Differentiating Software protection from Copy protection

Laurentiu Cristofer’s blog discusses the differences between security and copy protection. I agree with his points and the eventual comparison between security and obfuscation. However, the discussion needs to differentiate between copy protection and software protection technology.

Copy protection solutions attempt to control the usage of applications and the number machines software can be installed on. Although technology in this space may share certain software protection capabilities (i.e. encryption, obfuscation) in my opinion they are closer cousin to software licensing and DRM systems.

Software protection technology is squarely focused on creating technology that makes it expensive and time consuming to reverse engineer valuable software. I would have to agree with classification that falls more under obfuscation then security, but I believe software protection is a specialized technology and has a wider applicability then copy protection. For example, software protection can be used effectively to prevent decompiling .NET applications, without it the intermediate level code is subject to variety of threats by individuals with only novice software skills using any publicly available tools. In the piracy realm, reverse engineering is used to bypass licensing and copy protection schemes at the machine code level, but again using obfuscation, run-time re-encryption, and anti-debugging and tampering techniques you can deter this by layering protection on top of licensing in per software title unique way. This can prevent a “class break” as well as require increasingly higher skill levels to crack the protection.

Again, because software has to be available unprotected for the CPU its not absolute security, but I liken the value of this technology to protecting your house. Depending on where you live and value you assign to the property you are going to install a combination of locks, tall fence, and maybe a security system. None of these are foolproof, but your property is less attractive to intruders.

Vic

Could Software Protection Have Stopped the TD Ameritrade Breach

Although the details are scarce, the reported TD Ameritrade breach indicates malware was attached to an application database. If this did occur then the attack could have come from an insider or a previous network breach which allowed software to be injected into an application component. This attack would be almost impossible to detect with most signature based intrusion prevention systems. However, anti-tampering and runtime environment checks contained in software protection solution embedded within the application itself could have prevented this threat,

It’s our predication that security breaches will become more sophisticated and based on some of the same reverse engineering techniques used today in the software piracy scene.

Vic

Application Outsource Risk Survey Data

About 125 IT/Software developers took our survey at TechEd in June 07 on the risks associated with outsourced application development. Over 60% of those survey were from enterprise organizations and 12% with software vendors (see diagram below). When asked if they believe that outsourcing software development has increased your company’s code theft, piracy, or malicious tampering risks? 30% answer yes and 38% were not sure. We attribute a large amount of the unsure votes the people being surveyed not having direct involvement with outsource partner selection and management.

USPTO and Intellectual Property (IP) theft in China

USPTO announced a seminar series to educate businesses on the IP theft risk in China. The announcement further estimates that piracy and counterfeiting costs the American economy approximately $250 billion annually. Although this estimate includes hard goods as well as software, it does underscore the challenge doing business in China.

-Vic

Admin Insider Threat - Not Only a Network Access Problem

Computer world article discusses the recent data and software sabotage caused by a former network engineer at Council of Community Clinics (CCC) in San Diego. In this scenario back-up data and software were deleted, but imagine the threat of a former employee with privileged access replacing key software with software containing injected malware. This type of attack may never be noticed because IPS and end point security systems would see it as a legitimate process.

Vic

Microsoft WGA Issues and On-line Activation

The recent failure with its Genuine Advantage (WGA) validation system (see Gregg Keizer's Computer World story) illustrates the downsides of using on-line activation for licensing and software protection. Although activation holds promise for helping to deter software piracy, it introduces a dependency and point of failure that is not be acceptable for all applications. However, it’s a difficult problem to resolve without greater software protection, because as soon as you allow an offline licensing scenario to exist it will be exploited by the piracy crack groups.

Vic

Content Piracy or Software IP - where should we focus

Rob Preston’s blog “Where Do You Stand On Intellectual Property Rights?” discusses the recent  SIIA case where Knowledge Networks had settled an IP infringement claim based on evidence presented by a whistle blower that executives had distributed unlicensed content. Although the content is considered IP, the industry in general needs to focus these types of programs on the rampant software IP infringements that are occurring in the emerging markets.

- Vic

Organized Crime Adopts Software Piracy

A anti-piracy raid uncovers organized crime links. Further evidence of how piracy has evolved from a hobby to a an illegal business. Crime syndicates would not be interested in piracy unless it was easy and profitable. There have been other studies that reiforced this. The below chart from UK National Criminal Intelligence Service data in 2004 showed the mark up associated with piracy goods when compared to Heroin and Cocaine was higher and had far lower risk of getting caught.

License enforcement gone wrong

Interesting post that describes how to subvert an anti-virus vendors'  weak license enforcement to shut down the AV functions.  Clearly mission critical applications like AV have consider better approach that does not introduce new vulnerabilities.

-Vic

Legitimate face of piracy

I constantly receive spam with "too good to be true" prices on high end software. Most likely a by-product of my piracy Web research. However when I visit some of these sites I am impressed with the legitimate look and feel of their on-line stores (see screen shot of an example). I can certainly see an a novice software buyer purchasing from this site and unknowingly pirating software. When I did a whois on this specific example Web site it of course pointed back to China.

Vic