Printer Friendly

Unified software protection: modern strategies for securing software revenue.

Organizations that rely on the sale of software as a revenue stream need to be concerned with maintaining flexible licensing while still preventing piracy. Fortunately, there are solutions available in today's market to address the needs of companies looking to protect their software and control its use. This paper attempts to define some of the challenges independent software vendors (ISVs) face in protecting their intellectual property and ways in which they can maximize the benefits of anti-piracy solutions.


The violation of software licensing, whether intentional or unintentional, equals lost revenue for software vendors, who must work to minimize this loss. However, when implementing software protection solutions, vendors must be careful not to negatively affect customer acceptance with, for instance, the accidental prevention of use for legitimate users or onerous license activation processes.

Often times ease of use and prevention of piracy can act in opposition. Entirely software-based licenses enable the greatest level of flexibility and end user transparency, but cannot provide as strong a measure of security. The environment in which the software operates cannot be considered entirely secure because the license is stored on the machine and not a separate, hardened device. Therefore, software-based solutions do not offer the strongest type of defense against piracy attacks.

The technologies that make up hardware keys (dongles) have advanced greatly since their invention and the concept remains a practical and popular one: a robust, reliable external device that ties the license not to a machine, but to the owner of the hardware key. While hardware based solutions provide the highest level of security available, they can also be considered difficult to distribute and manage. For this reason, these types of solutions are less popular in markets where rates of piracy are low and, for example within enterprise-class software where intentional piracy is a lesser concern.

When deciding to introduce software protection, it is important to consider the nature of the software being sold, the target audience, the intended market and the amount of the existing piracy. Highly specialized software that requires extensive training and support is not likely to have broad appeal on a P2P network and not a likely candidate for software protection, per se. However, these applications do benefit from license management where number of seats sold and amount of features sold have significant dollars associated with them.

Software-based and hardware-based licensing each have distinct advantages and disadvantages. Implementing a complete protection program should involve either one or a combination of both technologies, used as necessary depending on the market being served. Ideally, a single technology source can be used that offers both software and hardware licenses, allowing a company to maintain a corporate wide standard.


The rapid advancement in the availability of high speed Internet access has presented both an opportunity and a problem to software companies. Pirated software can be rapidly disseminated worldwide, quickly and effectively inflicting damage on the revenue streams of software vendors. P2P networks in particular have achieved notoriety in the media for their role in the illegal distribution of music and movies. The same networks are also flooded with illegal copies of high priced software. Needless to say, a pirated copy of Star Wars III is going to receive more media attention than a pirated version of TurboTax but the problem remains the same. In fact, according to research conducted by SafeNet MediaSentry Services, one of the most pirated pieces of content in 2005 was not a song or a movie, but a very popular photo editing software program.

Associations like the Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are the software industries equivalent of the Recording Industry Association of America (RIAA). Like their counterparts, BSA and SIIA work to thwart the illegal distribution of software. Their efforts, while significant, did not lead to a decrease in the overall percent of software pirated from 2004 to 2005. Unfortunately while the percentage of software pirated held steady at 35%, losses due to piracy increased by $1.6 billion over 2004, to $34 billion, software. Their efforts, while significant, did not lead to a decrease in the overall percent of software pirated from 2004 to 2005. Unfortunately while the percentage of software pirated held steady at 35%, losses due to piracy increased by $1.6 billion over 2004, to $34 billion.


Many software companies are alerted to their piracy problem when they find, much to their horror, that copies of their application are available on P2P networks mere weeks, sometimes even days, after release. Because of their mass appeal, music and movies are usually shared among a broad audience. Software piracy, although less publicized, is also big business. Those with the technology to investigate this problem can see just how rampant the problem is. The internet is filled with countless sites where pirated copies of expensive software can be purchased at a fraction of the price.

Fortunately, monitoring services have been developed that can report not only how much, but where piracy is occurring. The results of "where" are equally important when making decisions about software protection, because certain regions may call for tighter security measures than others. Unfortunately, most organizations do not have access to quantifiable information of this type. Perceptions of piracy rates are often based on anecdotal evidence. Real statistics are often a complete, and often unpleasant, surprise.

