Security Experts:

Connect with us

Hi, what are you looking for?



Lessons Learned for Software Piracy in 2011

As 2011 draws to a close, I’ve decided to take a step back and review the past year. Let’s take the lessons learned about software piracy and see how they can be applied in 2012.

As 2011 draws to a close, I’ve decided to take a step back and review the past year. Let’s take the lessons learned about software piracy and see how they can be applied in 2012.

In 2011 we were reminded that software piracy cannot be stopped. Despite the best efforts of software vendors, industry watchdog groups and government, software piracy continues to proliferate. The Stop Online Piracy Act currently being discussed in Congress has been much maligned with claims from many sources that the bill essentially amounts to online censorship. I personally don’t support it either, but not because it is censorship, but because it simply won’t stop online piracy. Trying to stop piracy by adding new tools to disable access to the piracy channels is a futile strategy for software vendors. Past experience suggests that these tactics only create new methods and approaches for sharing pirated content (for example, the rise of cyberlocker service providers).

Software Piracy, Stop Online Piracy Act Similarly, shutting down sites that offer pirated goods doesn’t stop the piracy problem; it just moves the pirated wares to other sites. As evidenced in this article, governments can shutter sites but no real enforcement is possible because these pirate sites are often operated overseas in countries like China, where software piracy laws are sorely lacking. Like I have said before, it’s like a game of Whac-a-Mole, and it never stops.

Another anti-piracy tactic that leaves a lot to be desired is bounty programs aimed at company whistleblowers. Uncovering software piracy by relying on company whistleblowers is an imperfect process that spawns whistleblowers with ulterior motives. Most whistleblowers are former disgruntled employees with axes to grind. Some, as in this recent case with Tiger Communications, are actually the culprits who downloaded the pirated software to a company computer then turned them in when he was fired.

The Business Software Alliance’s tactic of paying for whistleblower leads (and their creation of a sweepstakes to win $1,000 regardless of whether or not a settlement is actually reached) breeds a whistleblower-for-hire mentality. This is bound to bring about false accusations just so people motivated by financial gain can enter the contest.

Employees must take a more active role in ensuring pirated software use does not happen within their organizations. A Federation Against Software Theft (FAST) Barometer Report on software piracy published in September revealed that two thirds of UK workers turn a blind eye to their employers’ use of pirated software. While I don’t think whistleblowing is an effective method of uncovering software piracy use, I do think employees who are aware their employers are using pirated software should encourage their employers to pursue a course of action that will bring them into compliance. As more and more software vendors adopt amnesty programs that forgive past software piracy transgressions in exchange for new compliant customers, this process should improve.

On the flip side of this issue, software vendors need to take a more active role in confronting software piracy. These vendors believe that turning a blind eye to software piracy provides them with a form of viral marketing. In reality, they are losing revenue (that they cannot even quantify) and creating an uneven playing field for their customers. It also gives the appearance that pirating their software is encouraged and the use of their pirated software is an acceptable and commonplace practice.

For the enterprise, senior leadership needs to take a stronger interest in curbing the use of pirated software within their organizations. Some employees would willingly use pirated software to benefit their companies and to look good by “cutting costs” – despite the fact that most companies want nothing to do with pirated software. Using pirated software can invite unwanted malware into the company’s network that could wreak havoc on internal systems or worse, might steal sensitive company data. Using pirated software also exposes the company to unwanted liability for unlicensed use. These are not trivial issues and the danger of data leaks, as well as well-publicized fines, can cause real damage to that business’ reputation and harm future growth.

The international community needs to do more to pressure China into adopting more stringent laws against software piracy. While the Chinese government claims software piracy issues in their country are not a major concern, the facts continue to tell a different story. Companies that operate in China and other locales where software piracy laws are not strongly enforced steal an estimated $1.6 billion from their in-market competitors, according to a recent report from Microsoft. The bottom line is that governments need to strengthen their anti-software piracy laws so that all companies that operate within their borders are on the same even playing field. It will promote better competition and better quality products.

In closing, I’ve pointed out what hasn’t worked but I haven’t talked about what does work. As the old saying goes, take lemons and make lemonade. If you have a software piracy issue, don’t look at it as a problem that needs to be stopped. Instead, look at it as a new business opportunity. When confronted with software piracy use, most companies would opt to become paying customers. With that in mind, you should approach these companies illegally using your software as business prospects. The use of detection and reporting technology to locate companies using pirated versions of your software is a great way to identify these prospects. As mentioned above, the deployment of an amnesty program to forgive past illegal software use is a great way to remove any initial adversarial contact with that prospect and can lead to a smoother business transaction.

Hopefully we can all learn from 2011 and take these lessons to strength our new business efforts in 2012. Happy Holidays.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...