Wibu-Systems Blog

Bittorrent vs software protection

Posted by John Browne on May 15, 2012 6:22:00 AM

Microsoft is trying yet another approach to end P2P file sharing of their software. Ironically it involves them investing in a Russian startup aimed at blocking bittorrent traffic by creating confusing false connections. 

The only problem is it doesn't work. Well, not very well at least. They were able to block 42,000 downloads of this blockbuster. But it will cost (between $12,000 and $50,000 --dollars, nyet?).

The other problem is this tune's been sung before. (Great read, BTW, especially where they got hacked by some high school kids.) Different methods (not very good, actually) but same general idea.

This is no way to achieve software protection. This is akin the scene in Blazing Saddles where they fool the bad guys into attacking a fake town.

Microsoft and other publishers should spend their time focusing on how to make it tougher to copy their software in the first place, not how to keep cracked software from being shared. 

Topics: software protection, Anti-piracy, Copy Protection

What The Avengers tell us about piracy protection.

Posted by John Browne on May 14, 2012 10:23:00 AM

An interesting article on torrentfreak caught my eye. They argue that the data shows that Disney's freakout over a camcopy of The Avengers hitting the torrent sites would kill boxoffice sales. Yet Thor, Iron Man, Hulk, et al are boffo boxoffice, smashing records like Thor's hammer smashing heads.

comicconthor resized 600

The logic, according to torrentfreak, is that the camcopy doesn't kill sales because the experience of seeing the movie in the theater is so different than watching a camcopy downloaded via bittorrent. They argue that based on the DL numbers, even if all the 100,000 people in the US who downloaded the camcopy had bought a movie ticket that would only boost revenue .05%.

The Grateful Dead   Collage Poster C10314578I don't have any data on the lost sales (and frankly their math doesn't hold up to close scrutiny) but part of their logic is reasonable: camcopies are the theatrical equivalent to bootleg concert tapes. They are the domain of the fanboy, the collector, and the curious. Switching to music, who has the most bootleg tapes in the universe? Deadheads. And who went to the most Grateful Dead concerts? Yep, those same Deadheads.

Don't get me wrong, copying is copying. But Disney getting its tightywhities in a knot because of a camcopy? I bet if they had released TA in the US first instead of overseas the number of DLs for the camcopy would have been seriously lower. People need their fix.

So what has this got to do with piracy protection? Just that there's piracy and then there's piracy. Physical media can bring an extra dimension to entertainment that's not easily duplicated with software. Windows is Windows; Photoshop is Photoshop. A camcopy of TA is not the same as playing hookie sitting in an ice-cold movie studio on a hot day with a gallon of Dr. Pepper and a box of Jujubees looking at a 10 foot tall Hulk.

Any clown with a camcorder and a backpack can make a copy of The Avengers. But watching it will be a poor second to seeing the real deal. Software, on the other hand, needs piracy protection. Not just to protect the publisher (which is important), but to protect the consumer, too, and make sure that downloaded app isn't a trojan horse for some really nasty malware.

Topics: Anti-piracy, software piracy

Piracy in China: software copy protection the only answer?

Posted by John Browne on May 8, 2012 11:10:00 AM

As the BSA prepares yet another annual report on how widespread and expensive software piracy is, the Office of the US Trade Representative has released a report criticising China for piracy.

Homer Simpson

Don't get me wrong, I'm glad they took this step. It's high time the US government started ratcheting up the pressure on China for all sorts of things. But this is not a political blog...

Some of this is worth quoting: 

“I especially applaud Ambassador Kirk for drawing attention to the fact that sales of IP-intensive goods and services in China remain disproportionately low when compared to sales in similar markets that provide stronger environments for IPR protection and more open market access,” (BSA President and CEO Robert) Holleyman said. “When it comes to legal software sales, China continues to lag far behind other big emerging markets. Focusing on that bottom-line reality helps set the stage for a more results-oriented approach to curbing IP theft in China and elsewhere.” 

"Disproportionately low?" Like as in, one copy? Cause everyone knows if you sell one copy in China you've saturated the market. 

Software copy protection is the only answer. 

Software copy protection works.

Software copy protection == real sales in China, unless they're too busy using your competitor's unprotected product. Because if you protect it with CodeMeter they probably aren't going to be cracking it anytime soon.

Time for the BSA to quit measuring piracy and start working to prevent it. 

Topics: CodeMeter, Anti-piracy

Who says software protection isn't possible?

Posted by John Browne on May 7, 2012 7:45:00 AM

When you're a marketing guy you're always hoping for a find like this one. Basically on a Propellerhead forum someone is saying "well since I can't get a cracked version of Reason anymore I guess I'm going to have to buy it."

Why can't they get a cracked version of Reason 6? Because Propellerhead chose CodeMeter for their software protection. It looks like this: 

Propellerhead CmStick (customized) eliminated cracked versions of Reason.

The guys at Propellerhead are cool--they wanted their software protection to look as cool as their product does so they ordered a custom case--they call it their ignition key. 

You can find cracked versions of Reason on the net, no problem. But you won't find the current version (6) on your favorite bittorrent or file sharing site. Why? Because CodeMeter is virtually uncrackable. So Propellerhead knows that if someone wants Reason, they'll have to pony up the $699 it costs. So if you think unbeatable software protection isn't possible, or if you think it only makes sense for super-expensive software, think again. 

Watch the 3 minute demo!

Some of the posts are arguing that the old cracks are good for increasing sales of the current, uncrackable, version 6. I've heard this line of reasoning before, usually from pirates not from developers. It's like saying "I don't mind if my car gets stolen because State Farm will buy me a newer one!" Uh, ok...

Don't want/can't afford/rather not use dongles? Try CmAct--it's CodeMeter without the hardware device. You still get maximum software protection with maximum flexibility.

Topics: CodeMeter, Anti-piracy

The secret of software copy protection

Posted by John Browne on May 2, 2012 12:31:00 PM

Copyright infringement--which includes software piracy--is a big deal, even if the numbers are inflated. The federal government is all over this, but I wouldn't hold your breath waiting for them to make it all go away. For one thing, I believe most of this happens in countries where either we have no sway over their internal laws and enforcement policies (can you say former Soviet Union kiddies?) or where they are our banker. (Small aside: the federal government has been trying to eliminate illegal drug use in this country as well since Nixon and that's worked well, hasn't it?)

So the problem will be with us probably forever. So only prevention will work. If I have to park my car in a bad neighborhood, I'm going to make sure it has a serious anti-theft system on it. Maybe I can't stop them from stealing it, but I can make it more profitable to go steal someone else's car.

And that's the secret of software copy protection. You have to make it hard enough to steal your product that the perps will go steal something else. It's not like they're going to go work at Starbucks. They're criminals--they do criminal stuff. Maybe you'll get lucky and they'll rip off your competitor's product and all the real sales will fall in your pocket. Maybe they'll switch to Rolex watches and Gucci bags. 

Container freighter

Sounds easy, right? But how to accomplish it? The key is thoroughness. Let's switch to a different analogy--protecting your house. It doesn't make sense to have five locks on the front door if the back door is unlocked. Or if there's a storm cellar with a unlocked door into the basement. You have to think about all the places where bad guys could get in and secure all of them.

Software crackers won't spend their lives trying to break your AES encryption to get a key; they'll see the front door is heavily fortified and wander around looking for a window to break. This is where people who roll their own software copy protection go astray--they haven't learned to think like crackers, so they leave vulnerabilities they aren't even aware of.

Then they get cracked. 

 Man getting keys from a monitor.

Even if they don't roll their own solution, depending on a third-party vendor to provide a solution doesn't mean you can stop thinking about it. You need to make sure that your vendor has not left openings by focusing too much on the front door. A classic misstep is to believe in the server-side authentication of registered users. Setting aside the annoyance issue (what if there's no Internet connection? What if the server is down?) anytime you reduce the protection to a yes/no test it can be cracked by patching the code to always return the "correct" answer. This is a common ploy and in these cases the cracker isn't interested in how robust your encrypted server sessions are because he's go in the open window next to the front door.

Want to know more? More secrets of software copy protection.

Topics: software copy protection, Anti-piracy, Copy Protection

The world's worst software copy protection advice

Posted by John Browne on Apr 18, 2012 3:26:00 PM

So the VP of Sales was talking to the VP of Engineering and the VP of Sales was bemoaning how many copies were being ripped off through piracy. "What can we do?" she asked the VP of Engineering, who replied:

"We should write our own software copy protection system."

Halt. Full stop. Red alert. DEFCON 3! This is the worst advice possible.

call support small

Let's put it in perspective. Need a car? Build one. Going on vacation? Build an airplane first to fly there. Hungry? Start plowing...

Seriously, rolling your own solution for software copy protection is just asking for trouble. It's one of those things that, well like a lot of things, looks far easier than it is. We've been working on nothing else for over 20 years now and we still aren't finished. There ARE people out there who want to steal your software. Building your own copy protection system will almost certainly not slow down the pirates but will annoy your customers when it misbehaves. So save yourself some trouble. Pick up the phone and call us today

Topics: software copy protection, Anti-piracy, Copy Protection

Is copy protection software really necessary?

Posted by John Browne on Apr 10, 2012 3:37:00 PM

Given the backlash against DRM in the music and video world, do ISVs really want to engage in using copy protection software in their products? Isn't it really true that piracy is a form of viral marketing?

The reasoning goes something like this: customers steal copies of your software application then become hooked on it. You find out they are stealing your software and ask them to become legitimate users. The sales department thinks this is cool because each site with pirated software becomes a kind of lead for them to pursue. 

How in the world do you know who's stolen your software? There are products you can buy that will cause your software to "phone home" and let you know whose got illegal copies. Then you can put pressure on them to convert to a legitimate user.

copy protection software prevents piracy

Ok, that's the argument for allowing pirated copies. What's the argument for adding copy protection software? 