The real ongoing value of knowing about piracy is in its ability to allow a company to evaluate and adapt its anti-piracy measures as required. The ability to monitor piracy gives insight not only into the value of software protection itself, but also allows a company to engage in protection modeling assessments. For instance, the monitoring results can validate or invalidate a decision to use hardware-based protection in geographies where piracy rates are particularly high. Without data on piracy rates software protection decisions are made based on small sample evidence and "common sense" techniques. Monitoring services provide the business intelligence for software protection that allows companies to close the loop between design, fulfillment and ongoing management.

The complex and dynamic nature of online piracy makes effective monitoring by individual companies challenging. Accurate assessments of piracy threats often require time intensive manual reviews to verify the authenticity of software titles. The continued growth of piracy sites means ISVs must invest in extensive resources in order to conduct piracy monitoring. In addition, factors such as the emergence of open source clients and community supported protocols further the need for dedicated anti-piracy monitoring resources.


Getting products quickly to market is often a high priority for software vendors. Delays in deployment can be costly and reflect poorly on the software development team. Software protection is typically implemented at the end of the software development cycle, when pressure to get the product to market is highest. This forces developers to require a solution that can be implemented quickly without extensive training or programming. A robust set of developer tools can cut development time while increasing the functionality delivered.


When implementing software licensing and protection, fulfillment must be considered as well. Software protection solutions almost always involve sending a license, either a hardware key or an electronic license, or even a paper license, to the end user. These licenses need to be tracked and managed. Many companies that engage in ecommerce want to tie licensing back to the same CRM and ERP systems that capture the payment and authorization information.

The extent of back office integration, the amount of licenses being delivered, and the license models being implemented all impact the integration of software protection into an application. Often, organizations make the mistake of deciding on a solution at a business unit level, rather than a corporate level. A product manager or development manager sees piracy having a negative impact on the product and decides to either build or buy some prevention technology. If the results seem effective, particularly in the short run, the owner considers the problem addressed if not entirely solved.

If the decision to protect software is not made at a corporate level the results will be confined to the product using software protection. A company could find itself with a dizzying array of software protection techniques, both home grown or purchased, and all tracked and managed separately. The tracking and management of licenses are often done manually and records are maintained by the software division or business unit. The more divisions there are, the more difficult it is for a company to make decisions or gather information about all their products. It is virtually impossible to have a standard process for fulfillment and a centralized repository of licenses if each department implements their own protection scheme, fulfillment and a centralized repository of licenses if each department implements their own protection scheme.


One of the most important reasons for considering standardization is the cost of fulfillment. The distribution, tracking and management of licenses are all very relevant parts of the licensing ecosystem. Often times they are managed through manual processes which are costly and inefficient. Also, with no uniform methodology for managing fulfillment, sharing and presenting the information collected to those unfamiliar with the licensing technology is difficult. Imagine a company with 15 different reports on licensing statistics, all displaying essentially the same information in various formats. The ability to consolidate reports and make intelligent business decisions based on pertinent licensing information is greatly hindered.


Complete software protection includes methods for protecting applications beyond your event horizon and after delivery to end users. If a copy of software is successfully pirated, a software vendor is thankfully not powerless to prevent rampant dissemination. Countermeasure techniques used by anti-piracy vendors can stem unauthorized distribution through seamless integration into the piracy networks themselves.

Techniques can be used that prevent would-be pirates from accessing pirated content. They could end up downloading a trial-only version, or be continually queued to download, so the download is never finished. On some networks it is possible to directly interfere in the process of downloading a pirated file, most often resulting in the user abandoning their download attempts altogether.


Achieving maximum efficacy in the reduction of online piracy requires not only sophisticated engineering expertise but also sustained and diligent execution of countermeasure campaigns. Additionally a worldwide reach is necessary in order to make significant reductions in the spread of pirated software. Sheer horsepower and global reach are clearly required. Additionally, countermeasures are also only highly effective when implemented in scale, which requires significant development resources as well as physical hardware infrastructures. If this type of initiative is not in line with the core business of an ISV, undertaking countermeasure campaigns can result in significant monetary investment with little or no tangible return. Fortunately specialized anti-piracy vendors are available to undertake countermeasure campaigns on behalf of ISVs so it is not necessary to allocate excessive resources.


The overall goal of software protection is to increase revenues. As with many enterprise-wide initiatives, simple objectives can often get lost in the complexities of deployment.

A standard software protection technology also makes implementing a standard fulfillment process simpler. IT can develop a fulfillment methodology to be automated, extended to the channel and most importantly maintained by a single department, thereby reducing the costs of having fulfillment managed by individuals scattered across multiple business units. Tracking and management of licensing information can also be centralized. It is important to select and implement software protection that can be centralized to allow for the synergistic benefits.


While entertainment content gets most of the media publicity, software faces equally significant piracy challenges. The consolidation of software protection techniques allows companies to reduce the time and effort required to implement and maintain a solution and to allow scalability. Monitoring piracy rates provides quantifiable data and services provide the ability to impact software piracy beyond your event horizon.

Like CRM and ERP, decisions about software protection should be corporate wide initiatives. Taking a unified approach reduces the effort and cost associated with deployment, provides data on efficacy and brings focus to the goal of reducing the revenues lost due to unlicensed use.

RELATED ARTICLE: New Bagle Virus Alert

CipherTrust, Inc., has identified a new threat of the Bagle Virus, an email virus that allows an attacker to upload and execute malicious code on infected computers. The new worm already accounts for 10 per cent of all email virus traffic and is expected to top CipherTrust's virus volume soon. Ed Rowley, technical consultant, at CipherTrust commented: "This new strain of the Bagle Virus highlights that handling the volume of inbound email viruses, is just as important as detecting the virus in the first place." The Bagle virus is delivered to a user via a ZIP archive, with an executable inside and uses the same name in the sender and recipient address of an email. Further analysis by CipherTrust identified that the subject line and attachment of the email contains randomised first names, like 'Anthony', 'Ellen' and 'James'. Ed Rowley, technical consultant, at CipherTrust continues: "The fact that we detected this virus so quickly is down to the capabilities of Trusted Source. The ability to rapidly detect and take action against new outbreaks is critical to our customers, and those using our Desktop Toolbar stand to benefit from this rapid identification." The Bagle virus has caused havoc since its first appearance in January 2004, topping the virus charts in the same year. A new mutation of the virus in October 2004 was said to have infected over one million emails within the few hours of being discovered. The identification of yet another strain signifies the continued threat to emails users and further identifies the need for businesses to be able to deal with extreme volumes of inbound traffic.
COPYRIGHT 2006 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Software World
Date:Jul 1, 2006
Previous Article:UK top IT Priorities.
Next Article:Introscope 7.

Related Articles
Interactive Intelligence Selected as One of Software Magazine's Top 500 Software and Services Companies.
Sygate announces 802.1x interoperability with leading switch companies to enforce endpoint policy compliance.
A.T. Kearney Consults With Check Point on Internet Security; Check Point's Total Access Protection Strategy Enables A.T. Kearney Consultants to Have...
Test Results Prove Check Point's SSL VPN Solution Beats the Competition with Best Security Protection.
Attensity Chosen by the Department of Homeland Security to Help Protect America; DHS Begins Immediate Implementation of Attensity's Software.
Check Point Unveils NGX R65, Extending Unified Security Architecture Platform with New Features and Enhanced Performance.
V.i. Labs and Internet Crimes Group Team to Provide new Software Piracy Threat Assessment and Prevention Solution.
Media Alert: Check Point Provides Preemptive Protection Against Latest Microsoft Zero Day Vulnerability.
Check Point's IPS-1 Intrusion Prevention Solution Delivers Accurate and Granular Attack Prevention Addressing Today's Network Environment Challenges.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters