How to Combat Software Piracy: From Reaction to Revenue Recovery

 
 
By Victor DeMarines  |  Posted 2009-06-10 Email Print this article Print
 
 
 
 
 
 
 

Software piracy is not a new issue for software vendors. After all, software is valuable intellectual property. However, in different segments of the software market, the strategies and opinions on how to combat the software piracy issue can be very different. Here, Knowledge Center contributor Victor DeMarines explains the stages of an anti-piracy strategy, and how software vendors' strategies evolve from denial and reaction to realization and revenue recovery.

As someone who has spent a lot of time discussing piracy with the ISV community and researching the piracy scene, I believe what a software vendor does to combat piracy is directly proportional to its knowledge of the piracy scene motivations and its own piracy activity trends. In fact, you can group how software vendors respond to piracy into three stages: Denial, Reaction and Realization.

Let's explore each of these stages in some detail:

Stage No. 1: Denial

The belief that people who are downloading pirated software would never pay for it. If there is a piracy concern, then vendors at this stage only address overuse within their customer base and not the potential issues of overt piracy (unlicensed use).

Stage No. 2: Reaction

The focus here is to respond with techniques that target the piracy groups themselves (for example, legal takedowns, homegrown software protection, planting dummy software in peer to peer sites, etc.). It is often an emotional response to the very visible piracy groups that target the vendor's products. This can include more intrusive licensing approaches such as hardware dongles and activation, and may use technology that risks impact to customers.

Stage No. 3: Realization

Vendors in this stage focus on the users of pirated software and use business intelligence (BI), reporting and schemes that consider piracy viral marketing. Advanced methods include data gathering to identify organizations targeting pirated software, and then integrating this information into the legal and sales process.

An example of this relationship can be seen in the PC gaming market, perhaps the segment with the most piracy experience. Plagued with piracy, software game vendors turned to ever-escalating software protection techniques to combat the threat. Vendors deployed more and more anti-reverse engineering countermeasures, trying to stay a step ahead of the cracking community that was part of the piracy scene. These technologies ranged from traditional anti-debugging methods to more invasive protection using virtual machines and device drivers-which drew wide consumer criticism. One of the most egregious examples of this was the Sony BMG Digital Rights Management (DRM)/rootkit scandal.

Eventually the industry (for the most part) dropped intrusive protection approaches in favor of gradual piracy detection and response mechanisms, and server-based activation. In addition, the game industry recognized that piracy was a part of business and optimized its launch plans to maximize revenue within four weeks-the time it takes crackers to break their copy protection approach.

This final stage for gaming vendors captures what I call a final realization to focus on capturing the user revenue versus carrying on a countermeasure war with the crackers. Some online gaming companies have moved away from client software protection techniques to full server validation to catch fraud. In this scenario, the gaming company simulates game play on the server, then determines post-game whether the results were suspicious and impossible for a human to match (game bots).

Turning to the high-value software vendor market segment (Product Lifecycle Management (PLM), EDA, engineering software, etc.), I would argue that the software vendors in these industries are at the initial stages of an anti-piracy process: denial or reaction. They differ significantly from gaming vendors, not only on the per-seat price point ($15,000-$30,000), but because their software is experiencing recent increases in piracy rates due to demand in emerging markets.



 
 
 
 
Victor DeMarines is VP of Product at Vi Labs. Victor brings extensive product management and marketing experience in the security industry to his current position at Vi Labs. Most recently, Victor was a senior product manager at RSA Security, where he drove product strategy for the company's strong authentication, smart card and enterprise single sign-on client products. Prior to RSA, Victor was the director of product management at Authentica, where he was instrumental in defining product strategy and direction for Authentica's enterprise rights management and secure e-mail solutions. Before Authentica, Victor held senior product management positions at AXENT Technologies and Progress Software, a global supplier of software technology and services. He can be reached at vdemarines@vilabs.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel