Is Your Software Legal?
Software Makers Get Serious About Piracy
|
|
Since the earliest days of personal computing, both operating systems and applications software have been installed by some users without paying for them. Unless you were turned in to the BSA (Business Software Alliance -- http://www.bsa.org/ ), a software vendor, or other such organization, there was little chance that someone would know that you had more software copies installed for which you had licenses. Those days are in the past. Software companies are closing the loopholes that allowed for software to be installed on multiple machines.
What is Software Piracy
Software Piracy is the unauthorized copying, reproduction, use or manufacture of software products. Let's think about that. There are a lot of things that fall under the heading of software piracy. There is end user copying. This type of piracy occurs when extra copies of a program are made within an organization for employees to use. Disk swapping amongst friends and
associates is also included in this
category. While not as common, in the old days, hard disk
loading was also a big form of piracy. In those days, every
corner had a PC store (or so it seemed). Some of those dealers
would load unauthorized copies onto the hard drives of new
computers they are selling as an incentive for you to buy from
that dealer. Counterfeiting is still around today.
Counterfeiting is the illegal duplication and sale of
copyrighted software and is often designed to look like the
genuine product. Very prevalent these days are the online
pirates. Have you ever gotten a piece of
SPAM that says you can download the software for free because
you are not paying for the expensive packaging? Ever wondered if
it was legal? Well, in most cases, software is loaded to a web
site (Warez) where the copyrighted software is made available
and downloaded to users without the authorization of the
copyright owner. There is also License Misuse. This happens when
product intended for Academic product, NFR Product Misuse is
clearly marked "Not for Resale", or OEM Standalone Product is
used or sold outside the areas they were intended, i.e. Academic
software is for students and schools, NFR is Not For Resale and
OEM software is marked with "For Distribution Only With New PC
Hardware" and yet is being sold without that new PC!Securing
Software
with Hardware LocksSecuring software is something that vendors have tried to do for years. Come on, show of hands, who remembers the old days when most software (not just CAM Software) required a hardware lock? Yes, many vendors used this approach to keep software from being installed on more than one machine since it was next to impossible to duplicate a lock. This did have an advantage for the user because you could install the software on as many machines as you had, you simply could not run it without the lock. As software moved to network versions, even they required locks on the servers. This often time brought the ire and in other cases the downright contempt of the IT Department.
Securing Software with Software Locks
As time passed, software companies decided that there must be a way to control the use of the software with a software lock. Companies like Macrovision and products like C-Dil
la
have been around for years. The problem with these is that they
use schemes that write hidden information to the hard drive of
the computers. Many users found this to be an unpalatable
solution as they did not like hidden files and folders installed
on their systems that they not only could not see but did not
know about initially. The software that used these software
protection methods generated a unique system identifier, usually
tied to the network card, system name, hard drive type, BIOS
version, or some combination of the above and then wrote that
information to a file. In some cases, this file was simply a
hidden file, in others it was actually written to track zero of
the hard drive. In those cases where the information was written
to a file a format and reload often required jumping through
hoops to get the software reauthorized. Still worse were the
implementations that wrote to track zero. Those implementations
in many cases rendered hard drives unbootable. This caused many
people to avoid software that used those schemes.Software Security Comes Of Age
Today’s software uses many of the same methods to tie the software to the hardware, many using network card MAC addresses which are unique. Additionally, most vendors prefer that the software be authorize
d
via the web. This allows the software, installed on the PC to
connect the web site for the vendor and register so it may be
run. In many ways, this method is simple and it works because it
takes the human element out of the mix as it relates to
mistakes. If you lose a hard drive or if your machine
configuration changes, you can get reauthorized to run the
software via the web in most cases. In cases where interaction
is required, you can talk with a live body at the other end of
the phone and get the software running, be it a new install or a
reinstall. Many vendors even allow customers to install the
software two or three time before that human interaction is
required. The software may even go so far as to see if the same
serial number is running on another computer on the LAN. Another
feature of this method is that you can, in many cases, operate
the software for a period of time (i.e. thirty days) without
authorizing the software. This can be a big advantage if you
need to use the software and the internet connection is not
available and you do not have time to sit on the phone and be
told that your calls is important and will be answered in the
order received, especially if they are experiencing high call
volumes at this time!So What Is Next?
There is a new system that will be launching worldwide by Microsoft. Aimed at cracking down on counterfeit software, Microsoft is planning to require all customers to verify that their copy of Windows is genuine. They are going to enforce this in a very simple way; If your syste
m
is not genuine or is a known crack or installed on thousands of
systems, you will no longer be able to
download security patches and other operating system downloads.
Microsoft has been testing a tool since last fall that will do
just that, checking to see if a particular version of Windows is
legitimate. Starting Feb. 7, the verification will be mandatory
for many downloads for people in three countries: China, Norway
and the Czech Republic. In those countries, people whose copies
are found not to be legitimate can get a discount on a genuine
copy of Windows, though the price varies from $10 to $150
depending on the country. Microsoft expects by the middle of
2005 to make the verification mandatory in all countries for
both add-on features to Windows as well as for all OS updates,
including security patches. Microsoft has indicated that they
will continue to allow all people to get Windows updates if they
turn on the Automatic Update feature. Several million users have
participated in the test of this genuine verification engine.Where to Now?
There is no doubt that piracy costs all of us money. It results in lower sales for resellers and vendor and it also means higher prices for everyone. As technology improves, almost all software will have a way to ‘phone home’. This may be only for registration; it may be for authorization and it may be there for patches and upgrades. One thing is for certain, those who are concerned with privacy will most assuredly come head to head with those who battle to keep the use of programs legal and in so doing protect their intellectual property rights. If you have questions or comments about this article, contact me (JohnBoline@hagerman.com).
All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE, USE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents © 2004 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden.