It Takes Microsoft Clout to See Anti-piracy progress in China

China is the second largest economy in the world and still has high software piracy rates. In this Computerworld article there is a informative discussion of the benefits Microsoft has seen with its anti-piracy strategy. According to the article sources, Microsoft was able to recover or convert pirated licenses revenue to the tune of $164M in one quarter. This type of revenue recovery confirms that any ISV can potentially recover revenue because real businesses are using pirated software. However, Microsoft is in a unique position to combine technology and political clout to see these gains. Although, smaller ISVs will not have resources, money, and connections to sustain an anti-piracy campaign like Microsoft there are some lessons learned:

• Used a combination of activation and data collection to aid forensic identification of infringements
• Using in country partner representation and relationships to follow-up and enforce licensing

Based on V.i. Lab’s experience we believe this means additional anti-tampering technologies to prevent crack groups from creating binary patches that disable activation and license enforcement or recover key generation algorithms.

- Vic

Unspoken Security Challenge with Microsoft .NET

When I was reading John Water's RedmondDeveloper article on Sandboxing and .NET it reminded me of the lack of attention to the reverse engineering challenges around using .NET. In the article, the ability to security sandboxing untrusted code within Java and .NET Frameworks was focused on and promoted as something for application provider’s leverage more. However, as vendors and application developers increase their.NET adoption they need to consider the additional risks to their software – piracy, theft, and tampering. In my experience many organizations that have or are in the process of migrating their applications from unmanaged to managed frameworks realize late in the development cycle that their sensitive code can be decompiled easily using .NET.

This is not a Microsoft only issue. The challenges for protecting .NET code from reverse engineering needs to be articulated at the same level as other code security vulnerabilities.

- Vic