Wibu-Systems Blog

New release for AxProtector

Posted by John Browne on Jun 12, 2012 4:47:00 AM

AxProtector Version 8.10  is now shipping and available for download.

Not a major update, but there are a nice grabbag of goodies. Changes include:

  • Protection of mixed mode programming (.NET and C++) is now enhanced. If your IP is in your .NET code, select the Mixed Mode option from the AxProtector GUI and each individual method will be encrypted separately. If your IP is in the C++ code, select the standard AxProtector for Windows. If it's pure .NET (no native code) use the AxProtector .NET option. Please check with tech support if you are interested in this feature to make sure your implementation has maximum security.
  • Java servlets protected with AxProtector can now run on Apache Tomcat with no server-side decryption code. This simplifies implementing protected web services.
  • Also on Linux: full support for method-level encryption with IxProtector (this is now on par with the Windows implementation).
  • AxProtector GUI shows new and extended project types with new icons: separate tabs show options for AxProtector or IxProtector. 32- and 64-bit versions are now combined into single options.
  • Improved support for VxWorks for embedded systems allows for simultaneous use of CmDongle and CmActLicense. Digital signatures (integrety checking) is now implemented for VxWorks as well.
  • Plus many more: improved security, better support for multi-threaded applications, and improved Java support. See the change log for full details.

Topics: AxProtector, Copy Protection

How to Pick Copy Protection Software (NOT!)

Posted by John Browne on Jun 6, 2012 6:08:00 AM

Here's a brief list of things (NOT) to do when picking a vendor for copy protection software:

  1. Make sure from their website they have no phone number, physical address, or any way to contact them except through a form. Hey, it's a virtual world! Who needs offices and employees and phones? C'mon! What you want, when it's hard on the deadline and the tool isn't working, is a vendor with a webform on the "contact us" page. The mystery of wondering if you'll ever hear back from them, or even what time zone they're located in, will keep life interesting for you. 

    CC image by Houza Soucup on flickr

  2. Don't sweat the details. If they tell you their solution can't be cracked, why question it? The specifics of exactly HOW they keep 12 year old nerds with bad complexions in Belarus from cracking their "protection" in exactly 6 minutes are irrelevant, aren't they? 

    Is this your cracker?

  3. Make sure that the application has to "phone home" every time it starts. This will delight any users who want to run it without an Internet connection. Or when the server crashes. When, not if.
  4. Ensure that the entire protection scheme decomposes into a challenge-response test. That will make it super-easy to crack.
  5. Just ignore the problem. After all, anything you do will just get cracked, right?

Topics: Anti-piracy, Copy Protection

Bittorrent vs software protection

Posted by John Browne on May 15, 2012 6:22:00 AM

Microsoft is trying yet another approach to end P2P file sharing of their software. Ironically it involves them investing in a Russian startup aimed at blocking bittorrent traffic by creating confusing false connections. 

The only problem is it doesn't work. Well, not very well at least. They were able to block 42,000 downloads of this blockbuster. But it will cost (between $12,000 and $50,000 --dollars, nyet?).

The other problem is this tune's been sung before. (Great read, BTW, especially where they got hacked by some high school kids.) Different methods (not very good, actually) but same general idea.

This is no way to achieve software protection. This is akin the scene in Blazing Saddles where they fool the bad guys into attacking a fake town.

Microsoft and other publishers should spend their time focusing on how to make it tougher to copy their software in the first place, not how to keep cracked software from being shared. 

Topics: software protection, Anti-piracy, Copy Protection

The secret of software copy protection

Posted by John Browne on May 2, 2012 12:31:00 PM

Copyright infringement--which includes software piracy--is a big deal, even if the numbers are inflated. The federal government is all over this, but I wouldn't hold your breath waiting for them to make it all go away. For one thing, I believe most of this happens in countries where either we have no sway over their internal laws and enforcement policies (can you say former Soviet Union kiddies?) or where they are our banker. (Small aside: the federal government has been trying to eliminate illegal drug use in this country as well since Nixon and that's worked well, hasn't it?)

So the problem will be with us probably forever. So only prevention will work. If I have to park my car in a bad neighborhood, I'm going to make sure it has a serious anti-theft system on it. Maybe I can't stop them from stealing it, but I can make it more profitable to go steal someone else's car.

And that's the secret of software copy protection. You have to make it hard enough to steal your product that the perps will go steal something else. It's not like they're going to go work at Starbucks. They're criminals--they do criminal stuff. Maybe you'll get lucky and they'll rip off your competitor's product and all the real sales will fall in your pocket. Maybe they'll switch to Rolex watches and Gucci bags. 

Container freighter

Sounds easy, right? But how to accomplish it? The key is thoroughness. Let's switch to a different analogy--protecting your house. It doesn't make sense to have five locks on the front door if the back door is unlocked. Or if there's a storm cellar with a unlocked door into the basement. You have to think about all the places where bad guys could get in and secure all of them.

Software crackers won't spend their lives trying to break your AES encryption to get a key; they'll see the front door is heavily fortified and wander around looking for a window to break. This is where people who roll their own software copy protection go astray--they haven't learned to think like crackers, so they leave vulnerabilities they aren't even aware of.

Then they get cracked. 

 Man getting keys from a monitor.

Even if they don't roll their own solution, depending on a third-party vendor to provide a solution doesn't mean you can stop thinking about it. You need to make sure that your vendor has not left openings by focusing too much on the front door. A classic misstep is to believe in the server-side authentication of registered users. Setting aside the annoyance issue (what if there's no Internet connection? What if the server is down?) anytime you reduce the protection to a yes/no test it can be cracked by patching the code to always return the "correct" answer. This is a common ploy and in these cases the cracker isn't interested in how robust your encrypted server sessions are because he's go in the open window next to the front door.

Want to know more? More secrets of software copy protection.

Topics: software copy protection, Anti-piracy, Copy Protection

The world's worst software copy protection advice

Posted by John Browne on Apr 18, 2012 3:26:00 PM

So the VP of Sales was talking to the VP of Engineering and the VP of Sales was bemoaning how many copies were being ripped off through piracy. "What can we do?" she asked the VP of Engineering, who replied:

"We should write our own software copy protection system."

Halt. Full stop. Red alert. DEFCON 3! This is the worst advice possible.

call support small

Let's put it in perspective. Need a car? Build one. Going on vacation? Build an airplane first to fly there. Hungry? Start plowing...

Seriously, rolling your own solution for software copy protection is just asking for trouble. It's one of those things that, well like a lot of things, looks far easier than it is. We've been working on nothing else for over 20 years now and we still aren't finished. There ARE people out there who want to steal your software. Building your own copy protection system will almost certainly not slow down the pirates but will annoy your customers when it misbehaves. So save yourself some trouble. Pick up the phone and call us today

Topics: software copy protection, Anti-piracy, Copy Protection

Is copy protection software really necessary?

Posted by John Browne on Apr 10, 2012 3:37:00 PM

Given the backlash against DRM in the music and video world, do ISVs really want to engage in using copy protection software in their products? Isn't it really true that piracy is a form of viral marketing?

The reasoning goes something like this: customers steal copies of your software application then become hooked on it. You find out they are stealing your software and ask them to become legitimate users. The sales department thinks this is cool because each site with pirated software becomes a kind of lead for them to pursue. 

How in the world do you know who's stolen your software? There are products you can buy that will cause your software to "phone home" and let you know whose got illegal copies. Then you can put pressure on them to convert to a legitimate user.

copy protection software prevents piracy

Ok, that's the argument for allowing pirated copies. What's the argument for adding copy protection software? 

First of all, if you use strong copy protection software you won't get pirated. It's as simple as that. Second, the products that "phone home" are really really expensive. Cheaper to lock the door than to try to recover your stolen diamonds, no? And finally, let's face it, there are places in the world where they frankly don't regard IP rights as meaning much. People with pirated software in those places are unlikely to suddenly start writing checks just because you ask them to.

Want more top-line revenue without the additional expense of paying a "bounty" for identifying pirated users? Just use strong copy protection software and rest easy knowing if they're using it they paid for it.

Topics: Anti-piracy, Copy Protection

Software licensing solutions in the cloud

Posted by John Browne on Mar 26, 2012 8:56:00 AM

With the increasing number of end users taking advantage of SaaS solutions, independent software vendors are faced with new licensing challenges and the need to prevent illegal software copying, as well as the running of a single license on numerous virtual machines.

But there are software licensing solutions for the cloud that can meet these challenges. On the cloud, you can actually achieve highly efficient licensing processes and enhanced protection for your software. You can reduce revenue loss due to piracy while also improving your customers’ experience. You don’t have to include tests in your application code to disable the software if a virtual machine or terminal server session is detected.

There are dongle devices on the market that you can connect to a computer within the customer’s network to enable it to function as a license server. This license service considers each VM or TS as a completely different user. It makes no difference if the use is from a VM, a TS session, or a desktop computer—the license server automatically counts the correct number of users for these “floating licenses.”

Another solution is to connect the dongle directly to the host server, which can be configured as a license server to allow use of floating network licenses, as long as you allow network functionality.

The dongle can also be connected to only a single guest system (an operating system running in a virtual machine), or it can be connected to the terminal server. It’s important in this scenario to use a device that counts local licenses in the same way as network licenses, because all sessions have local access to the license if they are running on the same instance of the operating system.

With the right software licensing solutions for the cloud, software will be disabled whenever multiplying of licenses is attempted using VMs, TM session, or reverse USB hubs.

