The question "isn’t whether or not to fight piracy, but what is the best way to fight it".

« The risks of VMWare and how it works with software copy protection | Home | One ISV’s view on life and software copy protection »

The question "isn’t whether or not to fight piracy, but what is the best way to fight it".

By Jon Gillespie-Brown | February 29, 2008

Russell Carroll (Ricochet) reveals that one of his Company’s games has a 92% piracy rate!

“It looks like around 92% of the people playing the full version of Ricochet Infinity pirated it.”

Knowing many other gaming companies these is not that unusual - what is odd is that so little has been done to effectively fight the pirates.

It’s moments like those that make people in the industry stop dead in their tracks. 92% is a huge number and though we were only measuring people who had gotten the game from Reflexive and gone online with it, it seemed improbable that those who acquired the game elsewhere or didn’t go online were any more likely to have purchased it. As we sat and pondered the financial implications of such piracy, it was hard to get past the magnitude of the number itself: 92%.

In casual gaming where most of the industry sells an Internet-distributed product, piracy is a common problem. Any quick search will help you find and illegally acquire every casual game you can imagine.

One way to fight the search-engine facilitated piracy is to work to remove the ever-expanding number of links to illegal copies, but in many cases improving the Digital Rights Management (DRM) system to be more secure can be more effective as it renders a large number of those links obsolete.

So developers are left trying to get ISP’s, web sites and other crack destinations to remove illegal copies but that’s a practical impossibility - as is getting rid of all the people on eBay selling cracked copies too - I know I have tried and tried!

So the next best thing is the use a better copy protection system and prevent all the usual leakage from happening by focusing on a more robust approach to all the areas of weakness.

Here are a few examples to strengthen your protection without making life hard for the end user:

Don’t use a wrapper based protection and make sure when you write the code you spend time using techniques to make removing protection calls from the code itself difficult;
Don’t use a keygen system that is available to others (i.e. many protection vendors ship the server side keygen code or keygens themselves);
Don’t use a weak system that writes to the registry or has some other file based protection that can be circumvented or copied (e.g. windows);
Make sure that there is a total end-to-end security policy with encryption i.e. it only takes one part of the chain to be broken to break the whole system;
Watch out for simple loopholes like the use of Ghost or VM’s to clone working copies or provide unlimited demos;
Check the vendor’s tools are not widely cracked, this is only a problem for dongles and wrapper based protections as these are universal - crack once, break all the products;
Don’t use a system that creates a fingerprint of the recipient PC or alphanumeric codes as these just make it very hard for the end user and they will complain;

See this useful article about beating the crackers

Russell makes the point perfectly:

This is tricky to be sure, because improving the security must be done without making the DRM so onerous that it keeps honest customers from purchasing games.

He is admits to one part of the problem:

Reflexive, where I work, is in a peculiar position in this regard. Whereas most of the casual games industry licenses their DRM from a vendor, Reflexive has its own in-house DRM. Over the years it has undergone many improvements, including several changes made specifically to combat piracy.

Of course if you build your own you had better know how to do all of the above and more or you will suffer - Reflexive have proven the case with a 92% piracy rate.

So, you need a strong protection product but one that’s also very easy to use for the end user!

Reflexive have had to keep fixing and wasting engineering time and effort to stem the tide against them and indeed it seems after much effort they have got their in-house system up to speed and it has made a big difference = Sales up 70%

Fixing The Holes - The Results

Below are the results of Reflexive.com sales and downloads immediately following each update:
Fix 1 – Existing Exploits & Keygens made obsolete – Sales up 70%, Downloads down 33%
Fix 2 – Existing Keygens made obsolete – Sales down slightly, Downloads flat
Fix 3 – Existing Cracks made obsolete – Sales flat, Downloads flat
Fix 4 – Keygens made game-specific – Sales up 13%, Downloads down 16% (note: fix made after the release of Ricochet Infinity)
From the results above, it seems clear that eliminating piracy through a stronger DRM can result in significantly increased sales..

However, if they had started off with protection without most of the issues in the first place that would have surely saved not only such a high piracy rate but also all the manpower and engineering costs?

Read the full article here:

http://www.gamasutra.com/php-bin/news_index.php?story=17350