News on Software Piracy and Tampering
Provided by: Arxan Technologies, Inc.

 Back to Articles

Don’t Gamble with Your Software ROI

By Amena Ali
January 14, 2008

You are a software vendor. You invest deeply in research and development to find better, faster, more user-friendly ways to empower your users. Your teams develop leading edge, high performance software on aggressive schedules to deliver value and functionality to your customers. And within hours of your latest software release, counterfeit and pirated versions are available for pennies on the dollar across a range of online stores, peer-to-peer networks and gray markets across the world.

Analyst firm IDC estimates that roughly $40 billion of software was pirated in 2006 alone. However, lost revenue is only one aspect of the financial impact of piracy on software vendors. Stephen Siwek of the Institute for Policy Innovation estimates the true cost of copyright industry piracy to the U.S. alone as $58 billion in 2005.

Software ROI today is a gamble, subject to market forces that threaten fundamental business model assumptions. What can be done to prevent this drain? IP protection or application hardening is a protective layer of security that safeguards your software products against tampering, reverse engineering and piracy. While license management layers enforce business rules and usage policy, application hardening comprehensively protects your software application, and the intellectual property within it, against professional pirates and hackers. An effective IP protection strategy provides both immediate ROI through cost savings and increased revenue. It also provides long-term ROI by insuring your core business and product lines against reverse engineering, by raising investor confidence, and through improved customer satisfaction and loyalty.

Assuring Software ROI: Key Factors to Manage

Software ROI Through Increased Market Share
By delivering superior products at exceptional value, you can confidently stay ahead of your competition. Right? Wrong. Your biggest competitors don’t build their own parallel product line with their own investment. Rather, they sell your exact product, released on the exact day as your titles, for as low as 5 percent of your price, and capture an estimated 33 percent of your market. Meet the software pirate, also known as the black hat or the hacker. Software piracy today is an organized business, backed by highly skilled hackers and entrepreneurs, and powered by the anonymity and speed of the Internet.

Software applications are pirated on a widespread basis. As evidence, the Business Software Alliance (BSA)’s latest global piracy study, conducted by IDC, estimates that for every $2 businesses and consumers spend on PC software in the next four years, $1 of that will be pirated using stolen IP. An estimated 200 billion dollars of revenue will be lost over the next four years.

An effective anti-piracy strategy is critical to manage this proliferating competitive frontier. Microsoft is a prominent example of the benefits software vendors can reap by curbing piracy. In October 2007, Microsoft reported strong gains on sales of PC and server software. They attributed sales increases of almost 5 percent to anti-piracy measures, and shares have hit their highest levels since mid-2001.

Tip: Make anti-piracy a core, high-priority tactic of your competitive strategy.

ROI Through Decreased Cost
Piracy’s impact to your bottom line extends beyond revenue loss. Counterfeit software, sold by professional pirates on so-called “Cheap OEM Software” sites, is buggy and often carries malware payloads. Customers who unknowingly buy counterfeit software can account for up to 20 percent of your technical support costs. Effective IP protection mitigates this loss. Tamper resistant features make it much harder to hack the software in the first place, and tamper evidence features clearly identify cases where failure has occurred in tampered software.

Many software vendors today rely purely on metering solutions, such as license management, to prevent piracy. When (not if!) “Break Once Run Everywhere” (BORE) exploits occur, teams incur expensive reengineering and upgrade overhead to close out the vulnerability, only to get hacked again within hours of their next release. IP protection solutions eliminate BORE vulnerabilities and decimate the cost of renewing and restructuring protection as your needs and threat vectors evolve. Not only are development costs reduced, but you now have resources freed up to enhance your product and delight your customers.

Effective IP Protection: To be effective, an IP protection solution must provide long term resistance to BORE (break once run everywhere) exploits, which are the key to widespread piracy of your software. Seven key factors to choosing an IP protection solution which is effective, and which will not unduly impact your software development life cycle, are:

  • Dynamic: Protection technology includes both static obfuscation and encryption and
    dynamic run-time detection of, and reaction to, attacks
  • Durable: Diversification, customization and interleaving with your application to
    eliminate single points of failure and prevent construction of reliable BORE exploit
  • Resilient: Protection can be easily reconfigured and rapidly reapplied to quickly respond to
    potential breaches, and adopt to an evolving threatosphere
  • Development Friendly: Binary-based solutions compatible with debugging and crash analysis tools will not disrupt your coding process or schedule
  • Easy to Use: Your tool should provide both intuitive UIs and scriptable command line options minimize learning and integration overhead
  • Proven: Choose a protection technology which has been stress tested through existing
    deployments and stringent third party testing
  • Low Impact: Negligible performance overhead, zero invasion of end user systems and complete transparency to end user experience are critical to customer satisfaction.

As with any aspect of software development, your end result is only as good as the tools you use. In order to realize a strong return on investment on your IP protection strategy, you must ensure the solution you implement is based on effective tools and technology.

Tip: Product management can take a leadership role in protecting software IP by sharing these initiatives with development, quality assurance and customer support teams – they all benefit from IP protection.

ROI Through Improved Customer Satisfaction
There is a plethora of versions, editions and variations of your software on the gray and black markets. Many potential customers download such software for trial usage or pilot projects. When they are dissatisfied with the experience, they are disillusioned with your software quality. By preventing piracy of your software, you promote trust and confidence in both existing and potential customers. Additionally, the unchecked availability of pirated, nearly-free software is very disturbing to paying customers. They are forced to compete with a higher cost than their competitors, your prospects, who use pirated software to lower costs. Your customers lose market share and they are invariably tempted to follow suit. And don’t overlook the opportunity cost that you incur by not supplying to other prospects.

Application hardening provides broad protection for your application, which extends beyond anti-piracy to anti-malware as well. Effective protection not only protects the application against hacking, but also protects your application’s end user against malware, trojans, counterfeits and other potential threats. It is unrealistic to find and mitigate every Internet security vulnerability that may exist in your complex software. Fortunately, the same anti-tamper measures which protect your IP against application hackers can also protect your application from being hijacked by Internet hackers. By reducing the time your developers need to spend on fixing internet security bugs, application hardening provides ROI by freeing up resources for competitive feature development. At the same time, by promoting the security features of your software, you can build customer trust and loyalty in your product.

Tip: You can and should promote application hardening as a valuable feature for your customers.

Protection of Business Models
Software theft can not only impact the revenues, costs and customer satisfaction for given product lines, but can have even broader business consequences. For instance, Skype – a hugely popular VoIP provider - was acquired by eBay for $2.6 billion in 2005. Following reverse engineering, hackers were able to create counterfeit clients that plugged into Skype’s protocol and connected to Skype’s users. These counterfeit clients worked outside of the Skype community, were independently branded, and resulted in destabilizing the entire Skype P2P network. The result? In October 2007, eBay took a $900 million devaluation on Skype.

Such numbers speak for themselves. In today’s threatosphere of rampant and sophisticated reverse engineering, software companies simply cannot afford to ship products – or safeguard their business models – without a strong application hardening layer for IP protection.

Tip: Consider anti-piracy as a form of insurance for your business that mitigates a huge risk.

Understanding Piracy: For many software vendors, characterizing and combating piracy is challenging, uncharted territory. To get you started, Arxan offers complementary Crack Situation Investigation (CSI) services to software vendors. CSI analysis will tell you on which software and peer to peer sites your software titles are available, and will also help you estimate ongoing losses from piracy. To request your free CSI report, please write to info@arxan.com.

Getting Started
As with any software feature, you should begin your process of implementing application hardening by understanding your risks and requirements.

As your first step, investigate the extent to which your software is being hacked and freely distributed online today. Next, at a technical level, understand where your software and license management layers are vulnerable. At the same time, from a management perspective, determine broader risks to your business and pricing model from piracy and counterfeiting.

Armed with this information, you will be able to create requirements for your application hardening initiatives. Implementing an effective intellectual property protection strategy will immediately ensure that your core software ROI, and your business model, stays intact.


Resources
Office Locations
Employment Opportunites
Technical Support
White Papers
Learn about Best Practices for Protecting Intellectual Property
Contact Us

Home | Software Protection Products | Anti Piracy Solutions | Technology and Research Partners
About Arxan Technologies | Resources and Contacts | Anti Tamper Systems | Site Map
© Copyright 2008 Arxan Technologies, Inc. All rights reserved. Privacy Policy

 Software & Information Industry Association Information Systems Security Association Electronics Design Automation Industry