 |
 |
Saw an interesting article today by Peldi Guilizzoni and he mentions what many people think is true about the user and their propensity to use pirate software.
I don’t think it’s very scientific but it is a valuable argument, who will pay and who will not and why?
I also think the basic concept is sound – unfortunately people will avoid paying if a free/ripoff alternative is easily available.
The easy way to fix the conundrum in any event is to make your software easily available and to protect it will a user friendly but robust licensing solution and let the power of fully functional trials (rather then cracked software) do the viral marketing for you!
Here’s what Peldi says:
I don’t like generalizing, but here it goes. I believe there are 3 main categories of software users when it comes to purchasing software versus stealing it: “those who’ll buy”, “those who might buy” and “those who will never buy”.
I the pie chart below I refined it a bit to 5 categories, and since I don’t know how big they really are, I intentionally made all the pieces the same size, except for the yellow one, which I believe is the biggest one:
Let me describe each piece before discussing how I approach each one.
- At one end of the spectrum are those who will never spend money on your software. This category includes actual criminals who will steal your SW to repackage it and sell it, high school kids who like to show off their hacking skills, and also very legitimate and respectable entities like the Free Software Foundation.
- Then there’s a piece of the world population who simply cannot afford to spend money on your software, or at least not a lot. These people probably don’t feel great about using cracked versions of your software, but they do it because they need it and cannot afford what you are charging for it. In other words, they have bigger problems to deal with.
- I think the majority of people in the world fit in the yellow (gray?) area in the middle. They’ll use pirated software if it’s easy to get, but will pay for it otherwise. The more expensive the software, the more these people will shift towards the red pieces.
- Then there’s a piece that only pays for software because they fear getting caught stealing it. I think this pie includes a big chunk of businesses too.
- The last piece is the nice guys, the honest people who pay for what they use, pay all of their taxes, etc.
In the end its about getting the maximum amount of the "pie" for you for all your hard labor with the minimum hassle to both you and your customers…we think a hosted licensing solution is the answer!
I came across this excellent page for students at Cornell, it’s a clear and effective page about how to correctly use, manage, monitor and control the school’s software assets.
The reason I post this is because it could also be the basis of useful advice for your clients to help them ensure they are compliant and up to date with their software licensing.
—————————
Software Piracy: What You Should Know
Take a look at the page here: http://www.cit.cornell.edu/policy/copyright/software.html
Whether you call it borrowing, copying, sharing or “fair use,” software piracy is illegal and puts Cornell’s students, faculty and staff, as well as the university itself, at risk for legal action.
- What is software piracy, exactly?
- What’s the harm in making a few extra copies?
- How will Cornell ever find out that I have illegal software?
- What happens when illegal software is found?
- My co-workers are copying software, but I don’t want to be a tattletale and I’m worried about losing my job. What should I do?
- Our software budget wasn’t big enough this year. Can we make copies for now and buy enough for everyone next year?
- I just started this job, and I’m using the former employee’s computer. How do I know if my software is legal?
- I’m the new technology support provider for 50 people, and the record-keeping here has been pretty bad. How should I go about verifying all this software?
- When my computer was delivered, it had software installed on it. Is this software already legally licensed?
- I require my students to use certain software for assignments. Since I’m using it for educational purposes, I can give them copies, right?
- I’m trying to decide which software package to buy. Can I install my co-workers’ software just to try it, if I remove it right after I’m done?
- If Cornell has a site license for something, does that mean we can copy it to as many computers as we want?
- Can I put Cornell site-licensed software on a computer Cornell doesn’t own — for example, my home computer?
- I work at home sometimes. Can I copy software from my work computer to my laptop or home computer, since I won’t be using both at the same time?
- A friend recommended some great software, but the publisher is out of business. Would it be OK to get a copy from my friend?
- We have lots of old software sitting around. Can we give it away to schools or charities? Or sell it?
- I’m leaving Cornell. Do I have to get rid of any software on my home computer?
- I still have some questions. Who can I ask?
Take a look at the page here: http://www.cit.cornell.edu/policy/copyright/software.html
PC World reports that the largest share of software titles pirated were of the ‘productivity’ category, somewhere around 34 percent, followed by ‘operating system,’ pinned at 23 percent, while the ‘document management’ sector recorded 8 percent, the ‘creativity’ segment had 7 percent and ‘security’ had 6 percent. Some other minor categories, such as accounting, CAD and mapping, each had one percent.
The most frequently pirated software by companies top ten is as follows:
1. Symantec Norton Anti-Virus
2. Adobe Acrobat
3. Symantec PC Anywhere
4. Adobe PhotoShop
5. Autodesk AutoCAD
6. Adobe DreamWeaver
7. Roxio Easy CD/DVD Creator
8. Roxio Toast Titanium – Mac only
9. Ipswitch WS_FTP
10. Nero Ultra Edition
What’s interesting is most of these vendors use either an in-house DRM system or Macrovison – neither are helping prevent piracy?
In-house is not surprising, most vendors do not have the time, engineering or money to invest in a complex encryption and robust copy protection system of their own – that costs $ Millions – and I know as I have invested that amount to create such a solution.
Adobe and Autodesk on the other hand use Macrovison, but it appears that their protection is not strong enough either.
Now to be fair to both parties, the software vendor and Macrovison, you cannot create any form of uncrackable protection but neither of these protections are particularly strong either.
Both parties could have chosen a better and stronger protection like Nalpeiron or one of the other vendors in the market – let’s hope you don’t make the same mistake.
Macrovison tends to get the attention as it’s a larger business and a market leader but that’s not a great reason to buy from them alone – size vs. technology does not guarantee success.
Adobe and Autodesk admit as much themselves as does Symantec but Nalpeiron are more interested in helping small and medium sized ISV’s get the very best protection without the cost of the big ‘names’.
Using newer and better technology allied with a SaaS model we can offer $Millions of engineering value for as little as a few $1000.
Let us help you stay off this list.
>> Why not take a free trial and see for yourself: www.nalpeiron.com/trial
INTRODUCTION:
As we all know “Ghost” and similar disk copying/backup applications are excellent tools for end users for cloning hard drives or for corporate rollouts.
The problem lies with the word, cloning. These programs make a copy of a partition (and sometimes the MBR) and then end users have a re-usable image of the authorized programs on that machine. They can then install working copies on all their other machines and distribute the products to others.
Ghosting or disk backup has to the be the fastest and easiest way to casually copy your software – indeed many end users don’t really even thinks it’s piracy as the technique has become so well known and easy to do.
None of this is good news for your bottom line…and the CFO!
So Nalpeiron came up with several ways to help prevent casual copying using ghost-type programs.
First, our basic technology prevents most types of basic disk copying, period.
However, in cases where the user tries to make a full copy of a drive including the Master Boot record (MBR) we have developed a further way to prevent copying.
USING THE NALPEIRON GHOST BLOCKING
In cases where you suspect disk cloning by end users you have two choices, use the standard protection or use the advanced protection.
The standard protection is built-in and there is no need to do any extra work, but it will not protect against deeper uses of ghosting that use a ‘bit by bit’ cloning process.
If you want to beat those types of cloning attempts you will need to use the advanced protection.
This is very simple; all you have to do is select the “Lock product to HD serial number” radio button when creating your custom DLL.
This option is a secondary level of protection against programs that copy the entire hard disk partition. This function locks the license to the HDD serial number (where present) and therefore prevents the use of ghost type programs from “backing up” a fully licensed copy of your product.
This essentially makes the custom DLL look for and lock the licensing to a specific HDD number. If the disk is cloned and placed on a new machine, before the program runs it will check for the same serial number and if it doesn’t find that it will prevent the application from running and show an error code.
WORKING WITH CORPORATE “ROLLOUTS” USING GHOST TECHNIQUES
You should consider who will be using your software before applying the advanced clone blocking, as the built-in protection maybe enough, and it will also probably allow for the corporates to make legitimate copies of your software when doing rollouts. In other words using the standard protection will keep down casual copiers but at the same time allow for corporate use.
If you plan to use the advanced protection then you should also consider a further option when setting your DLL called “Revert to demo mode when hard drive serial number change detected”.
If you have chosen the “Lock product to HD serial number” option you should be aware that this prevents the wholesale use of corporate tools that clone 100’s PCs and make it easy for them to deploy many applications at once e.g. Microsoft SMS. You may wish to allow that process for certain customers.
The “revert to demo mode” feature assists in this regard in that all the machines will revert to a trial when they are rolled out. Without this selected the recipient machines will not work due to the block above.
This will allow your installs to be rolled out across many PCs from an image of an authorized installation but will revert all the cloned machines to “demo mode” until they are activated (authorized) correctly.
In other words, if you don’t select this then all the cloned machines will fail without showing a demo period, they can still be activated but the user cannot use the program until they activate. But if you do they will gracefully revert to a mode where they can easily use the product until they are activated and node locked successfully.
TECHNICAL ISSUES WITH GHOST TYPE UTILITIES
The advanced option should be used with care as many older HDDs will not have the correct firmware to allow us to read the HDD serial number and this can cause occasional issues for some users.
You can also make multiple DLLs, one set for end users where you want advanced clone protection and one for corporates where you don’t want such high level protection to facilitate easy rollouts.
If you do decide on multiple DLLs do make sure you have different constants in the DLL and code to prevent these DLLs from being exchanged or used by the wrong users i.e. weaker protection being distributed to other users. The constants will ensure that the DLLs will only work with the matching application version.
 Kevin Hoctor has something to say on the world of software copy protection and it’s not what you think!
OK so he is fed up with those who wish to rip him off and have cracked his software:
I guess MoneyWell has hit the big time: it was [k'ed]. That means that some sad individual spent his or her time breaking the copy protection and posting it for the 10 percent to use without paying.
However, what’s even more interesting is his attitude to those that live the life as a software cracker sucking the blood out of even the smallest ISV.
His point is that crackers don’t seem to care who they hurt, they are the leeches of our software industry but in the end they are really just hurting themselves by not ‘contributing’ to society simply living off other people’s hard work. Here, here Kevin…
So to end this on a positive note, there are rewards to living a life of abundance—a life where there is always enough to go around and someone else doesn’t have to lose for you to win. If you believe that by giving you will be rewarded tenfold, then it is true. We do more with our attitudes and actions to shape our own futures than the cynics of the world would like us to believe.
As someone who has lost over 50% of his software revenues in the past to idiots who exploit the rest of us I have to say that his attitude is unusual – people tend to either just ignore the piracy or get really mad about it.
I did both, paid a high price in $$s and then decided to do something about it by starting Nalpeiron many years ago.
Take a look at his blog it’s most interesting:
http://kevinhoctor.blogspot.com/2008/02/taking-care-of-90-percent.html
Russell Carroll (Ricochet) reveals that one of his Company’s games has a 92% piracy rate!
“It looks like around 92% of the people playing the full version of Ricochet Infinity pirated it.”
Knowing many other gaming companies these is not that unusual – what is odd is that so little has been done to effectively fight the pirates.
It’s moments like those that make people in the industry stop dead in their tracks. 92% is a huge number and though we were only measuring people who had gotten the game from Reflexive and gone online with it, it seemed improbable that those who acquired the game elsewhere or didn’t go online were any more likely to have purchased it. As we sat and pondered the financial implications of such piracy, it was hard to get past the magnitude of the number itself: 92%.
In casual gaming where most of the industry sells an Internet-distributed product, piracy is a common problem. Any quick search will help you find and illegally acquire every casual game you can imagine.
One way to fight the search-engine facilitated piracy is to work to remove the ever-expanding number of links to illegal copies, but in many cases improving the Digital Rights Management (DRM) system to be more secure can be more effective as it renders a large number of those links obsolete.
So developers are left trying to get ISP’s, web sites and other crack destinations to remove illegal copies but that’s a practical impossibility – as is getting rid of all the people on eBay selling cracked copies too – I know I have tried and tried!
So the next best thing is the use a better copy protection system and prevent all the usual leakage from happening by focusing on a more robust approach to all the areas of weakness.
Here are a few examples to strengthen your protection without making life hard for the end user:
- Don’t use a wrapper based protection and make sure when you write the code you spend time using techniques to make removing protection calls from the code itself difficult;
- Don’t use a keygen system that is available to others (i.e. many protection vendors ship the server side keygen code or keygens themselves);
- Don’t use a weak system that writes to the registry or has some other file based protection that can be circumvented or copied (e.g. windows);
- Make sure that there is a total end-to-end security policy with encryption i.e. it only takes one part of the chain to be broken to break the whole system;
- Watch out for simple loopholes like the use of Ghost or VM’s to clone working copies or provide unlimited demos;
- Check the vendor’s tools are not widely cracked, this is only a problem for dongles and wrapper based protections as these are universal – crack once, break all the products;
- Don’t use a system that creates a fingerprint of the recipient PC or alphanumeric codes as these just make it very hard for the end user and they will complain;
See this useful article about beating the crackers
Russell makes the point perfectly:
This is tricky to be sure, because improving the security must be done without making the DRM so onerous that it keeps honest customers from purchasing games.
He is admits to one part of the problem:
Reflexive, where I work, is in a peculiar position in this regard. Whereas most of the casual games industry licenses their DRM from a vendor, Reflexive has its own in-house DRM. Over the years it has undergone many improvements, including several changes made specifically to combat piracy.
Of course if you build your own you had better know how to do all of the above and more or you will suffer – Reflexive have proven the case with a 92% piracy rate.
So, you need a strong protection product but one that’s also very easy to use for the end user!
Reflexive have had to keep fixing and wasting engineering time and effort to stem the tide against them and indeed it seems after much effort they have got their in-house system up to speed and it has made a big difference = Sales up 70%
Fixing The Holes – The Results
Below are the results of Reflexive.com sales and downloads immediately following each update:
Fix 1 – Existing Exploits & Keygens made obsolete – Sales up 70%, Downloads down 33%
Fix 2 – Existing Keygens made obsolete – Sales down slightly, Downloads flat
Fix 3 – Existing Cracks made obsolete – Sales flat, Downloads flat
Fix 4 – Keygens made game-specific – Sales up 13%, Downloads down 16% (note: fix made after the release of Ricochet Infinity)
From the results above, it seems clear that eliminating piracy through a stronger DRM can result in significantly increased sales..
However, if they had started off with protection without most of the issues in the first place that would have surely saved not only such a high piracy rate but also all the manpower and engineering costs?
Read the full article here:
http://www.gamasutra.com/php-bin/news_index.php?story=17350
Software anti-piracy tip sheet for application developers wishing to achieve better software copy protection.
These are general ideas on what you can do with your code and protection routines and it assumes that you are using a high quality API based protection solution and not a wrapper product.
- The general rule is: Hard to crack copy protection code is convoluted and frequently looks like terrible coding.
- Break the check copy protection function into 3 or 4 parts, with at least 3 duplicates of each.
- Put a very simple one like our sample at the beginning of the program and then scatter the real tests later on in the program, calling the duplicates of the basic functions.
- Do not EVER put any of the remaining tests at the point where a dialog box opens or closes. Bury them deep and spread out in the program itself.
- Do not display any error messages for the remaining tests, simply cause the program to crash, by accessing an array out of bounds, or cause it to start generating errors.
- Have one final copy protection test that looks different from all the rest. Also, if this check returns an error, start a subtle error that will not show up for a couple of days. Example: instead of comparing the results to a constant or arithmetic function, perform a complicated function on the results and store as a variable to be used later in the program.
- Build the strings that represent the protection DLL and the function you wish to call, do NOT simply build a string in the approved way.
- In all but the first copy protection test, when comparing return values, do not compare the return values to constants; compare them to complicated arithmetic functions.
- In the last 2 copy protection tests, widely separate the protection calls to and also widely separate checking the results. This means doing something like calling the DLL different subroutines, saving the results in some way that looks like ordinary processing of data, and then checking the results several functions later.
- Bury all of the parts of the copy protection tests in present and necessary functions and try to incorporate something subtly necessary in the middle of the lines of code that are performing that part of the test.
As technology and distribution media continued to evolve, the market has produced solutions that break down into four main areas.
Each of these solutions offers its own strengths and weaknesses, but all of them have one thing in common: they are still weapons in the ongoing cat-and-mouse battle between software developers and pirates, and should be constantly evolving.
Beware of copy protection vendors who promise you a totally uncrackable system.
Nevertheless, these systems can help to protect your intellectual property by making it more difficult for pirates to crack them. They can also be used to help control the distribution of your software and offer payment alternatives, such as try before you buy, usage payments, and timed (lease) payments.
Dongles
Considered old hat by most developers, dongles are expensive on a per-product basis because of the extra manufacturing costs involved. They also reduce the flexibility for the end user.
Nevertheless, dongles are still used on more expensive software products where the cost of the protection is in line with the cost of the software, and standard USB key dongles have helped to reduce this price threshold.
For more details about the misconceptions surrounding dongle security, see our quick guide, The Truth about Hardware Dongles.
Media protection
The introduction of media such as CD and DVD has led to commercial duplication systems that introduce deliberate errors into the CD during the burning process. These errors contain patterns that can be used by the program on the CD to check that it is being loaded from the original media. While these systems can yield results, they cannot work effectively with online distribution because there is no media involved.
Crackers have also reportedly circumnavigated various generations of this protection, meaning that it must be constantly updated, just like other systems.
Software wrappers
Evolving from the loader based mechanisms found in some software protection systems, software wrappers are considered by many developers to be among the easiest products to use, because they are often designed to be easily integrated into any product.
However, that ease of use comes at a price. Once cracked, a software wrapper can be countered with an un-wrapper that is easy to distribute and run.
Developers should also be wary of future operating system developments when using wrappers.
Unless you are sure that your wrapper solution will survive Windows Vista and future operating system upgrades, for example, you could find yourself with increasing support costs in the future.
Software Development Kits
An SDK is a piece of copy protection code that has been developed for a specific application environment.
SDK’s are harder to implement than wrapper technology because you must be a developer with the tools that built the original application. They can nevertheless be relatively simple to implement if the correct solution is chosen.
SDK’s are stronger and harder to hack than wrappers and much cheaper and more flexible than dongles. They also tend to have more features and integrate with applications much more tightly, allowing for features such as custom screens, for example.
"Trialware" or demonstration versions of Software products are an essential marketing tool for every Software Company today.
Trialware is a protected, fully functional trial version of a product.
Trialware enables customers to use the latest version of a product with all of its features fully available on a trial basis. After a predetermined trial limit (either a specified number of days or a specified number of uses) has been reached, the trialware expires.
However, trialware is also a favorite target of the ‘cracker’ community. Cheap, poor and weak technologies essentially put your Software in the wrong hands for free!
Many products use wrapper technology that simply encapsulates the code and even a kid can download the un-wrap utility to remove the protection.
Using a combination of highly secure licensing technology implemented via an API based SDK is the start. This is simply because wrappers are a generic solution, once a wrapper technology has been cracked every product protected by the technology is easy to reverse engineer with a single click!
API based solutions require that you embed licensing technology WITHIN your code, this simply means that a cracker has to break every product so protected one by one – this is a lot more work and very much harder, therefore not only preventing most crackers but also making much less cost effective.
Also make sure you use license codes that are sufficiently long and strong and license key generators that are never made available outside the Software Publisher (and never on a public server) are the best way to secure your demo software. If you trawl the Internet you will find many of the cheaper software licensing technologies license key generators free for use, this then means the end user can make their own license keys and once again avoid paying for the software.
Match the secured software demonstration with an equally strong license and activation server based in resilient, fire walled and fully protected server technology and you will have the best solution to beat the crackers.
Of course, you also need to make the trials very flexible for your Customers and easy for them to ‘unlock’ once they have purchased so it is equally important that the licensing software and activation solution are very easy to use and Customer friendly.
|
|
