The market for pirated software is enormous, so it's no surprise that there's a growing market for antipiracy/antitampering software in response. Glasgow, Scotland-based Metaforic Ltd., the newest vendor in what analysts have dubbed the application hardening market, debuted its MetaFortress product in April and announced its entry in North America this week.
How to prevent software piracy: Security management pro Mike Rothman discusses several ways organizations can prevent software piracy and protect their intellectual property.
Application hardening tools help repel software pirates: Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit.
IDC and the Business Software Alliance estimate that a third of the global software market is for pirated copies -- tens of billions of dollars, mostly in Russia, China and Vietnam. The theft runs the gamut from games and standard business applications, such as Microsoft Office, to high-end specialty code worth hundreds of thousands of dollars that businesses in emerging markets can purchase for a fraction of their legitimate price.
Software crackers may reverse-engineer the code or simply break the licensing protection, the low hanging fruit in many cases.
MetaFortress runs an analyzer on code to determine where and how to insert protections and then embeds the protections in the program at compile time. Like other products in this space, this approach allows organizations to separate antitampering measures from the development process if they choose, which will improve efficiency and sidestep messy turf battles within an organization.
Chief competitors in this space are Arxan Technologies Inc., Cloakware Corp., PreEmptive Solutions LLC and V.i. Laboratories Inc. They use a variety of sophisticated obfuscation techniques well beyond standard obfuscation inserted by developers, and dynamic encryption methods far stronger than the usual encryption "wrappers" that can be cracked by capturing and decompiling code at run-time.
MetaFortress' differentiators in the market are ease of deployment and the ability to debug code after the solution has been applied, said Andrew McLennan, CEO at Metaforic The latter is an important tool to help certify compliance for software interoperability.
"With debugging, you can disprove that security has any influence on or is interfering with the software; it's a comfort for the customer." McLennan said. "You can continue to pass unit tests or integration compliance regimes that all large software vendors run on their applications."
McLennan said this will be especially valuable with virtualization software and for Windows.