Wibu-Systems Blog

What is software piracy?

Posted by John Browne on Jan 12, 2011 4:45:00 AM

Software piracy is the unauthorized duplication of programs such as operating systems, applications, and utilities. In 2009, 43% of all software globally was pirated. In China alone over $7 billion worth of software was stolen in 2009.

Piracy is often the result of organized criminal enterprises who crack copy-protection schemes and then manufacture counterfeit copies of commercial software. It can be very difficult for end-users to tell counterfeit software from legitimate copies.

Pirated software (also known as “cracked” software) can contain malware such as Trojan horses, bots, and keyboard loggers. The widespread use of peer-to-peer (P2P) file sharing such as bit torrent sites has rapidly increased the distribution and availability of pirated software. Counterfeit software is sold via online auction sites, often to end users who are unaware that they are purchasing illegal and potential dangerous software.

Software developers work diligently to prevent their software from illegal piracy. Systems such as code obfuscation or machine binding are popular but easily cracked by sophisticated pirates.

The only truly fool-proof method to prevent illegal piracy is through the same method that the US Government uses to protect its most valuable secrets: encryption. By encrypting the application program and its data, piracy can be prevented. CodeMeter uses AES 128-bit encryption to protect programs from piracy. A brute-force crack of CodeMeter’s encryption would require the pirate to find the one key that works in the approximately 340,000,000,000,000,000,000,000,000,000,000,000,000 (3.4 x 10^38) possibilities. CodeMeter’s strongest security comes when the private key data is stored in the CmStick—a Smart Card based dongle that is effectively uncrackable.

How do we know it's uncrackable? Because Wibu-Systems is the only software-protection company bold enough to offer crackers a large cash ($40,000) prize if they could crack CodeMeter. And, although many have tried, none has succeeded. Nevertheless, we know that the battle with crackers requires constant vigilance, which is why we continually updates our protection methods as we find new exploits that crackers attempt to use.

Check out CodeMeter if you are looking for a great software anti-piracy solution or simply contact us.

Topics: CodeMeter, software copy protection, Copy Protection, Anti-piracy, dongles, software piracy, FAQ, mythbustin'

Not your Daddy's dongle

Posted by John Browne on Dec 14, 2010 9:00:00 AM

I hear a lot of confusion and mis-information out in the market about dongles these days. A lot of this is based on people's experiences in the 1980s with early dongles.

Here are some common myths about dongles and the actual facts:

1. Dongles are unreliable. Sure, the really cheap stuff might be, but CodeMeter has a failure rate that's so small we are happy to guarantee the dongle for life. I even drove over one in my Subaru and it still worked. I can't remember hearing about any that have failed in the field.

2. Dongle drivers are problematic. Good dongles don't use drivers--CodeMeter uses Windows services (or Mac or Linux depending on the OS) so no drivers are installed. Basically a CmStick looks like a flash drive to the OS. Since Microsoft estimates that half of all Windows crashes historically are due to buggy device drivers (produced by 3rd party hardware vendors) this is good. I would avoid dongles that require custom device drivers.

3. Dongles can be cracked. Hey, anything can be cracked, given enough time, computing power, and smarts. You can blow any safe with enough dynamite but is it worth it? The architecture of CodeMeter would require lots of dynamite--that is, significant time and energy to create a crack, and then it's a one-time crack only. No universal crack is possible due to the nature of the key exchange.

4. Dongles are a nuisance for users. Not really; they're not any more trouble than the ignition key you have for your car. Want to use the car? Put in the ignition key and turn it. And a dongle can do something your car keys can't: let you run your software on multiple computers (just not necessarily at the same time). So if a computer fails, you could already have the software installed on a backup machine, just waiting for you to insert the dongle and go. That's pretty handy if you're running factory floor automation software, or controlling the mix at a concert.

5. You can build your own dongle out of a cheap USB flash drive. Sure you can, but why? First of all, a "good" dongle isn't just a cheap USB flash drive. CodeMeter is a smart card chip, high-end memory controller, and a bunch of memory, all on a physical device (USB, SD, micro SD, CF, etc). And then there's the firmware. Unless your crypto skills can match our full-time rocket scientist cryptographer, don't even try. The crackers are miles ahead of you.

6. The API beats a wrapper hands down. Ok, not technically a dongle-related myth, but part of the story. Wrappers (or "envelopes") enclose an executable in some sort of protection scheme that can be unlocked only if the dongle is present. Some wrappers are worthless, leading to their bad reputation. Our wrapper (AxProtector) is a full encryption system that include all the protection know-how we've amassed over 21 years. We update it all the time to make it stronger. Using it will guarantee you the strongest possible protection against piracy. I'll save a more detailed discussion of tools for another blog.

Got a dongle myth you want busted? Post a comment here.

Topics: CodeMeter, software copy protection, dongles, dongle drivers, mythbustin'