« Thanks for a great software piracy webinar yesterday! | Main | Strategy behind CodeArmor Intelligence - “LoJack for your software” »

August 13, 2008

New Piracy Data

As a follow-on to our previous piracy analysis, we announced new data on the Time to Crack (TTC) for vendors in the PLM industry. We started with the PLM software, and will expand our research with the TTC estimates for the EDA industry.

The announcement and our TTC metric is meant to help educate and define the piracy problem for these specific industries. The TTC metric has to be measured and established before organizations can decide on anti-piracy strategy and programs. We define TTC as the point in time where the piracy groups have made available a quality crack release that mirrors the actual vendor software release, but has its license management or activation process disabled or bypassed to enable illegal use.

Ttcblog_4

I use the term quality, because there can many erroneous references crack software. You need to know where to look and authenticate the data through sampling. We get our data from several sources including our partner ICG and validate it by sampling the releases by actually downloading the software. We do not run or reverse engineer the software itself until we get permission from vendor. However, there is enough data in the NFO files (as well as the crack directories and instructions) to infer whether the crack is real and what approach was used to enable the crack (e.g., binary patch, key generator).

From our research the largest PLM vendors are seeing on average a 30 day TTC. None of the releases we examined at a top level appeared to have code hardening or security applied. Because these vendors share the same licensing mechanism (Macrovision/Acresso), the licensing controls are easily circumvented by piracy groups using binary patches and a shared vulnerability knowledge base on Macrovision.

We did see some titles with TTC less than 30 days and these were primarily vendors who not have upgraded their Macrovision licensing systems with the Tamper Resistance License (TRL) format. TRL uses PKI and to ensure the authenticity of the license file itself and therefore closes the door on organizations using license keys generated by rogue key generators. Although this technology has been around for many years, it appears the vendors are not able to upgrade easily because of back ward compatibility, customer and internal operations impact.

We will be launching a new anti-piracy strategy and product offering that will expand on the data I’ve described above and will offer high value ISVs a simpler method to quantify their true piracy problem and directly recover revenue from organizations using pirated software.

- Vic

Posted at 10:46 AM in Piracy |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83453976a69e200e553fe31ce8834

Listed below are links to weblogs that reference New Piracy Data:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment