Unified software protection: modern strategies for securing software revenue.Organizations that rely on the sale of software as a revenue stream need to be concerned with maintaining flexible licensing while still preventing piracy. Fortunately, there are solutions available in today's market to address the needs of companies looking to protect their software and control its use. This paper attempts to define some of the challenges independent software vendors (ISVs) face in protecting their intellectual property and ways in which they can maximize the benefits of anti-piracy solutions. TELLING THE GOOD GUYS FROM THE BAD GUYS The violation of software licensing, whether intentional or unintentional, equals lost revenue for software vendors, who must work to minimize this loss. However, when implementing software protection solutions, vendors must be careful not to negatively affect customer acceptance with, for instance, the accidental prevention of use for legitimate users or onerous license activation processes. Often times ease of use and prevention of piracy can act in opposition. Entirely software-based licenses enable the greatest level of flexibility and end user transparency, but cannot provide as strong a measure of security. The environment in which the software operates cannot be considered entirely secure because the license is stored on the machine and not a separate, hardened device. Therefore, software-based solutions do not offer the strongest type of defense against piracy attacks. The technologies that make up hardware keys (dongles) have advanced greatly since their invention and the concept remains a practical and popular one: a robust, reliable external device that ties the license not to a machine, but to the owner of the hardware key. While hardware based solutions provide the highest level of security available, they can also be considered difficult to distribute and manage. For this reason, these types of solutions are less popular in markets where rates of piracy are low and, for example within enterprise-class software where intentional piracy is a lesser concern. When deciding to introduce software protection, it is important to consider the nature of the software being sold, the target audience, the intended market and the amount of the existing piracy. Highly specialized software that requires extensive training and support is not likely to have broad appeal on a P2P See peer-to-peer and point-to-point. network and not a likely candidate for software protection, per se. However, these applications do benefit from license management where number of seats sold and amount of features sold have significant dollars associated with them. Software-based and hardware-based licensing each have distinct advantages and disadvantages. Implementing a complete protection program should involve either one or a combination of both technologies, used as necessary depending on the market being served. Ideally, a single technology source can be used that offers both software and hardware licenses, allowing a company to maintain a corporate wide standard. THE PROBLEM OF ADVANCED TECHNOLOGY The rapid advancement in the availability of high speed Internet access See how to access the Internet. has presented both an opportunity and a problem to software companies. Pirated pi·rate n. 1. a. One who robs at sea or plunders the land from the sea without commission from a sovereign nation. b. A ship used for this purpose. 2. One who preys on others; a plunderer. 3. software can be rapidly disseminated worldwide, quickly and effectively inflicting damage on the revenue streams of software vendors. P2P networks in particular have achieved notoriety NOTORIETY, evidence. That which is generally known. 2. This notoriety is of fact or of law. In general, the notoriety of a fact is not sufficient to found a judgment or to rely on its truth; 1 Ohio Rep. in the media for their role in the illegal distribution of music and movies. The same networks are also flooded with illegal copies of high priced software. Needless to say, a pirated copy of Star Wars III is going to receive more media attention than a pirated version of TurboTax but the problem remains the same. In fact, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. research conducted by SafeNet MediaSentry Services, one of the most pirated pieces of content in 2005 was not a song or a movie, but a very popular photo editing See photo editor. software program. Associations like the Business Software Alliance (BSA 1. BSA - Business Software Alliance. 2. BSA - Bidouilleurs Sans Argent. ) and the Software & Information Industry Association (SIIA (Software & Information Industry Association, Washington, DC, www.siia.net) A trade organization devoted to the health and welfare of the software and digital content industry by providing support in government relations, business development, education and intellectual property ) are the software industries equivalent of the Recording Industry Association of America (RIAA (Recording Industry Association of America, Washington, DC, www.riaa.com) A membership association of music recording companies. Its goal is to promote the record label industry and protect the rights of copyright owners. It was a major contributor to the SDMI digital distribution system. ). Like their counterparts, BSA and SIIA work to thwart the illegal distribution of software. Their efforts, while significant, did not lead to a decrease in the overall percent of software pirated software pirate - software theft from 2004 to 2005. Unfortunately while the percentage of software pirated held steady at 35%, losses due to piracy increased by $1.6 billion over 2004, to $34 billion, software. Their efforts, while significant, did not lead to a decrease in the overall percent of software pirated from 2004 to 2005. Unfortunately while the percentage of software pirated held steady at 35%, losses due to piracy increased by $1.6 billion over 2004, to $34 billion. KNOWLEDGE IS POWER Many software companies are alerted to their piracy problem when they find, much to their horror, that copies of their application are available on P2P networks mere weeks, sometimes even days, after release. Because of their mass appeal, music and movies are usually shared among a broad audience. Software piracy The illegal copying of software for distribution within the organization, or to friends, clubs and other groups, or for duplication and resale. The software industry loses billions of dollars each year to piracy, and although it may seem innocent enough to install an application on a , although less publicized pub·li·cize tr.v. pub·li·cized, pub·li·ciz·ing, pub·li·ciz·es To give publicity to. Adj. 1. publicized - made known; especially made widely known publicised , is also big business. Those with the technology to investigate this problem can see just how rampant the problem is. The internet is filled with countless sites where pirated copies of expensive software can be purchased at a fraction of the price. Fortunately, monitoring services The general surveillance of known air traffic movements by reference to a radar scope presentation or other means, for the purpose of passing advisory information concerning conflicting traffic or providing navigational assistance. have been developed that can report not only how much, but where piracy is occurring. The results of "where" are equally important when making decisions about software protection, because certain regions may call for tighter security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security than others. Unfortunately, most organizations do not have access to quantifiable information of this type. Perceptions of piracy rates are often based on anecdotal evidence anecdotal evidence, n information obtained from personal accounts, examples, and observations. Usually not considered scientifically valid but may indicate areas for further investigation and research. . Real statistics are often a complete, and often unpleasant, surprise. The real ongoing value of knowing about piracy is in its ability to allow a company to evaluate and adapt its anti-piracy measures as required. The ability to monitor piracy gives insight not only into the value of software protection itself, but also allows a company to engage in protection modeling assessments. For instance, the monitoring results can validate or invalidate in·val·i·date tr.v. in·val·i·dat·ed, in·val·i·dat·ing, in·val·i·dates To make invalid; nullify. in·val a decision to use hardware-based protection in geographies where piracy rates are particularly high. Without data on piracy rates software protection decisions are made based on small sample evidence and "common sense" techniques. Monitoring services provide the business intelligence for software protection that allows companies to close the loop between design, fulfillment and ongoing management. The complex and dynamic nature of online piracy makes effective monitoring by individual companies challenging. Accurate assessments of piracy threats often require time intensive manual reviews to verify the authenticity of software titles. The continued growth of piracy sites means ISVs must invest in extensive resources in order to conduct piracy monitoring. In addition, factors such as the emergence of open source clients and community supported protocols further the need for dedicated anti-piracy monitoring resources. TIME TO MARKET Getting products quickly to market is often a high priority for software vendors. Delays in deployment can be costly and reflect poorly on the software development team. Software protection is typically implemented at the end of the software development cycle, when pressure to get the product to market is highest. This forces developers to require a solution that can be implemented quickly without extensive training or programming. A robust set of developer tools can cut development time while increasing the functionality delivered. SYNCHRONIZATION (1) See synchronous and synchronous transmission. (2) Ensuring that two sets of data are always the same. See data synchronization. (3) Keeping time-of-day clocks in two devices set to the same time. See NTP. When implementing software licensing and protection, fulfillment must be considered as well. Software protection solutions almost always involve sending a license, either a hardware key or an electronic license, or even a paper license, to the end user. These licenses need to be tracked and managed. Many companies that engage in ecommerce want to tie licensing back to the same CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. and ERP (Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. systems that capture the payment and authorization information. The extent of back office integration, the amount of licenses being delivered, and the license models being implemented all impact the integration of software protection into an application. Often, organizations make the mistake of deciding on a solution at a business unit level, rather than a corporate level. A product manager or development manager sees piracy having a negative impact on the product and decides to either build or buy some prevention technology. If the results seem effective, particularly in the short run, the owner considers the problem addressed if not entirely solved. If the decision to protect software is not made at a corporate level the results will be confined con·fine v. con·fined, con·fin·ing, con·fines v.tr. 1. To keep within bounds; restrict: Please confine your remarks to the issues at hand. See Synonyms at limit. to the product using software protection. A company could find itself with a dizzying array of software protection techniques, both home grown or purchased, and all tracked and managed separately. The tracking and management of licenses are often done manually and records are maintained by the software division or business unit. The more divisions there are, the more difficult it is for a company to make decisions or gather information about all their products. It is virtually impossible to have a standard process for fulfillment and a centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. repository of licenses if each department implements their own protection scheme, fulfillment and a centralized repository of licenses if each department implements their own protection scheme. REDUCTION OF COSTS One of the most important reasons for considering standardization standardization In industry, the development and application of standards that make it possible to manufacture a large volume of interchangeable parts. Standardization may focus on engineering standards, such as properties of materials, fits and tolerances, and drafting is the cost of fulfillment. The distribution, tracking and management of licenses are all very relevant parts of the licensing ecosystem. Often times they are managed through manual processes which are costly and inefficient. Also, with no uniform methodology for managing fulfillment, sharing and presenting the information collected to those unfamiliar with the licensing technology is difficult. Imagine a company with 15 different reports on licensing statistics, all displaying essentially the same information in various formats. The ability to consolidate reports and make intelligent business decisions based on pertinent licensing information is greatly hindered. BEYOND YOUR EVENT