Is Your Software Legal?
Software Makers Get Serious About Piracy

Since the earliest days of personal computing, both operating systems and applications software have been installed by some users without paying for them. Unless you were turned in to the BSA (Business Software Alliance -- http://www.bsa.org/ ), a software vendor, or other such organization, there was little chance that someone would know that you had more software copies installed for which you had licenses. Those days are in the past. Software companies are closing the loopholes that allowed for software to be installed on multiple machines.

What is Software Piracy
Software Piracy is the unauthorized copying, reproduction, use or manufacture of software products. Let's think about that. There are a lot of things that fall under the heading of software piracy. There is end user copying. This type of piracy occurs when extra copies of a program are made within an organization for employees to use. Disk swapping amongst friends and associates is also included in this category. While not as common, in the old days, hard disk loading was also a big form of piracy. In those days, every corner had a PC store (or so it seemed). Some of those dealers would load unauthorized copies onto the hard drives of new computers they are selling as an incentive for you to buy from that dealer. Counterfeiting is still around today. Counterfeiting is the illegal duplication and sale of copyrighted software and is often designed to look like the genuine product. Very prevalent these days are the online pirates. Have you ever gotten a piece of SPAM that says you can download the software for free because you are not paying for the expensive packaging? Ever wondered if it was legal? Well, in most cases, software is loaded to a web site (Warez) where the copyrighted software is made available and downloaded to users without the authorization of the copyright owner. There is also License Misuse. This happens when product intended for Academic product, NFR Product Misuse is clearly marked "Not for Resale", or OEM Standalone Product is used or sold outside the areas they were intended, i.e. Academic software is for students and schools, NFR is Not For Resale and OEM software is marked with "For Distribution Only With New PC Hardware" and yet is being sold without that new PC!


Securing Software with Hardware Locks
Securing software is something that vendors have tried to do for years. Come on, show of hands, who remembers the old days when most software (not just CAM Software) required a hardware lock? Yes, many vendors used this approach to keep software from being installed on more than one machine since it was next to impossible to duplicate a lock. This did have an advantage for the user because you could install the software on as many machines as you had, you simply could not run it without the lock. As software moved to network versions, even they required locks on the servers. This often time brought the ire and in other cases the downright contempt of the IT Department.

Securing Software with Software Locks
As time passed, software companies decided that there must be a way to control the use of the software with a software lock. Companies like Macrovision and products like C-Dilla have been around for years. The problem with these is that they use schemes that write hidden information to the hard drive of the computers. Many users found this to be an unpalatable solution as they did not like hidden files and folders installed on their systems that they not only could not see but did not know about initially. The software that used these software protection methods generated a unique system identifier, usually tied to the network card, system name, hard drive type, BIOS version, or some combination of the above and then wrote that information to a file. In some cases, this file was simply a hidden file, in others it was actually written to track zero of the hard drive. In those cases where the information was written to a file a format and reload often required jumping through hoops to get the software reauthorized. Still worse were the implementations that wrote to track zero. Those implementations in many cases rendered hard drives unbootable. This caused many people to avoid software that used those schemes.

Software Security Comes Of Age
Today’s software uses many of the same methods to tie the software to the hardware, many using network card MAC addresses which are unique. Additionally, most vendors prefer that the software be authorized via the web. This allows the software, installed on the PC to connect the web site for the vendor and register so it may be run. In many ways, this method is simple and it works because it takes the human element out of the mix as it relates to mistakes. If you lose a hard drive or if your machine configuration changes, you can get reauthorized to run the software via the web in most cases. In cases where interaction is required, you can talk with a live body at the other end of the phone and get the software running, be it a new install or a reinstall. Many vendors even allow customers to install the software two or three time before that human interaction is required. The software may even go so far as to see if the same serial number is running on another computer on the LAN. Another feature of this method is that you can, in many cases, operate the software for a period of time (i.e. thirty days) without authorizing the software. This can be a big advantage if you need to use the software and the internet connection is not available and you do not have time to sit on the phone and be told that your calls is important and will be answered in the order received, especially if they are experiencing high call volumes at this time!


So What Is Next?
There is a new system that will be launching worldwide by Microsoft. Aimed at cracking down on counterfeit software, Microsoft is planning to require all customers to verify that their copy of Windows is genuine. They are going to enforce this in a very simple way; If your system is not genuine or is a known crack or installed on thousands of systems, you will no longer be able to download security patches and other operating system downloads. Microsoft has been testing a tool since last fall that will do just that, checking to see if a particular version of Windows is legitimate. Starting Feb. 7, the verification will be mandatory for many downloads for people in three countries: China, Norway and the Czech Republic. In those countries, people whose copies are found not to be legitimate can get a discount on a genuine copy of Windows, though the price varies from $10 to $150 depending on the country. Microsoft expects by the middle of 2005 to make the verification mandatory in all countries for both add-on features to Windows as well as for all OS updates, including security patches. Microsoft has indicated that they will continue to allow all people to get Windows updates if they turn on the Automatic Update feature. Several million users have participated in the test of this genuine verification engine.

Where to Now?
There is no doubt that piracy costs all of us money. It results in lower sales for resellers and vendor and it also means higher prices for everyone. As technology improves, almost all software will have a way to ‘phone home’. This may be only for registration; it may be for authorization and it may be there for patches and upgrades. One thing is for certain, those who are concerned with privacy will most assuredly come head to head with those who battle to keep the use of programs legal and in so doing protect their intellectual property rights. If you have questions or comments about this article, contact me (JohnBoline@hagerman.com).

All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents © 2005 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden.