Russian firm suspects Intuit added backdoors in Quicken application for US law enforcement (read ComputerWorld article). Although we can argue the ethics of a software vendor doing this, it is a good example where software protection technology should be provided to protect these features.
Vic
BSA/IDC's latest annual report is out and stills shows large losses attributed piracy. I think they nailed it in terms of true root cause for this ,
"a rapid influx of new PC users in the consumer and small-business sectors, the increased availability of pirated software over the Internet, and difficult enforcement and education over sometimes sprawling geographies."
However, the steps they suggest for reducing piracy (i.e., education/awareness, WIPO treated) do not go far enough and do not limit the availability of software piracy. This will require a combination of software protection and licensing.
Vic
Another example of piracy aimed at high value software, in this case Rockwell Automation's software products which are worth as much as $11,325 retail. Link to the DOJ's release here (http://www.cybercrime.gov/barberConvict.htm).
Vic
Diana Kelley from Burton Group recently published a great article on what you should consider when outsourcing. She mentions application outsourcing. Normally organizations use NDA and threat of sudits to secure their code when outsourcing. From a security perspective there are ways to enhance protection of your organization’s IP resident within software when using off shore development resources. Rather then just providing source code, you could distribute the really sensitive components in complied form and still allow development around these. Of course if the risk of piracy or competitor access to code is high then software protection technology can be utilized to reduce these risks.
Vic
After much preparation and due diligence, we just announced a new partnership with a very cool company, Internet Crimes Group (ICG). ICG was the only partner we could find that could penetrate and gather intelligence on the cracking community in conjunction with our customer’s use of CodeArmor. Bob McMillan of IDG News Service wrote his view of us combining our technology with ICG services here: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9016798&intsrc=hm_topic
The other benefit of ICG services is that will enable our internal security team to validate and continually enhance our countermeasures against reverse engineering. Specifically, the new tools and techniques being leveraged by crack teams to disable license enforcement and software protection. And prominent analyst groups such as Burton, IDC, Gartner, EMA and Forrester all agree that the need and market for anti-piracy and reverse engineering solution is rapidly gaining momentum.
Vic
Interesting trend in China, according to this article (http://www.zeenews.com/znnew/articles.asp?aid=355407&ssid=54&sid=BUS article below)
“Record applications registered for software copyright protection Zee News - Noida,India Beijing, Feb 20: China, known for rampant piracy, received over 22, 400 applications, a record, for software copyright protection last year”
The article leads you to believe this is an indication of improving IP protection, but it strikes me as evidence for why software vendors should worry when selling into China. How many how many of the 22, 400 apps were based on existing on other software IP.
Vic
Interesting discussion on the value of an amnesty program to deter software piracy (http://www.makeshitbreakshit.com/2007/03/28/software-piracy-amnesty-day/). It would need to consider how software vendors who sell high value software applications could realize additional revenue from such a program, especially in countries like China.
Vic
This blog http://www.boingboing.net/2007/02/13/bluray_and_hddvd_bro.html provides a really good review of the AACS hack. It illustrates a common weakness with previous copy protection mechanisms in handling of encryption keys. There needs to be an active software protection component that deters memory scraping. Without this, a class break attack is possible. Of course nothing is fool proof in these scenarios, but you can make the reverse engineering process much more difficult and harder to reproduce on a per title basis.
Henry
SIIA reported that on February 6th, Gad Zamir, 64, was arrested for software piracy. Zamir had been selling copies of Microsoft SQL Server Enterprise for $7,750 (the program retails for $25,000) and copies of Adobe Photoshop Creative Suite 2 for less than $300 (the program retails for $500) on eBay and various websites. It is believed that Zamir earned about $750,000 since 2000.
This shows that its not only the popular desktop software is at risk for piracy, but business applications as well. It’s also another indication that businesses (the only ones interested in SQL Server enterprises) would purchase pirated software.
Good discussion on methods to reduce Game piracy on Gameproducer.NET (http://www.gameproducer.net/2007/02/13/7-ways-to-prevent-piracy/#comment-54812). There are some familiar points being raised for preventing piracy and applying software protection. For example, one reader said those that pirate software would not otherwise buy it or if was really good then they would buy it. I heard this same argument for high value software. Although you can't completely stop piracy you can make it difficult and that is important for recovering revenue. It may be that the person who initially cracked the game would never buy a legit copy, but the thousand who access the cracked version over P2P may. People in general will follow the path of least resistance and if it’s easier to download an illegal version versus pulling out a credit card and going through a tedious purchase process then that is an issue.
