Revulytics Blog

Thinking Differently About Software Piracy - Comments on CodeArmor Intelligence

September 2, 2008


We received some great coverage on our CodeArmor Intelligence product and strategy announcement, including CRN, SD Times, Computerworld, and Dark Reading. As expected, there were a lot of comments to the announcement (check out Computerworld for some examples).

The world of anti-piracy - and especially technology to combat piracy - is a contentious topic for many people. The negative comments and perceptions have been influenced by previous anti-piracy strategies for consumer software and the association with DRM. For example, the PC gaming industry has gone through many cycles of copy protection and activation technologies that have been intrusive to end users. Similarly, DRM technology used to control the sharing of audio and video content has been anything but transparent.

However, with CodeArmor Intelligence we are targeting a different industry and in a way that differentiates us from the negative aspects of previous anti-piracy solutions. To help clarify our focus, I’ve grouped some of the recurring comments into several themes below and provided a response to hopefully educate and better explain our strategy:

Comment - “It’s like Spyware”
An obvious comparison point, since CodeArmor Intelligence will send information back to the hosting software vendor to identify the infringing organization if a pirated version of their software is being used. However, the similarity ends there. Spyware runs all the time, tracks user behavior, gathers personal data, and can be intrusive since it consumes bandwidth and cannot be easily uninstalled. Often this type of software is bundled with shareware and installed and run on the end user systems as a standalone application.

CodeArmor Intelligence does not install surreptitiously on the end user system, it is set of functions that are part of the ISV’s application. This means that when the application is uninstalled or not running, CodeArmor Intelligence is essentially deactivated. In addition, the intelligence features are only trigger when the ISV’s application has been tampered with or another event is detected that indicates that the software is pirated. If these conditions do not exist, the reporting capability is never activated and does not run. Even when the intelligence features are operating, we took great pains to ensure that the network and machine running the tampered software will not see a performance impact.

Lastly, the goal of this product is not to target individuals or consumers, but businesses that have (unknowingly or otherwise) adopted pirated business software (e.g., CAE, PLM, EDA, oil and gas, and enterprise applications). The data the product does collect helps ISV’s identify these organizations and the machines running the infringed software and may not contain any “user” related information.

Comment - “Just block it at the network level or don’t connect to the Internet”
We have integrated a software based GPS capability that detects the closest GPS receiver to facilitate locating the software if a network connection is not present – just kidding.

If the pirated software is used on a machine that is not connected to the Internet (or is firewalled to the extent that the software cannot connect to the Internet), then the reporting features are not going to work. However, many of the software titles we targeted have a high volume of infringements (normally in the thousands) so even if the product is able operate for only a subset of the total number, then ROI will still be realized.

Comment – “The piracy scene will crack it, like everything else”
There are many degrees of separation between the groups producing cracked software and the end user organizations using it. The crackers within these groups focus of disabling licensing, activation, and software protection mechanisms since they prevent unlicensed software from running. CodeArmor Intelligence is not associated with any of these mechanisms and is integrated into the code and dormant until a custom set of triggers are tripped: these triggers are associated with the actual use of the product and not with installing or sampling the software.

It is certainly possible to disable the intelligence capability, but we designed the capability to fly under the radar of the traditional cracking methodology.

Comment – “Comparison with Microsoft WGA”
Microsoft WGA compares more to license activation than is it does with CodeArmor Intelligence. The biggest difference is that WGA forced everyone to validate the authenticity of their software online. CodeArmor Intelligence will only activate within organizations using tampered and pirated versions of software - and not within legitimate, licensed organizations.

Comment - “Piracy scene isn’t interested in selling pirated software, just accumulating it for fun”
This may have been true in the past or when associated with consumer software titles, but our research shows that certain groups are focusing on high value applications used to design and manufacture chips and other products. The frequency of the pirated releases and the vendors being targeted suggest a criminal connection to supply this software into businesses within emerging markets for profit.

New Call-to-Action

Activate Your Data-Driven Compliance Program

Add new license revenue by detecting, identifying and converting unpaid users into paying customers.

Victor DeMarines

Post written by Victor DeMarines

Vice President, Products & Strategy at Revulytics

Victor DeMarines brings extensive security product management and marketing experience to Revulytics, where he is responsible for product strategy and direction. He is a frequent speaker and author on topics including piracy, reverse engineering and the protection of intellectual property.