Software Monetization Featured Article

Software Monetization: Countering Piracy Threats

August 27, 2012

As mentioned in previous columns, a software protection solution is necessary to help reduce the use of unlicensed software.For every $100 worth of legitimate software sold, an additional $75 worth of unlicensed software also made its way into the market, generating absolutely no revenue for the original ISV (independent software vendor), according to the Business Software Alliance (BSA)/IDC 2010 Piracy Impact Study.

A recent SafeNet (News - Alert) whitepaper, From Software Hack to Counterattack, examines a variety of the most common application hacking techniques and the best counterattacks for protecting applications from piracy. Patching executable files and dynamically linked libraries is one such anti-hacking tactic.

“The most convenient way to protect a large number of executable and dynamically linked libraries is by using automatic protection tools also known as ‘packers,’” the whitepaper stated. “The most effective tools also offer anti-piracy specific measures such as anti-debugging mechanisms, executable file encryption and data file encryption mechanisms allowing the protected application to encrypt and decrypt data files on-the-fly.”

SafeNet also offers general software protection strategies for publishers employing hardware-based protection keys, including the following best practices:

Use Both the API-based implementation and automatic protection – Maximize security by using the API (application programming interface) to implement calls to the software protection keys, and protect the program with an automatic protection tool that offers anti-debugging and anti-reverse engineering measures. According to SafeNet, using one protection method does not preclude the use of the other.

Insert multiple calls in your code – Inserting many calls to the protection key throughout the code and binding key data with software functionality frustrates those attempting to crack your software. Multiple calls increase the difficulty in tracing a protection scheme.

Encrypt/decrypt data using the protection key’s on-chip encryption engine – The encryption process, which takes place before distributing the software, and the decryption processes, which take place during run-time of the protected application.

Only when both the security infrastructure and its implementation are maximized is the software truly protected, according to SafeNet.

“This may sound like an enormous task to accomplish, and while it is by no means trivial, it is definitely achievable,” the whitepaper stated. “Implementing effective protection can not only increase your product’s longevity, but it can also significantly increase your company’s revenue, making it well worth the effort.”

Edited by Peter Bernstein
Article comments powered by Disqus