Differentiating Software protection from Copy protection

Laurentiu Cristofer’s blog discusses the differences between security and copy protection. I agree with his points and the eventual comparison between security and obfuscation. However, the discussion needs to differentiate between copy protection and software protection technology.

Copy protection solutions attempt to control the usage of applications and the number machines software can be installed on. Although technology in this space may share certain software protection capabilities (i.e. encryption, obfuscation) in my opinion they are closer cousin to software licensing and DRM systems.

Software protection technology is squarely focused on creating technology that makes it expensive and time consuming to reverse engineer valuable software. I would have to agree with classification that falls more under obfuscation then security, but I believe software protection is a specialized technology and has a wider applicability then copy protection. For example, software protection can be used effectively to prevent decompiling .NET applications, without it the intermediate level code is subject to variety of threats by individuals with only novice software skills using any publicly available tools. In the piracy realm, reverse engineering is used to bypass licensing and copy protection schemes at the machine code level, but again using obfuscation, run-time re-encryption, and anti-debugging and tampering techniques you can deter this by layering protection on top of licensing in per software title unique way. This can prevent a “class break” as well as require increasingly higher skill levels to crack the protection.

Again, because software has to be available unprotected for the CPU its not absolute security, but I liken the value of this technology to protecting your house. Depending on where you live and value you assign to the property you are going to install a combination of locks, tall fence, and maybe a security system. None of these are foolproof, but your property is less attractive to intruders.

Vic

Could Software Protection Have Stopped the TD Ameritrade Breach

Although the details are scarce, the reported TD Ameritrade breach indicates malware was attached to an application database. If this did occur then the attack could have come from an insider or a previous network breach which allowed software to be injected into an application component. This attack would be almost impossible to detect with most signature based intrusion prevention systems. However, anti-tampering and runtime environment checks contained in software protection solution embedded within the application itself could have prevented this threat,

It’s our predication that security breaches will become more sophisticated and based on some of the same reverse engineering techniques used today in the software piracy scene.

Vic

Application Outsource Risk Survey Data

About 125 IT/Software developers took our survey at TechEd in June 07 on the risks associated with outsourced application development. Over 60% of those survey were from enterprise organizations and 12% with software vendors (see diagram below). When asked if they believe that outsourcing software development has increased your company’s code theft, piracy, or malicious tampering risks? 30% answer yes and 38% were not sure. We attribute a large amount of the unsure votes the people being surveyed not having direct involvement with outsource partner selection and management.

USPTO and Intellectual Property (IP) theft in China

USPTO announced a seminar series to educate businesses on the IP theft risk in China. The announcement further estimates that piracy and counterfeiting costs the American economy approximately $250 billion annually. Although this estimate includes hard goods as well as software, it does underscore the challenge doing business in China.

-Vic

Admin Insider Threat - Not Only a Network Access Problem

Computer world article discusses the recent data and software sabotage caused by a former network engineer at Council of Community Clinics (CCC) in San Diego. In this scenario back-up data and software were deleted, but imagine the threat of a former employee with privileged access replacing key software with software containing injected malware. This type of attack may never be noticed because IPS and end point security systems would see it as a legitimate process.

Vic