First of all, if you use strong copy protection software you won't get pirated. It's as simple as that. Second, the products that "phone home" are really really expensive. Cheaper to lock the door than to try to recover your stolen diamonds, no? And finally, let's face it, there are places in the world where they frankly don't regard IP rights as meaning much. People with pirated software in those places are unlikely to suddenly start writing checks just because you ask them to.

Want more top-line revenue without the additional expense of paying a "bounty" for identifying pirated users? Just use strong copy protection software and rest easy knowing if they're using it they paid for it.

Topics: Anti-piracy, Copy Protection

Software licensing solutions in the cloud

Posted by John Browne on Mar 26, 2012 8:56:00 AM

With the increasing number of end users taking advantage of SaaS solutions, independent software vendors are faced with new licensing challenges and the need to prevent illegal software copying, as well as the running of a single license on numerous virtual machines.

But there are software licensing solutions for the cloud that can meet these challenges. On the cloud, you can actually achieve highly efficient licensing processes and enhanced protection for your software. You can reduce revenue loss due to piracy while also improving your customers’ experience. You don’t have to include tests in your application code to disable the software if a virtual machine or terminal server session is detected.

There are dongle devices on the market that you can connect to a computer within the customer’s network to enable it to function as a license server. This license service considers each VM or TS as a completely different user. It makes no difference if the use is from a VM, a TS session, or a desktop computer—the license server automatically counts the correct number of users for these “floating licenses.”

Another solution is to connect the dongle directly to the host server, which can be configured as a license server to allow use of floating network licenses, as long as you allow network functionality.

The dongle can also be connected to only a single guest system (an operating system running in a virtual machine), or it can be connected to the terminal server. It’s important in this scenario to use a device that counts local licenses in the same way as network licenses, because all sessions have local access to the license if they are running on the same instance of the operating system.

With the right software licensing solutions for the cloud, software will be disabled whenever multiplying of licenses is attempted using VMs, TM session, or reverse USB hubs.

Topics: License Management, software copy protection, Anti-piracy, Copy Protection

Top 5 factors when picking copy protection software

Posted by John Browne on Mar 23, 2012 6:09:00 AM

Anytime you add a 3rd party component into your overall product stack you need to be thoughtful before you decide. Copy protection software is no different: it's something you will rely on to protect your valuable IP and it's also something that will touch the user's experience of your product.Top 5 factors when picking copy protection software

My top 5 factors when choosing copy protection software for your company:

  1. First of all, find out if it really provides actual copy protection. Some solutions pretend they can protect your software, but in reality they are doing very little to prevent piracy. By that I mean that any reasonable hacker can crack the protection without breaking a sweat. One way to check is to look for cracked copies of their customer's products on the Internet.
  2. What platforms does it support? If you are on the Mac OS, and the tools don't support Lion, what are you going to do? Look for a vendor who has a track record of supporting many different platforms, and providing support for new platform releases immediately after they are available.
  3. How easy is the implementation? Do you have to do everything with API calls? Does it support your programming language of choice? Can you develop your application outside the copy protection software and add the protection after development is finished?
  4. What license options are allowed or--perhaps more importantly--excluded? Does the system allow for virtual machine (VM) use in legitimate instances while blocking VM usage to circumvent licensing restrictions? Does it support new licensing models like pay per use, pay per feature, pay per function?
  5. Can the vendor give you a seamless choice between software activation (cheap and simple) and hardware keys (better security)?

Topics: CodeMeter, software copy protection, Anti-piracy, Copy Protection

Is software copy protection worth the trouble?

Posted by John Browne on Mar 22, 2012 6:00:00 AM

In a word--yes.

In a few more words:
  • It doesn't have to be a lot of trouble.
  • It doesn't have to be expensive.
  • The ROI can be enormous.
Let's take these in inverted order. What's the ROI on effective software copy protection? Potentially millions of dollars. For a minute, forget about the kid who gets a cracked copy of an app from a bit torrent site. I'm talking about criminal enterprises who crack software and sell it as authentic. To (mostly) unsuspecting customers. These are people who buy your software but you don't see any revenue from the transaction. We know customers who came to us after 3rd party audits disclosed just how massive these losses were each year. The investment required to prevent this theft is trivial compared to the eventual return by thwarting thieves.

It doesn't have to be expensive: AxProtector is free, and you really don't need to expend developer resources to have good software copy protection because no source code changes are needed. In fact, you can add copy protection after your software release candidate is done in a matter of minutes. Even if you need dongles, they are relatively cheap compared to getting ripped off.

Software copy protection doesn't have to be hard.It doesn't have to be a lot of trouble: Good protection tools let you write your code without being concerned about software copy protection or license models. Those can come later. Now in the interest of full disclosure there are some situations where you might want to wrap a function or method with a specific call to the API to decrypt that function with its own license. It can, for example, allow that function to have a separate license model such as pay per use or pay per feature. But most licensing options are available with the basic software copy protection offered with AxProtector, which takes only a matter of a few minutes to add.

Topics: CodeMeter, software copy protection, AxProtector, Anti-piracy, Copy Protection