Fighting the pirates

By Mike Dager, CEO of Arxan

CXO. Software piracy results in European companies losing as much as US$11 billion per year. What can be done to reduce its impact?
Mike Dager. To reduce the impact of revenue losses through piracy and hacking, you must find an adequate, durable, resilient solution that’s proven to stop people from being able to hack into your code and compromise your software.

CXO. Illegal software ranges between 68 percent for Central and Eastern Europe to 34 percent for the European Union according to the IDC/BSA Global Software Piracy Study. Do you think that some places do not realize they’re using illegal software?
MD. I don’t think that’s the case. Anybody that’s using illegal software knows they’re using illegal software. People that do it in a premeditated fashion set out to commit an act of piracy. They’re motivated by the cost savings. There are other people that are the recipients of illegal software. Maybe they weren’t the perpetrators, but they do know that they have illegal software on their computer. They are also making themselves vulnerable to malware injections, compromised versions of the software and no customer support.

CXO. The internet is becoming a more commonly used channel for pirated software through illegal downloads. How can software providers combat this?
MD. If you take a protection methodology like Arxan and you protect a software application, then the license manager, node-locking software and activation software that’s on top of the application will not be cracked. This approach prevents a pirate or a hacker from obtaining that intellectual property, or distributing it over the internet for free.

CXO. Why haven’t conventional methods been successful in combating piracy?
MD. Conventional methods such as license management and source code obfuscation have not been successful because hackers are aggressive. About four or five years ago, the hackers evolved, taking a quantum leap ahead. These conventional methods applied to code are easily circumvented and hacked.

Once the hackers have penetrated these forms of protection, they share the procedures and the scripts they used to perform those hacks with friends, and post them online. They are available to people worldwide through a simple Google search. That’s why there is so much software being pirated on the internet and being distributed by sites like eMule (a website many consider to be illegal). License management vendors and the software application providers haven’t been able to respond with any kind of effective resistance to those scripts or procedures.

CXO. What characteristics should be considered if end-users are considering adopting software protection solutions?
MD. First you should look at all the things that have failed, such as license management and source code-based solutions. You then need to look at something more durable, penetrating and resilient – something that will last and be dynamic at the binary level. That’s our philosophy here at Arxan, and so far, we’ve never had a breach with our protection.

At Arxan we insert modules of object code at the binary level throughout your program. We call these ‘Guards™,’ and they stop any hacker or any pirate from compromising your code. These guards are created and generated in constant anticipation and in reaction to today’s hacking techniques. As new hacking techniques emerge, we create new guards and make them part of our offering.

CXO. How important is it for European companies to exert control over their software revenues from foreign markets, given the high piracy rates?
MD. Anybody that develops or creates some intellectual property, and is relying on the quality and the integrity of that intellectual property to generate revenue, is at risk. I was CEO of a company that made US$50 million in revenue, and the company was the victim of piracy when a client made a purchase of about US$800,000 but was using US$11 million worth of our software. That US$10 million for my little US$50 million company would have been substantial. Companies aim to build value for the shareholders through revenue and profitability. It’s hard to do that when people are stealing your software and market share.