According to a study from IDC and Flexera Software, a significant proportion of software companies feel their licensing and pricing strategies are not effective in capturing the real value their software provides. As a result, their bottom line is suffering, and increasingly they’re subject to software piracy. While automated software licensing tools exists to ensure vendors receive adequate compensation for their products, many are yet to employ this technology.
The consequences of falling behind in software licensing are abundantly clear. The amount of revenue illegally being siphoned away from software companies due to unauthorised software use is staggering. A recent BSA Global Software survey notes that 43 percent of the software installed on PCs around the world, totalling more than $62 billion in value, was not properly licensed. This, combined with evermore sophisticated and relentless hackers is leaving software companies who fail to implement the latest security measures, very vulnerable.
Gaps in Traditional Hacker Protection
As a result of revenue leakage from hackers, software companies are re-assessing their traditional licensing security approaches and noting gaps that must be closed. One area of particular vulnerability in software protection is the binary attack. This is a term used to describe how hackers inject malicious code into the application to circumvent licensing. A binary attack can occur in disk with a disassembler or in memory while an application is running. The hacker typically applies a patch that changes the application storage location and its behavior. The code requiring license validation before performing an action is modified, so the application doesn’t check for licenses or, even worse, it looks for the hacker’s licenses.
Typical approaches to fighting these hacker modifications include encrypt ion, dongle protection, secure boots, and more. While effective in less sophisticated times or in only certain specific situations, gaps exist which can expose software companies to hacker risk:
- Encryption gap: Offers only one level of protect ion. Hackers can find the decryption keys hidden in the application, which then removes all protection. There’s also a rework impact of the encryption gap, as software companies then have to rewrite application code when protect ion is compromised. Finally, encryption can significantly impact performance.
- Dongle gap: Dongle protection does not address binary patching, and determined hackers know how to use dongle emulators to break dongle protection.
- Secure boots gap: This method protects devices, not software. Exposure is increasing since the Internet of Things (IoT) means putting more and more software on devices.
The gaps in these typical protection strategies has meant that software companies are beginning to fight back more aggressively. Enhanced tamper-resistant application capabilities provide additional security layers to fortify and protect the software application from piracy and thereby reduce revenue leakage…Click HERE to find out more about this article