Revulytics Blog

New Piracy Data

August 13, 2008

Subscribe

As a follow-on to our previous piracy analysis, we announced new data on the Time to Crack (TTC) for vendors in the PLM industry. We started with the PLM software, and will expand our research with the TTC estimates for the EDA industry.

The announcement and our TTC metric is meant to help educate and define the piracy problem for these specific industries. The TTC metric has to be measured and established before organizations can decide on anti-piracy strategy and programs. We define TTC as the point in time where the piracy groups have made available a quality crack release that mirrors the actual vendor software release, but has its license management or activation process disabled or bypassed to enable illegal use.


I use the term quality, because there can many erroneous references crack software. You need to know where to look and authenticate the data through sampling. We get our data from several sources including our partner ICG and validate it by sampling the releases by actually downloading the software. We do not run or reverse engineer the software itself until we get permission from vendor. However, there is enough data in the NFO files (as well as the crack directories and instructions) to infer whether the crack is real and what approach was used to enable the crack (e.g., binary patch, key generator).

From our research the largest PLM vendors are seeing on average a 30 day TTC. None of the releases we examined at a top level appeared to have code hardening or security applied. Because these vendors share the same licensing mechanism (Macrovision/Acresso), the licensing controls are easily circumvented by piracy groups using binary patches and a shared vulnerability knowledge base on Macrovision.

We did see some titles with TTC less than 30 days and these were primarily vendors who not have upgraded their Macrovision licensing systems with the Tamper Resistance License (TRL) format. TRL uses PKI and to ensure the authenticity of the license file itself and therefore closes the door on organizations using license keys generated by rogue key generators. Although this technology has been around for many years, it appears the vendors are not able to upgrade easily because of back ward compatibility, customer and internal operations impact.

We will be launching a new anti-piracy strategy and product offering that will expand on the data I’ve described above and will offer high value ISVs a simpler method to quantify their true piracy problem and directly recover revenue from organizations using pirated software.

Activate Your Data-Driven Compliance Program

Add new license revenue by detecting, identifying and converting unpaid users into paying customers.

Michael Goff

Post written by Michael Goff

Marketing Director at Revulytics
Michael is Marketing Director at Revulytics where he is responsible for corporate marketing, content, and social media. He has helped to educate the industry on the benefits of software usage analytics for compliance and product management through the company's blog and contributed articles in trade publications. Michael was previously a marketing programs manager at The MathWorks and principal at Goff Communications. Michael earned a J.D. from Boston University School of Law and a B.A. from Colgate University.