$1 million reward…report the sale of illegal software over the Internet!
By Jon Gillespie-Brown | May 7, 2008
I am very happy to report that the BSA have announced they are stepping up their campaigns with the addition of Internet based software pirates.
The Business Software Alliance (BSA) is announcing the expansion of its $1 million rewards program to include those that report the sale of illegal software over the Internet, such as in the case of auctions of unlicensed software.
This simply means that this source of "revenue leakage" will start to get eroded faster in my view, I expect most people are reporting piracy because it affects them or their business but it great that think that people now get a ‘pat on the back’ for doing the right thing.
In 2007, BSA shut down over 13,800 online auctions offering more than 50,500 individual software products. The total retail value of those software products was approximately $13.3 million. Nearly two-thirds of the online auctions shut down were on U.S. auction sites. As the chart below demonstrates, the number of auctions removed in the first three months of 2008 increased by nearly three-fold vs. the same period in 2007:
“Piracy over the Internet has increased both in breadth and sophistication in the last few years, and requires us to increase our efforts to combat the issue,” continued MacBride. “BSA and its members feel strongly that it’s time to extend our rewards program to include those that report the sale of illegal software over the Internet so that we make the Internet a safer and secure medium.”
The only sad thing we find talking with many ISV’s is that so many are ignorant of the effects of piracy to their organizations, even a quick Google search with their app name and ‘crack’ often reveals dozens of sites selling their software they didn’t even know about.
Internet based piracy has to be the worst for smaller vendors as its so easy to do, in fact many are affected without the cracker really having to do very much hard core hacking, they haven’t even bothered with rudimentary protection and so it’s simply a case of copying a binary, setting up on eBay, copying marketing blurb from the ISV web site and away the thieves go - they can do this in an afternoon and the chances of getting caught are so small its worth the risk.
At least the BSA are attempting to tackle the issue and so I say "well done to them".
Popularity: 3% [?]
Topics: Software Licensing | No Comments »
 |
 Print This Post
|
VS Live a big hit!
By Jon Gillespie-Brown | April 17, 2008
Nalpeiron attended the VS Live show with two stands and got over 300 registered visitors to discuss our new and exciting Hosted Nalpeiron Licensing Service.
Over just 3 days over half of the conference delegates visited with us and discussed their requirements for Software copy protection, flexible licensing and the ability sell "software on demand".
Nalpeiron displayed their latest exciting revenue enhancing features and services and explained the simple integration process via open APIs, free source code and web services.
Account managers from the US and European offices attended the stands and spoke with potential and existing Customers about their licensing needs.
CEO, Jon Gillespie-Brown was also a guest speaker and gave presentation called "Who cares about Software Piracy anyway".
This was a useful two-way discussion for the attendees of the VS Live conference and helped educate delegates about the pitfalls and home truths about Software Licensing.
The show was only part of an extensive Nalpeiron campaign to explain the benefits and myths surrounding Software Licensing.
To learn more about Nalpeiron, visit our web site: www.nalpeiron.com
Popularity: 14% [?]
Topics: Software Licensing | No Comments »
|
|
Print This Post
|
Piracy rate top ten list
By Jon Gillespie-Brown | April 17, 2008
PC World reports that the largest share of software titles pirated were of the ‘productivity’ category, somewhere around 34 percent, followed by ‘operating system,’ pinned at 23 percent, while the ‘document management’ sector recorded 8 percent, the ‘creativity’ segment had 7 percent and ‘security’ had 6 percent. Some other minor categories, such as accounting, CAD and mapping, each had one percent.
The most frequently pirated software by companies top ten is as follows:
1. Symantec Norton Anti-Virus
2. Adobe Acrobat
3. Symantec PC Anywhere
4. Adobe PhotoShop
5. Autodesk AutoCAD
6. Adobe DreamWeaver
7. Roxio Easy CD/DVD Creator
8. Roxio Toast Titanium - Mac only
9. Ipswitch WS_FTP
10. Nero Ultra Edition
What’s interesting is most of these vendors use either an in-house DRM system or Macrovison - neither are helping prevent piracy?
In-house is not surprising, most vendors do not have the time, engineering or money to invest in a complex encryption and robust copy protection system of their own - that costs $ Millions - and I know as I have invested that amount to create such a solution.
Adobe and Autodesk on the other hand use Macrovison, but it appears that their protection is not strong enough either.
Now to be fair to both parties, the software vendor and Macrovison, you cannot create any form of uncrackable protection but neither of these protections are particularly strong either.
Both parties could have chosen a better and stronger protection like Nalpeiron or one of the other vendors in the market - let’s hope you don’t make the same mistake.
Macrovison tends to get the attention as it’s a larger business and a market leader but that’s not a great reason to buy from them alone - size vs. technology does not guarantee success.
Adobe and Autodesk admit as much themselves as does Symantec but Nalpeiron are more interested in helping small and medium sized ISV’s get the very best protection without the cost of the big ‘names’.
Using newer and better technology allied with a SaaS model we can offer $Millions of engineering value for as little as a few $1000.
Let us help you stay off this list.
>> Why not take a free trial and see for yourself: www.nalpeiron.com/trial
Popularity: 16% [?]
Topics: Software Piracy | No Comments »
|
|
Print This Post
|
“Ghosting” is the easiest way to scare the CFO
By Jon Gillespie-Brown | March 20, 2008
INTRODUCTION:
As we all know “Ghost” and similar disk copying/backup applications are excellent tools for end users for cloning hard drives or for corporate rollouts.
The problem lies with the word, cloning. These programs make a copy of a partition (and sometimes the MBR) and then end users have a re-usable image of the authorized programs on that machine. They can then install working copies on all their other machines and distribute the products to others.
Ghosting or disk backup has to the be the fastest and easiest way to casually copy your software - indeed many end users don’t really even thinks it’s piracy as the technique has become so well known and easy to do.
None of this is good news for your bottom line…and the CFO!
So Nalpeiron came up with several ways to help prevent casual copying using ghost-type programs.
First, our basic technology prevents most types of basic disk copying, period.
However, in cases where the user tries to make a full copy of a drive including the Master Boot record (MBR) we have developed a further way to prevent copying.
USING THE NALPEIRON GHOST BLOCKING
In cases where you suspect disk cloning by end users you have two choices, use the standard protection or use the advanced protection.
The standard protection is built-in and there is no need to do any extra work, but it will not protect against deeper uses of ghosting that use a ‘bit by bit’ cloning process.
If you want to beat those types of cloning attempts you will need to use the advanced protection.
This is very simple; all you have to do is select the “Lock product to HD serial number” radio button when creating your custom DLL.
This option is a secondary level of protection against programs that copy the entire hard disk partition. This function locks the license to the HDD serial number (where present) and therefore prevents the use of ghost type programs from “backing up” a fully licensed copy of your product.
This essentially makes the custom DLL look for and lock the licensing to a specific HDD number. If the disk is cloned and placed on a new machine, before the program runs it will check for the same serial number and if it doesn’t find that it will prevent the application from running and show an error code.
WORKING WITH CORPORATE “ROLLOUTS” USING GHOST TECHNIQUES
You should consider who will be using your software before applying the advanced clone blocking, as the built-in protection maybe enough, and it will also probably allow for the corporates to make legitimate copies of your software when doing rollouts. In other words using the standard protection will keep down casual copiers but at the same time allow for corporate use.
If you plan to use the advanced protection then you should also consider a further option when setting your DLL called “Revert to demo mode when hard drive serial number change detected”.
If you have chosen the “Lock product to HD serial number” option you should be aware that this prevents the wholesale use of corporate tools that clone 100’s PCs and make it easy for them to deploy many applications at once e.g. Microsoft SMS. You may wish to allow that process for certain customers.
The “revert to demo mode” feature assists in this regard in that all the machines will revert to a trial when they are rolled out. Without this selected the recipient machines will not work due to the block above.
This will allow your installs to be rolled out across many PCs from an image of an authorized installation but will revert all the cloned machines to “demo mode” until they are activated (authorized) correctly.
In other words, if you don’t select this then all the cloned machines will fail without showing a demo period, they can still be activated but the user cannot use the program until they activate. But if you do they will gracefully revert to a mode where they can easily use the product until they are activated and node locked successfully.
TECHNICAL ISSUES WITH GHOST TYPE UTILITIES
The advanced option should be used with care as many older HDDs will not have the correct firmware to allow us to read the HDD serial number and this can cause occasional issues for some users.
You can also make multiple DLLs, one set for end users where you want advanced clone protection and one for corporates where you don’t want such high level protection to facilitate easy rollouts.
If you do decide on multiple DLLs do make sure you have different constants in the DLL and code to prevent these DLLs from being exchanged or used by the wrong users i.e. weaker protection being distributed to other users. The constants will ensure that the DLLs will only work with the matching application version.
Popularity: 33% [?]
Topics: Software Piracy | No Comments »
|
|
Print This Post
|
Standing up to EBay’s software piracy epidemic…finally
By Jon Gillespie-Brown | March 10, 2008
For years people have been trying to get eBay to remove pirates from the auction site who are selling cracked copies of their products.
eBay’s refrain “it’s not our fault, we are just the marketplace”…baloney, they don’t want to face up to their responsibilities. Why not? because it will be very hard and very expensive.
They have come up with an onerous and painful way to request politely to have these people removed but when eBay eventually gets round to getting them off - usually after $10Ks of losses for the ISV - these same people just start all over again under a new name. Do they end up in jail no! Is there an disincentive to them or any real downside - no!!
Don’t get me wrong, I realize this must be a colossal pain for eBay and they would not do this if they could easily avoid it but I still don’t see them really stepping up to the plate to actively police and ban the crackers.
What’s even worse is that the other authorities are so swamped unless you are Microsoft or Adobe they don’t want to know…so where does that leave us ISV’s?
Well in reality we have some good choices for Software protection and licensing to help but is should also be down to all the others in the chain that “aid and abet” these crooks to do something about it.
Well I am glad to say that SIIA has stepped up to the plate it has started to take action against some of the more visible resellers of Pirated Software on eBay.
The Software & Information Industry Association (SIIA) announced today it has filed the largest round of lawsuits since launching its auction site anti-piracy program two years ago.
SIIA filed nine separate suits in the US District Court for the Northern District of California, on behalf of members Adobe Systems Incorporated and Symantec Corporation. The lawsuits are part of SIIA’s comprehensive program to battle rampant auctioning of pirated software.
OK, OK it’s for the big boys but it does start the process of a wider crackdown and will hopefully put off some of the smaller crooks too.
“SIIA has declared war against those who continue to sell pirated software on auction sites such as eBay,” says Keith Kupferschmid, SVP of SIIA’s Anti-Piracy Division. “Our goal is to give illegal software sellers a rude awakening, so that unsuspecting software buyers and legitimate sellers are protected. For too long, auction sellers have been able to sell pirated software while risking only the removal of their auction. SIIA has upped the ante by bringing those who pirate software to justice in court.”
This is great for all of us in the longer run as at least the SIIA has an official program to monitor and prosecute unlike eBay and their rivals:
The SIIA Auction Litigation Program monitors popular online auction sites, identifies individuals or groups selling pirated software and sues those pirates on behalf of the association’s member companies.
The SIIA Auction Litigation Program is part of a continuing program to work with buyers and sellers on auction sites to get the word out that pirated software is bad for both ends of the sale. Sellers can be prosecuted and buyers can be stuck with viruses, no technical support and no recourse.
I am also glad that they are trying to popularize the notion with the end user that piracy is not good for them either:
SIIA’s Don’t Get Mad, Get Even Campaign offers a way for purchasers to strike back – they report the illegal sale, provide proof (disks) and receive money back to buy legal copies.
All of us ISV’s need to join in the fight rather than lie down and take it - we should support SIIA and report all of these guys to eBay and the likes on a regular basis until eBay is forced to do more about it or they get the hint!
Popularity: 43% [?]
Topics: Industry News | No Comments »
|
|
Print This Post
|
Beating Software DRM…some of the terms used.
By Jon Gillespie-Brown | March 7, 2008
Useful terms in understanding the software cracker world and how they will try and pirate your Software application.
Pirates beat DRMs through Exploits, KeyGens and Cracks. Each of these approaches is distinct, and requires differing amounts of effort to avoid being pirated.
A brief description of each, in order of least to most effort involved to make them work, can be found below.
Exploits
Exploits are holes in a DRM that can be circumvented without downloading anything to the computer. For example, going into the registry to delete a time limit on a game demo, renaming a hidden .exe file, or using task manager to ‘quit’ the DRM are all things that have been done in the past or can be done currently to circumvent casual game DRMs.
KeyGens
Most DRMs work around an encryption system that delivers the full game to players but limits them to a 60 minute trial. The full game can be unlocked by entering in a serial-type key into the game. Keygens are programs that illegally create serial keys to unlock a portal’s games. They are distributed in multiple ways, often shared among friends, as well as being sold or provided free of charge on web sites around the Internet.
Cracks
Cracks are perhaps the most commonly mentioned type of piracy. In this case the entire game is made DRM free by the addition of a file that impedes the DRM. Closely associated with cracks are ‘cracked games.’ This refers to a DRM-free version of the game that was cracked and then distributed by pirates. Obtaining a crack or a cracked game requires downloading files to the customer’s computer from locations that are clearly illegitimate.
Popularity: 42% [?]
Topics: DRM | No Comments »
|
|
Print This Post
|
One ISV’s view on life and software copy protection
By Jon Gillespie-Brown | March 2, 2008
Kevin Hoctor has something to say on the world of software copy protection and it’s not what you think!
OK so he is fed up with those who wish to rip him off and have cracked his software:
I guess MoneyWell has hit the big time: it was [k’ed]. That means that some sad individual spent his or her time breaking the copy protection and posting it for the 10 percent to use without paying.
However, what’s even more interesting is his attitude to those that live the life as a software cracker sucking the blood out of even the smallest ISV.
His point is that crackers don’t seem to care who they hurt, they are the leeches of our software industry but in the end they are really just hurting themselves by not ‘contributing’ to society simply living off other people’s hard work. Here, here Kevin…
So to end this on a positive note, there are rewards to living a life of abundance—a life where there is always enough to go around and someone else doesn’t have to lose for you to win. If you believe that by giving you will be rewarded tenfold, then it is true. We do more with our attitudes and actions to shape our own futures than the cynics of the world would like us to believe.
As someone who has lost over 50% of his software revenues in the past to idiots who exploit the rest of us I have to say that his attitude is unusual - people tend to either just ignore the piracy or get really mad about it.
I did both, paid a high price in $$s and then decided to do something about it by starting Nalpeiron many years ago.
Take a look at his blog it’s most interesting:
http://kevinhoctor.blogspot.com/2008/02/taking-care-of-90-percent.html
Popularity: 51% [?]
Topics: Industry News, Software Piracy | No Comments »
|
|
Print This Post
|
The question "isn’t whether or not to fight piracy, but what is the best way to fight it".
By Jon Gillespie-Brown | February 29, 2008
Russell Carroll (Ricochet) reveals that one of his Company’s games has a 92% piracy rate!
“It looks like around 92% of the people playing the full version of Ricochet Infinity pirated it.”
Knowing many other gaming companies these is not that unusual - what is odd is that so little has been done to effectively fight the pirates.
It’s moments like those that make people in the industry stop dead in their tracks. 92% is a huge number and though we were only measuring people who had gotten the game from Reflexive and gone online with it, it seemed improbable that those who acquired the game elsewhere or didn’t go online were any more likely to have purchased it. As we sat and pondered the financial implications of such piracy, it was hard to get past the magnitude of the number itself: 92%.
In casual gaming where most of the industry sells an Internet-distributed product, piracy is a common problem. Any quick search will help you find and illegally acquire every casual game you can imagine.
One way to fight the search-engine facilitated piracy is to work to remove the ever-expanding number of links to illegal copies, but in many cases improving the Digital Rights Management (DRM) system to be more secure can be more effective as it renders a large number of those links obsolete.
So developers are left trying to get ISP’s, web sites and other crack destinations to remove illegal copies but that’s a practical impossibility - as is getting rid of all the people on eBay selling cracked copies too - I know I have tried and tried!
So the next best thing is the use a better copy protection system and prevent all the usual leakage from happening by focusing on a more robust approach to all the areas of weakness.
Here are a few examples to strengthen your protection without making life hard for the end user:
- Don’t use a wrapper based protection and make sure when you write the code you spend time using techniques to make removing protection calls from the code itself difficult;
- Don’t use a keygen system that is available to others (i.e. many protection vendors ship the server side keygen code or keygens themselves);
- Don’t use a weak system that writes to the registry or has some other file based protection that can be circumvented or copied (e.g. windows);
- Make sure that there is a total end-to-end security policy with encryption i.e. it only takes one part of the chain to be broken to break the whole system;
- Watch out for simple loopholes like the use of Ghost or VM’s to clone working copies or provide unlimited demos;
- Check the vendor’s tools are not widely cracked, this is only a problem for dongles and wrapper based protections as these are universal - crack once, break all the products;
- Don’t use a system that creates a fingerprint of the recipient PC or alphanumeric codes as these just make it very hard for the end user and they will complain;
See this useful article about beating the crackers
Russell makes the point perfectly:
This is tricky to be sure, because improving the security must be done without making the DRM so onerous that it keeps honest customers from purchasing games.
He is admits to one part of the problem:
Reflexive, where I work, is in a peculiar position in this regard. Whereas most of the casual games industry licenses their DRM from a vendor, Reflexive has its own in-house DRM. Over the years it has undergone many improvements, including several changes made specifically to combat piracy.
Of course if you build your own you had better know how to do all of the above and more or you will suffer - Reflexive have proven the case with a 92% piracy rate.
So, you need a strong protection product but one that’s also very easy to use for the end user!
Reflexive have had to keep fixing and wasting engineering time and effort to stem the tide against them and indeed it seems after much effort they have got their in-house system up to speed and it has made a big difference = Sales up 70%
Fixing The Holes - The Results
Below are the results of Reflexive.com sales and downloads immediately following each update:
Fix 1 – Existing Exploits & Keygens made obsolete – Sales up 70%, Downloads down 33%
Fix 2 – Existing Keygens made obsolete – Sales down slightly, Downloads flat
Fix 3 – Existing Cracks made obsolete – Sales flat, Downloads flat
Fix 4 – Keygens made game-specific – Sales up 13%, Downloads down 16% (note: fix made after the release of Ricochet Infinity)From the results above, it seems clear that eliminating piracy through a stronger DRM can result in significantly increased sales..
However, if they had started off with protection without most of the issues in the first place that would have surely saved not only such a high piracy rate but also all the manpower and engineering costs?
Read the full article here:
http://www.gamasutra.com/php-bin/news_index.php?story=17350
Popularity: 49% [?]
Topics: Software Piracy | No Comments »
|
|
Print This Post
|
The risks of VMWare and how it works with software copy protection
By Jon Gillespie-Brown | February 24, 2008
INTRODUCTION
As we all know VMware is an excellent tool for developers, especially for testing and cloning.
The problem lies with the last word, cloning. This is like the problem we encounter with the use of disk backup programs like Ghost. These programs make a copy of a partition and the MBR and then end users have a re-usable image of the authorized programs on that machine. They can then install working copies on all their other machines and distribute the products to others.
The one key area that VMware differs from this scenario is that VM’s do not interact directly with the operating system like a partition backup. In simple terms they create a virtual space that ‘spoofs’ the responses that would have come from an operating system and so we have to protect against the threat in a different way.
So Nalpeiron came up with a way to detect and prevent the activation (authorization) of licenses on machines with VMware (and VirtualPC) that is selectable by our developers to prevent the use of “cloning” as a way to pirate your software.
TECHNICAL ISSUES WITH VMWARE TYPE SYSTEMS
We did not and cannot come up with a way to run inside a Virtual machine unless we have the source code to that environment or the manufacturer releases a specific way for the VM to access the operating system. We have requested this assistance but so far the likes of VMware will not release what we need to be able to develop a copy protection system to run under a VM and nor can any else for the same reasons.
The Nalpeiron Licensing Service makes calls to the operating system, processes the results, and then makes other calls to the operating system, doing among other things, storing encrypted license information. If a virtual machine or emulator fails to supply needed information or perform any of the other tasks requested then the Nalpeiron Licensing Service will not work.
