COLUMN

Software Piracy pandemic needs government role, better vendor antipiracy plans

By Eric Ogren 18 May 2009 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

A satisfactory solution to the business software piracy problem has proven elusive to the software industry. Draconian measures, such as rights management systems or hands-on key management systems, can drive up customer costs in IT administration, while in consumer markets the cost of a single support call can erode all profit margins and may even exceed the price of the product.

The Business Software Alliance issued its sixth annual BSA/IDC Global Piracy Study, placing a worldwide lost business market value of $53 billion due to illegal software, or fully 41% of the global legitimate software market. The BSA is a Washington, DC based organization that behaves like a government lobby, acting on behalf of major vendors to influence federal legislation and conduct education programs on software piracy and intellectual property protection.

The report claims the United States has a relatively low piracy rate of 21% , for a market exceeding $9 billion -- given a U.S. population of more than 300 million this calculates to approximately $30 per year in pirated software for every man, woman and child in the U.S. According to BSA/IDC, the software piracy pandemic exceeds 90% in many countries.

SearchSecurity radio:

According to the study's methodology, the BSA/IDC numbers include estimates for lost tax revenues and employment opportunities in addition to lost license revenue potential. The estimates feel high, likely to support the BSA mission for government action, but the methodology is openly presented and is consistent for year-over-year comparisons. The report would be stronger if it balanced the existing logic by directly surveying users about pirated software, asking member support organizations for statistics on discovered pirated software rates or even working with the Geek Squad to measure pirated software on PC's under repair. However, even if the actual numbers are only 10% of BSA/IDC findings, business software piracy is still significant and merits action by governments, vendors and enterprises.

Government interdiction is necessary to combat organized high-tech crime. Correlating with the Cisco 2008 Annual Security Report and the Symantec Global Internet Security Threat Report shows the same regions that are leading offenders in software piracy are also leading in malicious attacks for spam, phishing and identity theft. Enforcement of legislation and ethics education of the user community are the most effective practical steps.

Vendors with antipiracy plans have to be careful not to alienate customers or incur large support headaches. Vendors with Software as a Service (SaaS) or subscription approaches can authenticate licenses before delivering the service, denying access to pirated users. Protection against account sharing either by device authentication (41st Parameter, iovation) or keystroke dynamics (AdmitOne, Behaviosec) to protect revenue streams becomes important for these vendors. As a rule, a technology that embeds tags and keys in files leads to technology that removes those secrets. However, antipiracy technology from vendors including Arxan and V.I. Labs may be too costly or impractical to reverse engineer and are worth exploring for certain classes of software.

Enterprises should make it a best practice to audit corporate systems for license compliance. Documented knowledge of actual product usage can save money when negotiating maintenance and upgrade renewals with vendors. Also, a business needs to be sure it can obtain timely support and it is in IT's own best interests to ensure maintenance contracts have not expired. Use software asset management capabilities to know what is running in the enterprise, and to control valid license and maintenance agreements.

Business software piracy will always plague the industry, but its impact can be reduced with a concerted effort by governments, vendors and enterprises. It would be nice to look forward to the tenth edition of the BSA/IDC report several years from now with a piracy rate far below 41%.

Tags: Securing Productivity Applications,  Software Development Methodology,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool Software Development Methodology Quiz: How to build secure applications How to detect software tampering Developers Need Help with Security Errors Does an EULA make it truly illegal to decompile software? SQL injection continues to trouble firms, lead to breaches IBM acquires Ounce Labs for source code analysis Microsoft issues emergency Active Template Library updates Software security threats and employee awareness training Adobe patches ColdFusion vulnerability blocking website attack nCircle statistics show rising Web application vulnerabilities

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary