Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Software Piracy and Non-Compliance: A Balanced Protection Plan is Your Best Strategy

In my previous column, I outlined how software vendors can best identify if they have a piracy problem. Once software piracy is identified it is important to know the scope of the problem because it will help to determine the best way to deal with it. Once an Independent Software Vendor (ISV) discovers that their software has been pirated, the gut reaction is to put an immediate stop to it. After all, this is their life’s work.

In my previous column, I outlined how software vendors can best identify if they have a piracy problem. Once software piracy is identified it is important to know the scope of the problem because it will help to determine the best way to deal with it. Once an Independent Software Vendor (ISV) discovers that their software has been pirated, the gut reaction is to put an immediate stop to it. After all, this is their life’s work. Thus, their first response is often to go after distribution channels and issue takedown notices, but this approach can be troublesome.

Software Piracy SolutionsFor example, in 2010, the New York Times reported that Microsoft is taking down 800,000 counterfeiter links a month to quell counterfeit software threats. The company reportedly spends roughly $200 million in anti-piracy technology. It scans the web for suspicious links and sends takedown requests to web service providers when it discovers questionable activity. However, software pirates then use automated systems that replace links that Microsoft removes. It’s a continual battle. Clearly, this strategy is not working. It’s like a game of “whac-a-mole” – simply impossible to keep up with.

Alternatively, some ISVs look to curb this problem through software protection approaches. By “hardening” the software, through methods such as code encryption, ISVs hope to deter software pirates. In some cases, this does make sense. But in the majority of cases this simply delays the time it takes to crack the vendor’s licensing or DRM. Hackers will always find a way around this.

So my advice is this: if piracy is discovered, it’s best to react, but don’t overreact. Be proactive, yet patient. This may sound contradictory, but in this case it is not. Patience does not mean passive. It’s about taking the right action, based on the right information. ISVs can be proactive by investing in piracy business intelligence to identify license infringement, and then having the patience to gather this intelligence before making a decision on what actions to take.

Today, ISVs have the means to discover how and where software is being used, what features are used most, and the extent of software misuse. By gathering data on the actual businesses using pirated software, ISVs can make data-driven decisions about their piracy strategies.

Another example to illustrate this point: Avast Software, a maker of anti-virus software, turned a piracy problem into a huge marketing opportunity. Most companies, upon realizing their software was being stolen, would immediately seek to squash the problem and penalize those users. Instead, Avast took the patient, proactive approach, gathering intelligence over the next 18 months about the use of the pirated version of its software.

According to PC Pro, “a single license for Avast security software has been used by 774,651 people after it went viral on a file-sharing site.” Avast saw the users for what they were: business leads. Realizing it had an avid following of people clearly interested in its software, Avast decided to flip the users of the pirated version of their application into authorized users. Those people using the pirated version received a pop-up notice offering them a link to the free or paid-for versions of the software. Users had an opportunity to “true up”—and use a valid version of the software free from the risk of malware.

Companies like Avast are taking a more enlightened approach to tackling software piracy, leveraging data about misuse of their applications to recover lost revenue. Ultimately, when it comes to software piracy, it’s difficult to make the right decision without the most significant facts in front of you. They then have an understanding of the scope of the problem and how best to attack it.

ISVs need to “operationalize” their piracy data: collect the data and initiate programs to recover revenue lost to piracy (or work with partners in other geographies to ensure piracy doesn’t become a problem or continue to be a problem). ISVs can collect enough data through piracy business intelligence to get an accurate understanding of their own piracy problem. As they analyze the data within piracy dashboards, the ISVs get a true sense of the issue at hand. The piracy data serves as forensic proof of what software applications are being used without a license and to what extent.

Advertisement. Scroll to continue reading.

Often times, the results in the dashboard can be quite surprising. In fact, on average, nearly half of all infringing organizations are existing customers, often a result of software license overuse. The remaining 50 percent of piracy sources should now be viewed as a new business opportunity – organizations previously unknown to you that you now know are using your software as part of their business operations.

ISVs taking a piracy business intelligence approach have direct visibility into where the biggest offenders are in terms of unlicensed software use and can take the forensic data from their dashboards to develop a data-driven response to recover the lost revenue. One key point to consider is that infringing organizations chose your software over your competitors for a specific reason and likely have a business need to continue using it. In many instances, the benefits are just as great for the infringing organization to become a paying customer. By doing so, the organization becomes software compliant, and is now entitled to services from the vendor such as support and upgrades.

Previously, software vendors had no means of measuring or defining their own software piracy problem. Few ISVs had the resources to take on such a task themselves, and those that did lacked the tools to really do it well. With piracy business intelligence solutions, ISVs can do exactly that. They can determine their own piracy pipeline number, which details exactly how big their own piracy problem is and with the data they have collected, decide the best approach to respond. These enlightened ISVs are proving to be visionaries and leaders in the fight against software piracy, by recovering lost revenue and turning infringing organizations into paying customers.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.