promesaartstudio - Fotolia
Software piracy -- the illegal copying, distribution or use of legally protected software -- is one of today's...
most common crimes. In fact, BSA's latest "Global Software Survey" estimated that 37% of software installed on PCs is unlicensed.
It is important for companies to understand the risks of pirated software, different types of software piracy and how to detect pirated software, as well as how to prevent software from being pirated in the first place.
Security risks of pirated software
Beyond the implication of lost revenue for companies selling the software, if an organization gets caught with unlicensed software -- either by a vendor's antipiracy programs or BSA -- it could face copyright infringement fines. Don't assume employees will remain quiet about it, either. BSA reported that 34% of Europe small to medium-sized enterprise employees would report unlicensed software in their own organization.
In addition, pirated software is more likely to not work correctly and slow devices down that are running it than its legitimate counterpart. And, if an issue arises while using unlicensed software, legitimate program support -- including access to customer support and patches -- is unavailable.
Lastly, illegal software may include malware or other malicious code that could infect a user's device and possibly spread to the entire network. In fact, according to the BSA study, around one-third of unlicensed software contains malware.
Types of software piracy
There are five main types of software piracy:
- Counterfeiting. The illegal copying, sale and/or distribution of copyrighted software.
- Softlifting, or end-user piracy. For example, using a licensed copy for multiple installations on multiple computers or obtaining an academic license for software intended for commercial use.
- Internet or digital piracy. Copying and uploading software onto the internet or downloading pirated software from the internet.
- Hard disk loading. When a business installs illegal copies of software on the computers it is selling.
- Client-server overuse. The overuse of a central copy of a program on a particular network.
How to identify software piracy
Detecting if software has been pirated is not easy. Large companies can orchestrate monitoring agreements with search engines and social networks to locate pirated content, but this is not an option for most developers.
The best approach is to incorporate usage data collection into the application through phone home technology. This is a capability added by vendors that enables software and applications to connect to the internet and report back information such as statistics, error codes and whether the software or application is licensed. This provides evidence of misuse that can be turned into actionable leads, as well as a measure of the impact of piracy on revenues.
Preventing software piracy
Software publishers have several options to protect their intellectual property from thieves. Unfortunately, none of them can guarantee security, and all risk negatively affecting installation and UX for honest customers.
The most common methods to prevent software piracy include the following:
- License keys. This is the most widely used software piracy prevention method. It involves code that is built into an application to require a valid key to unlock the software. This key can be distributed via packaging or some other online mechanism. There are a variety of toolkits available that enable corporations to easily build this capability into their products. Just searching the web for "software licensing toolkits"or "digital rights management" will turn up several options. Some shopping cart providers include these kinds of licensing capabilities, offering an end-to-end method for everything from hosting a store to distributing software to managing licensing keys so the company doesn't have to. But be ready to part with a percentage of the product's sales for that privilege.
- Antipiracy software. If organizations are worried about someone stealing their source code, they should look into a code theft and antipiracy package. Players such as Revenera, Digital.ai and Thales Group enable companies to enforce license compliance and track who is using their software and how. Another feature offered is encrypting the source code within an application so it can't be reverse-engineered or stolen in any other way. Again, these products will eat into profit margins.
- Print/copy restrictions. To protect content such as e-books and downloadable resources, a service such as Adobe Acrobat Pro can limit whether users can print or copy content from within protected documents.
- Streaming protections. Video and audio files should be streamed using HTTP Live Streaming instead of progressive download methods as it makes the process of capturing a single file virtually impossible, thus reducing the risk of file or software theft and piracy.
- Copyright symbol. All websites and content should highlight that piracy is illegal and a crime and include a copyright symbol to defend against legal claims of innocent copyright infringement.
- Antipiracy incentives. One of the most effective ways of dealing with piracy is removing the incentive for users to look for pirated content. This means offering a good product and UX at a fair price to deter pirates and push consumers toward legal alternatives.
- Demo or trial version. Offer a limited-use version of the software that enables customers to experience firsthand whether the program satisfies their needs.
Software piracy won't be going away anytime soon, but companies can reduce the likelihood that potential customers use unlicensed software by following the above steps for preventing piracy. Meanwhile, companies using unlicensed software must understand the potential ramifications.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading