Computerworld

How to turn a software pirate into a paying customer

Startup offers a better way of preventing software piracy.
  • Eric Lai (Computerworld (US))
  • 21 August, 2008 15:26

Most anti-piracy solutions try to prevent software from being "cracked" or source code from being plagiarized.

Take Microsoft's ill-fated WGA (Windows Genuine Advantage), which had a that rendered copies of Windows XP lifeless if users failed to enter a legitimate, unique license number. WGA, however, was prone to malfunction and still vulnerable to cracks, prompting Microsoft to drop WGA with the release of Vista Service Pack 1.

A startup thinks it has a better way: V.i. Laboratories has high hopes for its new CodeArmor Intelligence product, which, rather than trying to prevent unauthorized use of software, collects data on how and where it is used, and then stealthily sends it back to the software's maker, said Victor DeMarines, Vice President of products at V.i.

The company is targeting makers of high-end software such as product lifecycle management (PLM) and CAD applications, used by large-scale manufacturers, and Electronic Design Automation (EDA) software, which is used by chip and electronics makers.

Though not broad interest and often difficult to run without consulting and integration work, such niche software is still pirated, with new releases typically available within 30 days, DeMarines said.

Chenxi Wang, an analyst at Forrester, confirms the problem. "PLM apps are routinely cracked and pirated. So are many other high-value, niche applications," she said in an e-mail.

"I've talked to a software vendor who manufactures geology mapping software for oil drilling ...[and] every version of their software has been cracked and pirated."

With CodeArmor Intelligence, ISVs (independent software vendors) can now effectively turn pirated or non-paid-for software into a form of trialware or sales lead, DeMarines said.

"It could be a lead to a VAR [value-added reseller], who could go in and say, 'It's great you're using this software, but you need to pay up,'" he said. Rather than siccing the BSA or the SIIA and their lawyers on offenders, "these can be business opportunities for vendors, depending on how they approach it."

Page Break

Warez crackers 'lazy,' likely to overlook CodeArmor

V.i., whose founders' previous security startups were sold to Symantec and EMC's Documentum, is one of a handful of anti-piracy vendors.

Arxan Defense Systems has the strongest technology "but is not as user friendly" as other vendors, such as PreEmptive Solutions and CloakWare, said Wang.

For now, V.i. stands out as "the only one with an intelligence gathering tool." CodeArmor Intelligence code is integrated into an application in such a way that it is indistinguishable from the application code to scanners and other tools, used by pirates to remove license mechanisms, DeMarines said.

"It's not easy to flag or reverse engineer our code. It's different in each implementation," he said. Most pirates and most crackers are in run-and-gun mode, as pirate prestige -- and dollars -- are gained by the number of 'warez' they upload to BitTorrent or sell via a shadow market, DeMarines said.

"They only want to do as much work as they need to. Meanwhile, our technology lies dormant during that initial crack cycle." It remains inactive until software is installed and used a certain number of times by the end user; a number that the ISV can specify.

But Wang points out that if detected, CodeArmor Intelligence would be "pretty easy to stop."

"All the pirates have to do is identify the port or the gateway server and put a firewall rule or a network filtering rule to block that communication," she said.

While most pirates are "lazy ... this is an arms race," she said. "Once they find out the intelligence tool is preventing them from getting pirated revenue, then the pirates will do something about it."

Still, Wang thinks that CodeArmor Intelligence's data can give ISVs the leverage to help turn a pirating company, if approached correctly, into a paying end-user, and ultimately a loyal customer.

While the hyperbole around so-called cloud computing has many declaring the end of client software, DeMarines said that won't happen for a long time with the CPU and graphics-intensive PLM and CAD apps that V.i. is targeting.

An increasing number of hosted Web applications are adding client runtimes based on Java and .Net to add offline modes or extra features.

ISVs may also wish to track such code, to track and prevent tampering with those runtimes, he said. One example is online gambling company that is using V.i.'s software to ensure the client runtimes its 30 million users run are not modified so that some users give themselves better odds, DeMarines said.