The Nalpeiron Licensing Service is designed to work on hardware (such as PCs under Windows 2000, XP, and VISTA plus Mac OSX operating systems) and not directly within virtual machines or emulators of any sort. This includes Macintosh computers running Windows. While it may work with some emulators and/or virtual machines, that performance is not guaranteed and my not continue when the publisher of those products makes any changes.
It is safest to assume that highly secure copy protection systems will not perform properly in these environments due to the technical limitations outlined.
HOW THE NALPEIRON SOLUTION WORKS
Nalpeiron provides function calls built into our copy protection checks for the use of VM’s and so there is no programming required.
You get two options when creating a Custom DLL, either block VMware or not.
If you select block VMware, the copy protection will cease to function and display an error message when detecting a VM (VMware and Vpc).
If you don’t block VMware then you can install under a VM environment but you have no protection as outlined in this document. This means that the application will install fine but if the user clones a VM then they will be able to re-use that cloned copy of the program any way they choose, the copy protection cannot prevent illicit use.
The Nalpeiron function, when used, essentially alerts the developer to the presence of VMware and allows you to block an activation event as a result. This then prevents the install of the working software on a machine and this in turn prevents a copy of the Authorized Version being cloned and used by others.
USING VMWARE TYPE SYSTEMS FOR TESTING COPY PROTECTION
The issue is deeper than this however, as many of our customers have asked if they can still use VMware for testing purposes. The problem with using a VM system test is that it runs it in a precisely defined environment.
It is useful for testing a non-copy protected application for functionality under different versions of Windows, but has only extremely limited benefit for testing anything to do with copy protection. Useful test results for copy protection can only come from running the copy protected product in a lot of very different computers and versions of Windows; the more the better.
VMware gives developers a false since of security since for copy protection purposes the VM actually prevents direct access to the operating system and only “emulates” the results which may or may not be true for the protection.
Some other copy protection products appear to work with virtual machines but in these cases all they do is get some basic piece of easy-to-get information then store it in an encrypted file. In this day and age, that is no protection at all.
THE RISKS ASSOCIATED WITH INSTALLATION ON VMWARE
Anybody with VMware can upload onto the web a binary(s) that can be downloaded and will run a protected program on any computer. While this method is not stripping the protection from a product, it is doing the next best thing.
Also, assuming somebody is not saving the VMware environment onto a flash drive, demos will run forever.
The bottom line is that it is not only effectively stripping the protection from a product, it is setting up a huge number of customer complaints because of lost activations, and it is allowing unlimited demos. Once a cloned demo or product is out in the “wild” it is essentially open for use by anyone. Developers beware!
Popularity: 73% [?]
Topics: Software Licensing | 1 Comment »
|
|
Print This Post
|
Macrovision sells off licensing business - the end has arrived?
By Jon Gillespie-Brown | February 20, 2008
Well we could see this coming, but what does it mean for Macrovision customers?
Our friends still inside Macrovision tell us that there has been a ‘yahoo’ effect with most of the talented people gone or going, so will the new owners a "private equity investment firm" be able to attract new talent?
Thoma Cressey Bravo are clearly talented business turnaround experts but do they have the skills to make Macrovision better, or will the old business just end up in a rest home. TCB are clearly great negotiators as they have bought the ailing business unit for 2x revenues but with the old business needing the cash for their buyout ‘beggars can’t be choosers’.
Will they change the universally hated % charging model that current customers dislike so much or will they just try and milk those old customers?
With the Flex technology being 20 years old, will they start to re-invest rather than keep squeezing revenue out of the old technology?
There are far more questions than answers about the Macrovision licensing business.
But one thing is for sure it’s gone and who knows if it will be ‘back’ again with all the original innovators and engineers no longer with the business - indeed we don’t even know what they will be calling it.
I am sure they must be hoping their customers will stick with it when there are so many newer and better alternatives available in today’s competitive world.
For more details on the sale see the news release
Tags: macrovision, licensing, software licensing, drm, installshield
Popularity: 59% [?]
Topics: Industry News | No Comments »
|
|
Print This Post
|
