How do you prevent the piracy of your software?

Question

Is it still worth it to protect our software against piracy? Are there reasonably effective ways to prevent or at least make piracy difficult?

Answer 1

Not really. Any copy protection has to be 100% perfect, (which we all know is impossible,) or else all it will take is for one person anywhere in the world to come up with a working crack and post it on the Web.

If you want people to pay money for your product, copy protection is not the answer. It never has worked and never will. The answer lies in Economics 101: people will pay money for your product if they perceive its value to them as being greater than the price you are asking for it. Otherwise, they won't. Period.

Answer 2

I would say "No" to both questions, without hesitation.

Is it still worth it to protect our software against piracy?

No, and a lot of companies and independent developers have demonstrated that there's no need.

The Humble Indie Bundle is an exceptionally good example of one possible way of making a killing in spite of active "piracy." In a single 3-week event, five developers made, together, almost US$900,000 on their five games (plus one), without DRM, and even without a concerted effort to control access to the download links. And despite rampant sharing by people who paid, an average of US$10 per copy was paid, 30% of which went to charity. (This is, admittedly, a rather exceptional example in that it's not the norm even for this kind of sale event, but it is a good demonstration of how non-standard sales models can work extremely well.)

Companies like Introversion Software and Stardock make a lot of money despite a 90% piracy rate.

Another good example is Illumination Software Creator, which is doing very well for itself.

Or look at Minecraft, which has chosen a "freemium" model and is earning (as of this week) the author $100,000 per day.

Even when people stop fighting "piracy," they tend to do very well for themselves.

Are there are reasonably effective ways to prevent or at least make piracy difficult?

No, and frankly, it's rather pointless. Software can and will be copied as easily as you copy values within your program. No matter what efforts you make to protect your software against "piracy," so long as the end-user will at any point have a copy of the program, someone will distribute it to others without cost.

The only two ways to prevent "piracy" are: Make your software a service, such as a web application, or open your source code (or otherwise license your software for free distribution).

The only way to discourage "piracy" of software with a price tag is to set a price more in line with the value your customers perceive in the product, or to attach that price to actual services (like providing support). No one will pay $60 for something they can get for free in another product.

(On a side note, I object to the term "piracy," since its etymology implies theft. Copyright infringement is not theft, no matter how you look at it, and to equate the two is intellectually dishonest. I would prefer a term like "illegitimate customer" or "untapped market.")

Answer 3

Just because copy protection isn't 100% effective doesn't mean it's worthless. It keeps honest people honest. Customers need SOME incentive to pay for software and most of the time that's what copy protection provides. If your price is reasonable, most people aren't going to spend the time and effort trying to circumvent the protections you have in place. Of course, if the protections make the core functionality a bitch to use, that's another issue.

This blog post is an excellent evaluation of the value of copy protection: http://www.kalzumeus.com/2006/09/05/everything-you-need-to-know-about-registration-systems/

As far as a reasonably effective way to provide SOME protections for your software, I highly recommend Infralution Licensing System. It's inexpensive and performs well.

Answer 4

Yes it is still useful, but don't spend to much time and money on that. If your software worth it, it will be purchased AND cracked. Regardless the efforts you put in the protection mechanism.

Too much protection as well as no protection will affects sales.

Answer 5

Give it away :)

Given that virtually all anti-piracy measures can be circumvented if someone is determined enough there's an argument for not doing anything.

Make your software useful and offer support to those that pay, thus getting the revenue and dedicated users.

One way to get revenue could be to have a "pro" version that unlocks extra features that needs to be paid for. This seems to be a popular approach. You need to be make sure that the unlocking of the pro features is a) easy for the customer but b) hard for the hacker.

Answer 6

Don't spend much work on this, and don't make it intrusive.

There are two layers of copy protection that can possibly be worthwhile. One is to prevent the casual user from copying it, and one is to prevent anybody from copying it. There's nothing in between, since if any one person can crack your copy protection all the dedicated pirates in the world will have a copy. The second level is impossible, so don't even try. The first may have some value.

If you make the copy protection annoying, the pirate sites will have a better version available. Many people buy a legit copy of software, and then download an illegit to actually use. I really don't think you want to encourage honest people to download your stuff from pirate sites, and you don't want to annoy your paying customers too much.

You should stop worrying about piracy per se. For stand-alone service, pirates take nothing from you. Seriously. You still have everything you had before. What they might to is deprive you of possible sales. In other words, they can do nothing to you that an influential reviewer can't.

What you should be concerned about is revenue, and increasing the number of sales. Piracy can actually help that, by giving people some free trials and experience. Many people will buy the stuff they actually use. Some people attribute some of Microsoft's success to large numbers of people illicitly using their software. They're better off in the long run with hundreds of millions of Chinese using illegally copied Windows than perfectly legal Linux.

Don't pay attention to the number of illegitimate copies. They aren't, for the most part, lost sales. Pirates tend to accumulate large quantities of software they barely use, far beyond their ability to buy. Pay attention to your actual sales.

Answer 7

First of all, I would boldly claim that you can never keep the administrator account from verbatim copying files on their machine.

However, regarding copying you could simply set the permissions on your executable files to 111 and make them belong to root, such that everybody may execute the file but not read it (thus not copy it). However, root will still be able to change that.

Since you cannot prevent the binary from being copied, and you are willing to manually install it on target systems. Compile them explicitly for that system and include a hash of the system configuration (e.g. hostname, hardware, ...). Check during runtime that you are running on a system that matches this configuration.

Still this will only make it harder to steal your software, not prevent it, because you can always take the binary, examine it and remove the part that checks for the correct machine.

All in all, doing this is usually a bad idea (IMHO) because it will cause problems to your customers (the last thing you want). If you really want to sell commercial software to people, bind them by law, not by hacks, to obey your terms and conditions.

