy--is a big deal, even if the numbers are inflated. The federal government is all over this, but I wouldn't hold your breath waiting for them to make it all go away. For one thing, I believe most of this happens in countries where either we have no sway over their internal laws and enforcement policies (can you say former Soviet Union kiddies?) or where they are our banker. (Small aside: the federal government has been trying to eliminate illegal drug use in this country as well since Nixon and that's worked well, hasn't it?)
So the problem will be with us probably forever. So only prevention will work. If I have to park my car in a bad neighborhood, I'm going to make sure it has a serious anti-theft system on it. Maybe I can't stop them from stealing it, but I can make it more profitable to go steal someone else's car.
And that's the secret of software copy protection. You have to make it hard enough to steal your product that the perps will go steal something else. It's not like they're going to go work at Starbucks. They're criminals--they do criminal stuff. Maybe you'll get lucky and they'll rip off your competitor's product and all the real sales will fall in your pocket. Maybe they'll switch to Rolex watches and Gucci bags.
Sounds easy, right? But how to accomplish it? The key is thoroughness. Let's switch to a different analogy--protecting your house. It doesn't make sense to have five locks on the front door if the back door is unlocked. Or if there's a storm cellar with a unlocked door into the basement. You have to think about all the places where bad guys could get in and secure all of them.
Software crackers won't spend their lives trying to break your AES encryption to get a key; they'll see the front door is heavily fortified and wander around looking for a window to break. This is where people who roll their own software copy protection go astray--they haven't learned to think like crackers, so they leave vulnerabilities they aren't even aware of.
Then they get cracked.
Even if they don't roll their own solution, depending on a third-party vendor to provide a solution doesn't mean you can stop thinking about it. You need to make sure that your vendor has not left openings by focusing too much on the front door. A classic misstep is to believe in the server-side authentication of registered users. Setting aside the annoyance issue (what if there's no Internet connection? What if the server is down?) anytime you reduce the protection to a yes/no test it can be cracked by patching the code to always return the "correct" answer. This is a common ploy and in these cases the cracker isn't interested in how robust your encrypted server sessions are because he's go in the open window next to the front door.
Want to know more? More secrets of software copy protection.
Here's a quick check to find out if you need piracy protection software. Start with the bittorrent sites and search for your executables. If you find cracked versions, you need piracy protection. Next, google "buy [your product name here]." If websites come up selling your product for a big discount, but you've never heard of them, you need piracy protection software. Those are very possibly bad guys selling counterfeit copies of your product...customers will think they are legit, and they they are getting a great price. Sound implausible? Think again...we have customers with exactly this problem.
Frankly there's no easy way to write your own protection software against piracy. Some things are much better left to professionals. Would you create your own firewall or anti-virus software? Of course not. It makes no sense to try to create your own software where the stakes are so high and the knowledge is so specialized.
Instead, check out CodeMeter, the most secure piracy protection software available. You can add complete protection to your application and data files in as little as a few minutes. And keep the guys in the black ski masks at bay.
So the VP of Sales was talking to the VP of Engineering and the VP of Sales was bemoaning how many copies were being ripped off through piracy. "What can we do?" she asked the VP of Engineering, who replied:
"We should write our own software copy protection system."
Halt. Full stop. Red alert. DEFCON 3! This is the worst advice possible.
Let's put it in perspective. Need a car? Build one. Going on vacation? Build an airplane first to fly there. Hungry? Start plowing...
Seriously, rolling your own solution for software copy protection is just asking for trouble. It's one of those things that, well like a lot of things, looks far easier than it is. We've been working on nothing else for over 20 years now and we still aren't finished. There ARE people out there who want to steal your software. Building your own copy protection system will almost certainly not slow down the pirates but will annoy your customers when it misbehaves. So save yourself some trouble. Pick up the phone and call us today.
Let's say you're just starting off as a software publisher--maybe you've got a great idea for an improvement in a specific domain where you have experience. You write some code, you test it, now you're ready to start raking in the cash, but wait?
How the heck do you manage your licenses?
Good question, because it turns out software license management is a non-trivial problem.
If you're writing your own operating system, or compiler, or I/O libraries, feel free to tackle software license management on your own. You're clearly a roll-your-own kind of guy. But most smart software developers want to stay focused on their core competencies--the places where they can add the most value. Domain-specific features. Bug-free code. Great UI design. Documentation and help files.
Software license management is clearly one of the things where the make vs. buy argument lands squarely in the "buy" camp.
What should you look for in a software license management solution? Here's a few must-haves:
- Clean integration with your selling side (website, channel partners) and back office systems (ERP/CRM).
- Flexibility to create trials and demos, run promotions, and build business models on the fly
- Seamless integration with solid protection against illegal copying or reverse-engineering
- Support for standard offerings like named user, node-locking, network license administration, machine binding, or feature metering
- Automated activation of authorized users
- Finally, it must be affordable: the net cost compared to the value received has to make sense to your specific circumstances.
Most software license management vendors will provide you a fully-functional evaluation system. Click on the button at the right to try out CodeMeter.
Given the backlash against DRM in the music and video world, do ISVs really want to engage in using copy protection software in their products? Isn't it really true that piracy is a form of viral marketing?
The reasoning goes something like this: customers steal copies of your software application then become hooked on it. You find out they are stealing your software and ask them to become legitimate users. The sales department thinks this is cool because each site with pirated software becomes a kind of lead for them to pursue.
How in the world do you know who's stolen your software? There are products you can buy that will cause your software to "phone home" and let you know whose got illegal copies. Then you can put pressure on them to convert to a legitimate user.
Ok, that's the argument for allowing pirated copies. What's the argument for adding copy protection software?
First of all, if you use strong copy protection software you won't get pirated. It's as simple as that. Second, the products that "phone home" are really really expensive. Cheaper to lock the door than to try to recover your stolen diamonds, no? And finally, let's face it, there are places in the world where they frankly don't regard IP rights as meaning much. People with pirated software in those places are unlikely to suddenly start writing checks just because you ask them to.
Want more top-line revenue without the additional expense of paying a "bounty" for identifying pirated users? Just use strong copy protection software and rest easy knowing if they're using it they paid for it.
Hackers are out there. So you can't take for granted--now or ever--that it won't happen to you. Achieving software security is a complex problem; what's amazing to me is how often the bad guys get in because someone left the door unlocked. SQL injection attacks, for example, should NEVER happen
but they do, and with
big consequences.
There's another aspect to software security that's frequently overlooked. If you're distributing application code--executables--how can you be sure that what your user is getting hasn't been tampered with?
How could that happen? Obviously one way is through counterfeiting. A company purports to be a legitimate reseller of your product, but what they're really selling is a cracked version with some malware injected. Like a keystroke logger. Another possibility is you have a freely available demo or trial version with no copy protection (after all, you want people to try it and share it). But a copy with malware starts circulating.
Finally, in critical areas like health care, aviation, or EMR systems you need to be able to assure the users of perfect code integrity all through the distribution pipeline. Anything that can compromise software security of systems with potential life-threatening consequences for failure must be eliminated.
One solid, easy-to-implement method to increase software security ensure code integrity is, of course, to deploy
CodeMeter. With either a CmDongle (maximum software security) or
CmAct (very strong security). With CodeMeter even changing a single bit in the protected executable will prevent the application from running. If it runs, you know you have perfect code integrity from the software developer to the end user. Software security doesn't get any better than that.