Interesting post that describes how to subvert an anti-virus vendors' weak license enforcement to shut down the AV functions. Clearly mission critical applications like AV have consider better approach that does not introduce new vulnerabilities.
-Vic
I constantly receive spam with "too good to be true" prices on high end software. Most likely a by-product of my piracy Web research. However when I visit some of these sites I am impressed with the legitimate look and feel of their on-line stores (see screen shot of an example). I can certainly see an a novice software buyer purchasing from this site and unknowingly pirating software. When I did a whois on this specific example Web site it of course pointed back to China.
Vic
BSA/IDC's latest annual report is out and stills shows large losses attributed piracy. I think they nailed it in terms of true root cause for this ,
"a rapid influx of new PC users in the consumer and small-business sectors, the increased availability of pirated software over the Internet, and difficult enforcement and education over sometimes sprawling geographies."
However, the steps they suggest for reducing piracy (i.e., education/awareness, WIPO treated) do not go far enough and do not limit the availability of software piracy. This will require a combination of software protection and licensing.
Vic
Another example of piracy aimed at high value software, in this case Rockwell Automation's software products which are worth as much as $11,325 retail. Link to the DOJ's release here (http://www.cybercrime.gov/barberConvict.htm).
Vic
After much preparation and due diligence, we just announced a new partnership with a very cool company, Internet Crimes Group (ICG). ICG was the only partner we could find that could penetrate and gather intelligence on the cracking community in conjunction with our customer’s use of CodeArmor. Bob McMillan of IDG News Service wrote his view of us combining our technology with ICG services here: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9016798&intsrc=hm_topic
The other benefit of ICG services is that will enable our internal security team to validate and continually enhance our countermeasures against reverse engineering. Specifically, the new tools and techniques being leveraged by crack teams to disable license enforcement and software protection. And prominent analyst groups such as Burton, IDC, Gartner, EMA and Forrester all agree that the need and market for anti-piracy and reverse engineering solution is rapidly gaining momentum.
Vic
Interesting discussion on the value of an amnesty program to deter software piracy (http://www.makeshitbreakshit.com/2007/03/28/software-piracy-amnesty-day/). It would need to consider how software vendors who sell high value software applications could realize additional revenue from such a program, especially in countries like China.
Vic
SIIA reported that on February 6th, Gad Zamir, 64, was arrested for software piracy. Zamir had been selling copies of Microsoft SQL Server Enterprise for $7,750 (the program retails for $25,000) and copies of Adobe Photoshop Creative Suite 2 for less than $300 (the program retails for $500) on eBay and various websites. It is believed that Zamir earned about $750,000 since 2000.
This shows that its not only the popular desktop software is at risk for piracy, but business applications as well. It’s also another indication that businesses (the only ones interested in SQL Server enterprises) would purchase pirated software.
Michele Balistreri's “On software piracy” blog (http://briksoftware.com/blog/?p=15 ) discussed whether protection technology can be effective in combating piracy among other things. I do agree certain low dollar software titles, especially in the desktop space may not benefit from anti-piracy technology, but I believe it’s a must for high dollar products. Also, I disagree with idea that once someone circumvents software protection technology everyone can. This may have been true for licensing systems because the cracking teams were able to publish valid license key generators effective for all titles a specific vendor published –a “class break”. But protection technology can be implemented in such a way where a crack on one title could be used in another. In other words, the cracker would have to reverse engineer the protection scheme for each software title they wanted to enable piracy for.
Matt Christiano’s blog (http://matt-on-software-licensing.blogspot.com/) has good article talking about the history of license management. In the discussion some points are made on the difference between license management and software protection technology. I think license management cannot be blamed completely on the overt pirating that has plaque certain segments of the ISV market. Because the cracking threat is based on sophisticated reverse engineering techniques, it requires a high degree of software protection specialization to deliver effective solution. License management system vendors like Reprise have their hands full on adding more flexibility for managing license use within legit customer environments.
"Operator of For-Profit Software Piracy Web Site Pleads Guilty; Caused Up to $25 Million in Losses to Software Industry"
As the DOJ convicts more operators of software pirate sites like www.buysusa.com, ibackup.net , and others, it demonstrates the sophistication that these individuals use to sell illegal copies of applications. The web has provided these operators a simply way to pose as a legitimate business selling software at a reduce prices. The real risk is a less technical user thinking they have found a bargain on the Web, purchasing the pirated versions, and exposing the company to liability. An added risk is that the pirated versions have been modified to introduce spyware or something worse in a corporate network.