HORIZON Complete software protection includes methods for protecting applications beyond your event horizon and after delivery to end users. If a copy of software is successfully pirated, a software vendor is thankfully not powerless to prevent rampant dissemination. Countermeasure coun·ter·meas·ure n. A measure or action taken to counter or offset another one. countermeasure Noun action taken to counteract some other action Noun 1. techniques used by anti-piracy vendors can stem unauthorized distribution through seamless integration An addition of a new application, routine or device that works smoothly with the existing system. It implies that the new feature or program can be installed and used without problems. Contrast with "transparent," which implies that there is no discernible change after installation. into the piracy networks themselves. Techniques can be used that prevent would-be pirates from accessing pirated content. They could end up downloading a trial-only version, or be continually queued to download, so the download is never finished. On some networks it is possible to directly interfere in the process of downloading a pirated file, most often resulting in the user abandoning their download attempts altogether. HORSEPOWER horsepower, unit of power in the English system of units. It is equal to 33,000 foot-pounds per minute or 550 foot-pounds per second or approximately 746 watts. Achieving maximum efficacy in the reduction of online piracy requires not only sophisticated engineering expertise but also sustained and diligent execution of countermeasure campaigns. Additionally a worldwide reach is necessary in order to make significant reductions in the spread of pirated software. Sheer horsepower and global reach are clearly required. Additionally, countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare. are also only highly effective when implemented in scale, which requires significant development resources as well as physical hardware infrastructures. If this type of initiative is not in line with the core business of an ISV (Independent Software Vendor) A person or company that develops software. It implies an organization that specializes in software only and is not part of a computer systems or hardware manufacturer. , undertaking countermeasure campaigns can result in significant monetary investment with little or no tangible return. Fortunately specialized anti-piracy vendors are available to undertake countermeasure campaigns on behalf of ISVs so it is not necessary to allocate excessive resources. SYNERGY The overall goal of software protection is to increase revenues. As with many enterprise-wide initiatives, simple objectives can often get lost in the complexities of deployment. A standard software protection technology also makes implementing a standard fulfillment process simpler. IT can develop a fulfillment methodology to be automated, extended to the channel and most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially maintained by a single department, thereby reducing the costs of having fulfillment managed by individuals scattered Scattered Used for listed equity securities. Unconcentrated buy or sell interest. across multiple business units. Tracking and management of licensing information can also be centralized. It is important to select and implement software protection that can be centralized to allow for the synergistic synergistic /syn·er·gis·tic/ (sin?er-jis´tik) 1. acting together. 2. enhancing the effect of another force or agent. syn·er·gis·tic adj. 1. benefits. CONCLUSION While entertainment content gets most of the media publicity, software faces equally significant piracy challenges. The consolidation of software protection techniques allows companies to reduce the time and effort required to implement and maintain a solution and to allow scalability. Monitoring piracy rates provides quantifiable data and services provide the ability to impact software piracy beyond your event horizon. Like CRM and ERP, decisions about software protection should be corporate wide initiatives. Taking a unified approach reduces the effort and cost associated with deployment, provides data on efficacy and brings focus to the goal of reducing the revenues lost due to unlicensed use. www.safenet-inc.com RELATED ARTICLE: New Bagle Virus Alert CipherTrust, Inc., has identified a new threat of the Bagle Virus, an email virus See e-mail virus. that allows an attacker to upload and execute malicious code on infected computers. The new worm already accounts for 10 per cent of all email virus traffic and is expected to top CipherTrust's virus volume soon. Ed Rowley, technical consultant, at CipherTrust commented: "This new strain of the Bagle Virus highlights that handling the volume of inbound in·bound 1 adj. Bound inward; incoming: inbound commuter traffic. Adj. 1. inbound email viruses, is just as important as detecting the virus in the first place." The Bagle virus is delivered to a user via a ZIP archive, with an executable inside and uses the same name in the sender and recipient address of an email. Further analysis by CipherTrust identified that the subject line and attachment of the email contains randomised Adj. 1. randomised - set up or distributed in a deliberately random way randomized irregular - contrary to rule or accepted order or general practice; "irregular hiring practices" first names, like 'Anthony', 'Ellen' and 'James'. Ed Rowley, technical consultant, at CipherTrust continues: "The fact that we detected this virus so quickly is down to the capabilities of Trusted Source. The ability to rapidly detect and take action against new outbreaks is critical to our customers, and those using our Desktop Toolbar A row or column of on-screen buttons used to activate functions in the application. Many toolbars are customizable, letting you add and delete buttons as required. Toolbars may be fixed in position or may float, which means they can be dragged to a more convenient location in the stand to benefit from this rapid identification." The Bagle virus has caused havoc since its first appearance in January 2004, topping the virus charts in the same year. A new mutation of the virus in October 2004 was said to have infected over one million emails within the few hours of being discovered. The identification of yet another strain signifies the continued threat to emails users and further identifies the need for businesses to be able to deal with extreme volumes of inbound traffic Traffic originating in an area outside the continental United States destined for or moving in the general direction of the continental United States. . www.ciphertrust.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion