"We have distributed thousands of copies of this software and are not
aware of anyone being able to make unauthorized installations or "crack"
the code."
Jay Hauger, CEO, Gardenware, US

Software Piracy

All about software piracy.

More than one in four of every software package in use in the United States is illegal. While illegal use is not always willful and may be the result of ineffective software management policies, it costs the industry over 400 million dollars annually.

When buying a software package we're actually purchasing a license to use the software, and not the software itself. Many of us do not realize that. A developer still owns the rights associated with ownership of the software, just as authors own the rights to their books, artists own the rights to their art, and musicians own the rights to their music.

So what exactly is software Piracy?

Simply put, software piracy is copyright theft. Piracy occurs when an individual or entity offers bootlegs, CD-ROMs, application downloads, or serial numbers for free, for money, or for barter; provides educational product without authorization to non-qualifying individuals or entities; or installs or uses software without a properly authorized license or on more systems than it is licensed for.

Software Piracy takes various forms:

End-User Piracy: Here the End User or organization copies the software onto more machines than they are allowed to under the license agreement.
Hard-Disk Loading Piracy: Some unscrupulous computer suppliers preload unlicensed software onto computers then and fail to supply customers with the necessary licenses.
CD-ROM and Counterfeit Piracy: Illegal sellers (often organized crime rings) pass off fake software as real, trying to emulate product packaging by using company names and proprietary trademarks. These can look convincing.
Internet Piracy: This is any form of piracy involving the unauthorized electronic distribution or downloading of copyrighted software programs from the Internet.

What Are The Legal Risks For Software Piracy?

The legal risks are quite severe and include court-ordered damages for illegal use, the destruction of all illegal software, unlimited fines, and up to two years in prison for company directors found guilty of software piracy. For companies or individuals engaging in software piracy for profit, courts will award substantial fines and up to 10 year's imprisonment.

What Are The Practical Risks For Software Piracy?

For Consumers: Primarily, when a consumer decides to make an unauthorized copy of a software program, the consumer forfeits their right to the support, documentation, warranties, and periodic updates. Pirated software also often contains viruses that could potentially erase or damage the contents of the hard drive. Furthermore, the individual is exposing himself (and the companies they work for) to legal risk by pirating a product protected by copyright laws.
For Software Developers: $$$ - the revenue lost from software piracy could have been invested into the product themselves, resulting in a better product or lower prices for the software consumer. High piracy rates also impact the success of local software developers as they work to generate their own market presence.
For Resellers: $$$ - pirated software results in lost sales, and lost sales result in a decrease of sales revenue for legitimate resellers. These resellers suffer serious business losses when unscrupulous competitors deal in pirate software and undercut their businesses.

The history of Software Anti-Piracy.

Historically, the problem with copy protection as a concept is that it creates as many questions as it solves.

There are many different types of protection, often working at many different levels. Companies wanting to protect their source code and binaries have a confusing array of options. Part of the reason for this involves the way that the copy protection industry developed. Various techniques evolved over time, often in parallel with each other:

Manual protection-literally!

Copy protection evolved to help software vendors combat an enemy - the software pirate. Because the war against piracy is fought on a “virtual” battleground, the rules of engagement change frequently - as do the weapons. In the early days, for example, the weapons used against software pirates were often analogue.

Software publishers would ask questions about the text of the manual accompanying the program. This meant that unless a user had the manual in front of them, the software would be impossible to use. Pirates soon found a way around this problem by photocopying the manuals, until photocopier-proof manuals came along, at which point they had to either become more devious or less lazy, re-keying the manual by hand.

Encoding code: making software secret

Software vendors then became more devious, encrypting their code to make it impossible for crackers to disassemble the binary files. This stopped crackers for a short time - but not for very long. They soon realised that although the source files were encrypted on disk, they could not be encrypted in memory because of the performance overhead involved in decrypting code during execution. Software vendors were using loader programs to take the encrypted disk-based file and load it into memory, decrypting it in the process. Once the program was in memory, it was unprotected and therefore vulnerable to the conventional analysis that enabled crackers to strip the copy protection from the source code.

Debuggers proved to be an invaluable tool for the pirates and led to the continuing rise in “cracker clubs” and the emergence of the warez community, which distributed cracked programs online. While many pirates often sold bootleg software for commercial benefit, others cracked and distributed the code simply as a hobby, enjoying the status associated with being the first to break a particular program's copy protection.

Riding the loader

The discovery that pirates continued to thwart copy protection mechanisms led to yet another stage of development, as software vendors began introducing loaders that sucked parts of the encrypted program into memory separately, on an as-needed basis. This made it difficult for crackers to analyse the source code using a debugger, because it was never all in memory at the same time. Difficult, yes…but not impossible. Innovative crackers learned to simply run the program repeatedly through all of its configurations, examining the decrypted segments as they appeared until the whole binary had passed through the RAM, in a technique known as 'riding the loader'.

The dongle

Using accompanying text to verify the authenticity of the software was only ever going to be a short term solution. Software vendors needed to take the battle to a more sophisticated level. One popular method in the early days was hardware protection, using the dongle.

This was a plug-in device that would connect to one of the machine's interface ports (typically parallel ports – now more commonly USB). The software would check for the presence of the device before it would run. While effective, dongles were expensive to produce, and so cheaper systems had to be devised.

Today the story is very different, with a large number of options to choose from including the Dongle, Wrapper Software and Software Developer's Kits.