Answer 8

No, not really. And depending on the used technology there may not even be a reasonable approach at all.

For example, there is nothing you can do to prevent decompilation of an SWF (e.g. with Sothink SWF Decompiler). It will give you pretty much exactly the source code you typed. Of course you can use code obfuscation, but that makes it only a tad more difficult to understand the code while doing nothing to e.g. prevent someone from decompiling your SWF, replacing your name and company logo and then recompile it again.

The same goes for JavaScript or ABAP (where you basically have to deliver the source code to the customer) and probably some other technologies as well.

On the other hand, copy-protection/DRM can seriously annoy your customers and give your company very bad publicity. Think of the various protection mechanisms employed by the gaming industry:

• DRM components installing themselves as ring 0 drivers, making the system vulnerable to security and/or stability problems
• protection software telling you to uninstall other applications before allowing the product to run
• permanent online connection required to play a single-player game
• limited installations or online activations, often used in combination with binding the product to a user account of some sort (usually this binding is irreversible)
• etc.

Therefore you should always consider the negative impact any copy-protection measures you include in your product can have on your reputation and how much effort (development time, license costs, etc.) it requires to actually get that DRM stuff into your application. If you come to the conclusion that it's still worth the trouble then do it. But if you have any doubt that using DRM will actually hurt your business more than benefit it then simply don't do it.

Of course, requiring a CD key or employing a disc check to prevent John Doe from using Nero to provide his whole family with copies of your product is still reasonable. However, any measures that invade the customer's system by installing DRM drivers or something like that should be considered very carefully because of the previously stated reasons.

Answer 9

Ultimately you can't - it's just a question of how much time/money you want to spend compared to how much time/money the other guy wants to spend copying it.

Answer 10

1) I do it SaaS way - Software as a Service

2) I make the software free for download and use, but requires a connection to a server for limited, paid access.

Answer 11

The only dependable and relatively problem-free way I know of is to have the software "call home" and ask "Here is my serial number, am I a legal copy?" Of course the program needs to have an internet connection in order to do that, which might be thought of as a bit of a problem, but it gets remedied by including a "check for updates" option and doing the checking during that time.

Actually, even that is not exactly dependable without additional measures to prevent people from running version 1 build 1 for eternity, or people reverse-engineering your app and disabling the protection, but this is a good start in the right direction.

Answer 12

If you don't add any protection or annoyance (i.e a nag screen), almost no one will pay for you work.

With a basic protection, the average user, really motivated to buy your software, will buy it, but avoid to make too complex its life: the customer is paying you, so be kind.

A good way to protect software is online activation. Of course keep in mind that every copy protection system may be overridden, so don't spend too much time in developing complex protection schemes: people that absolutely don't want or can't afford buying it will either crack it or skip it.

Answer 13

I think, the solutions is placing all interested code in the server side and use thin client.

Answer 14

Give the software away for free as a 'lite' version. People who are serious about it can pay for the 'full' version and have their version somehow stamped to identify it. Don't stick their name in it - that's too easy to remove.

A better model is to manage payment from the server side. See my answer on pricing for more details.

Answer 15

Depends on how valuable you deem your time and your IP.

Myself, if I was selling consumer-interesting software that would be likely to be pirated, I would work on an internet-based solution that would deliver encrypted binaries each program run-time.

Answer 16

I'm considering selling my software to China, and considering how rampant software piracy is, I want to at least know who is stealing my software so I can get some metrics for Advertisers who may want to sell ads within my free app.

For that purpose I use SLP from http://www.inishtech.com/. I track all the users of my software, and get an idea how compliant people are. I don't expect much more than to use it as a reporting tool, but it's able to do much more.

Answer 17

Give them more than just the software somehow. Free downloadable content for paid users and free upgrades and patches, training videos, cheap upgrades or free upgrades to the latest versions. You can also donate a bit of your profits to a charity, so the users have a feeling of giving something back when they buy your software.

If there are online features only make them accessible to paying users. Copy protection is a waste of time. Nowadays it's all about content and service, and not just giving someone a static exe and expecting to make free money after your costs are covered.

Answer 18

I have a somewhat different view, for perhaps two reasons. First of all, I work for Agilis Software, a company in the license management business, and secondly a substantial portion of Agilis's business is not in protecting consumer/desktop software, but in protecting enterprise applications, embedded systems etc.

In the consumer/desktop space the arguments are well rehearsed above. Modern licensing systems can make activation unobtrusive and flexible for the user (as many companies have found with Agilis's Orion product activation system), but the decision in the end is a strategic one for the vendor.

With enterprise systems, and some consumer packages, the vendor offers more sophisticated pricing options than just a single perpetual desktop license. Subscription licenses, for example, are widely used, but if you don't include some secure mechanism for enforcing the subscription period the renewal rate will be very low (so you discounted your software from the perpetual-license price for nothing). Many vendors of more complex applications also want to offer different combinations of features to different markets, or to price features separately. Without a license manager to control which features are enabled you might have to provide a separate package for each customer and each upgrade, with all the operations work that entails. The user-count model is still very popular too, where the customer can have n licenses active at any one time; if you don't enforce this limit with a license server, it is very likely to be exceeded. Another model growing in popularity is usage-based licensing (usage-based licensing case study).

The enterprise customers themselves are well aware that once a software package is installed, despite the best intentions of IT and management, the agreed paper licensing terms are easily exceeded, exposing the company to unpleasant audits, penalty fees etc., so they prefer to have the licensing terms enforced if done by a secure, unobtrusive licensing system.

Dominic

Answer 19

Hmmm, only two solutions:

1) Release under GPL (or similar)

2) SaaS