Topics: License Management, software copy protection, Anti-piracy, Copy Protection

Top 5 factors when picking copy protection software

Posted by John Browne on Mar 23, 2012 6:09:00 AM

Anytime you add a 3rd party component into your overall product stack you need to be thoughtful before you decide. Copy protection software is no different: it's something you will rely on to protect your valuable IP and it's also something that will touch the user's experience of your product.Top 5 factors when picking copy protection software

My top 5 factors when choosing copy protection software for your company:

  1. First of all, find out if it really provides actual copy protection. Some solutions pretend they can protect your software, but in reality they are doing very little to prevent piracy. By that I mean that any reasonable hacker can crack the protection without breaking a sweat. One way to check is to look for cracked copies of their customer's products on the Internet.
  2. What platforms does it support? If you are on the Mac OS, and the tools don't support Lion, what are you going to do? Look for a vendor who has a track record of supporting many different platforms, and providing support for new platform releases immediately after they are available.
  3. How easy is the implementation? Do you have to do everything with API calls? Does it support your programming language of choice? Can you develop your application outside the copy protection software and add the protection after development is finished?
  4. What license options are allowed or--perhaps more importantly--excluded? Does the system allow for virtual machine (VM) use in legitimate instances while blocking VM usage to circumvent licensing restrictions? Does it support new licensing models like pay per use, pay per feature, pay per function?
  5. Can the vendor give you a seamless choice between software activation (cheap and simple) and hardware keys (better security)?

Topics: CodeMeter, software copy protection, Anti-piracy, Copy Protection

Is software copy protection worth the trouble?

Posted by John Browne on Mar 22, 2012 6:00:00 AM

In a word--yes.

In a few more words:
  • It doesn't have to be a lot of trouble.
  • It doesn't have to be expensive.
  • The ROI can be enormous.
Let's take these in inverted order. What's the ROI on effective software copy protection? Potentially millions of dollars. For a minute, forget about the kid who gets a cracked copy of an app from a bit torrent site. I'm talking about criminal enterprises who crack software and sell it as authentic. To (mostly) unsuspecting customers. These are people who buy your software but you don't see any revenue from the transaction. We know customers who came to us after 3rd party audits disclosed just how massive these losses were each year. The investment required to prevent this theft is trivial compared to the eventual return by thwarting thieves.

It doesn't have to be expensive: AxProtector is free, and you really don't need to expend developer resources to have good software copy protection because no source code changes are needed. In fact, you can add copy protection after your software release candidate is done in a matter of minutes. Even if you need dongles, they are relatively cheap compared to getting ripped off.

Software copy protection doesn't have to be hard.It doesn't have to be a lot of trouble: Good protection tools let you write your code without being concerned about software copy protection or license models. Those can come later. Now in the interest of full disclosure there are some situations where you might want to wrap a function or method with a specific call to the API to decrypt that function with its own license. It can, for example, allow that function to have a separate license model such as pay per use or pay per feature. But most licensing options are available with the basic software copy protection offered with AxProtector, which takes only a matter of a few minutes to add.

Topics: CodeMeter, software copy protection, AxProtector, Anti-piracy, Copy Protection

Why media protection and DRM drive customers crazy

Posted by John Browne on Mar 21, 2012 7:20:00 PM

Concerns about piracy have been around long before there was such a thing as media protection, and pirates were just guys with parrots and eye patches. One thing that’s true about both pirates of the high seas and software-swiping pirates: they both steal stuff that doesn’t belong to them.

There are a lot of complaints against DRM. One guess who the most vocal complainers are: people stealing software. And the truth is, they’re right. The media protection brought by DRM is upsetting and irritating, especially if you’re a hacker. It makes the job of copying and illegally distributing your work much, much harder for them.Media protection isn't always petty.

Does DRM have its limitations? Absolutely. However, it’s also the best solution we have to protect ourselves, our product, our companies, and our profit.

The issue is not just about dollars (though of course that’s a large part of it), but also about reputation. If your intellectual property is being copied and distributed without your approval, chances are it’s being changed in other ways besides having the DRM stripped. Although your company name is still associated with that software, the pirated product is not the same as what you actually produced.

Media protection is vital to prevent loss of IP.This inferior imitation doesn’t just take money from your bank account, it harms your entire company reputation. Those who download pirated software rather than purchasing if new have no way of knowing the original is vastly superior. They grouse and grumble about your crappy product, and there’s no way for you to explain that what they have is not really your product.

DRM isn’t just about preventing copying, either. Media protection also applies to individual customer entitlements, expedites license activation and renewal, and assists with implementing different business models such as subscription fees, pay per use, or pay per user. Will DRM prevent all instances of piracy? Nope. But it helps. Much like wearing a seatbelt, media protection protect the developer, the parent company, and the consumers themselves, even if they hate to put that thing on when they get in the car.

Topics: Anti-piracy, Copy Protection, DRM