Software piracy -- the illegal copying, distribution or use of legally protected software -- is one of today's...
most common crimes. The 2018 BSA Global Software Survey estimated that 37% of software installed on PCs is unlicensed, while Microsoft's 2018 Asia PC Test Purchase Sweep concluded four out of five brand-new PCs purchased from retailers that also sold pirated software came preloaded with pirated software. Most of them also had the PC's antimalware software turned off in order to enable hacking tools to be used to activate the pirated software.
There are five main types of software piracy:
- Counterfeiting: the illegal copying, sale and/or distribution of copyrighted software;
- End-user piracy: e.g., using a licensed copy for multiple installations on multiple computers or obtaining an academic license for software intended for commercial use;
- Internet or digital piracy: copying and uploading software onto the internet or downloading pirated software from the internet;
- Hard-disk loading: when a business installs illegal copies of software on the computers it is selling; and
- Client-server overuse: the overuse of a central copy of a program on a particular network.
How to identify software piracy
Detecting if software has been pirated is not easy. Large companies can orchestrate monitoring agreements with search engines and social networks to locate pirated content, but this is not an option for most developers.
The best approach is to incorporate usage data collection into the application through phone home technology. This provides evidence of misuse that can be turned into actionable leads, as well as measure the impact of piracy on revenues.
How to prevent software piracy
Software publishers have several options to protect their intellectual property from thieves. Unfortunately, none of them can guarantee security, and all risk negatively affecting installation and UX for honest customers.
The most widely used method is the license key -- code that is built into an application to require a valid key to unlock the software. This key can be distributed via packaging or some other online mechanism. There are a variety of toolkits available that enable corporations to easily build this capability into their products. Just searching the web for software licensing toolkits or digital rights management will turn up several options.
Some shopping cart providers include these kinds of licensing capabilities, offering an end-to-end method for everything from hosting a store to distributing software to managing licensing keys so the company doesn't have to. But be ready to part with a percentage of the product's sales for that privilege.
If organizations are worried about someone stealing their source code, they should look into a code theft and antipiracy package. Players like Revulytics Inc., Arxan and Thales Group enable companies to enforce license compliance and track who is using their software and how. Other features offered include encrypting the source code within an application so it can't be reverse-engineered or stolen in any other way. Again, these products will eat into profit margins.
To protect content such as e-books and downloadable resources, a service like Adobe Acrobat Pro can limit whether users can print or copy content from within protected documents. Video and audio files should be streamed using HTTP Live Streaming instead of progressive download methods as it makes the process of capturing a single file virtually impossible, thus reducing the risk of file or software theft and piracy. All websites and content should highlight that piracy is illegal and a crime and include a copyright symbol to defend against legal claims of innocent copy infringement.
Finally, one of the most effective ways of dealing with piracy is removing the incentive for users to look for pirated content. This means offering a good product and UX at a fair price as these help deter pirates and push consumers toward legal alternatives.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and ... Continue Reading