How to turn a software pirate into a paying customer

Start-up V.i. Laboratories thinks it has a better way of fighting piracy

Most antipiracy products try to prevent software from being "cracked" or source code from being plagiarized.

Take Microsoft Corp.'s controversial Windows Genuine Advantage (WGA), which was renamed Software Protection Platform and was part of a scheme that included a "kill switch" that rendered copies of Windows Vista inert if users failed to enter a legitimate, unique license number.

However, WGA was prone to malfunction and still vulnerable to cracks, causing Microsoft to soften its antipiracy tactics with the release of Vista Service Pack 1.

A Waltham, Mass.-based start-up thinks it has a better way.

V.i. Laboratories Inc. has high hopes for its new CodeArmor Intelligence product, which, rather than trying to prevent unauthorized use of software, collects data on how and where it is used and then stealthily sends it back to the software's maker, said Victor DeMarines, vice president of products at V.i.

The company is targeting makers of high-end software such as product life-cycle management (PLM) and computer-aided design (CAD) applications used by large-scale manufacturers, and electronic design automation (EDA) software, which is used by chip and electronics makers.

Although it isn't a subject of broad interest and is often difficult to run without consulting and integration work, such niche software is still pirated, with new releases typically available within 30 days, DeMarines said.

Chenxi Wang, an analyst at Forrester Research Inc., confirmed the problem. "PLM apps are routinely cracked and pirated. So are many other high-value, niche applications," she said in an e-mail. "I've talked to a software vendor who manufactures geology mapping software for oil drilling, [and] every version of their software has been cracked and pirated."

With CodeArmor Intelligence, independent software vendors can now effectively turn pirated or non-paid-for software into a form of trialware or sales lead, DeMarines said.

"It could be a lead to a VAR [value-added reseller], who could go in and say, 'It's great you're using this software, but you need to pay up,'" he said. Rather than siccing the Business Software Alliance or the Software Information Industry Association and their lawyers on offenders, "these can be business opportunities for vendors, depending on how they approach it."

Warez crackers 'lazy,' likely to overlook CodeArmor

V.i., whose founders' previous security start-ups were sold to Symantec Corp. and EMC Corp.'s Documentum Inc. unit, is one of a handful of antipiracy vendors. Arxan Defense Systems Inc. has the strongest technology "but is not as user-friendly" as other vendors, such as PreEmptive Solutions LLC and CloakWare Inc., said Wang. For now, V.i. stands out as "the only one with an intelligence-gathering tool."

CodeArmor Intelligence code is integrated into an application so that it is indistinguishable from the application code to scanners and other tools used by pirates to remove license mechanisms, DeMarines said.

"It's not easy to flag or reverse-engineer our code. It's different in each implementation," he said.

Most pirates and most crackers are in run-and-gun mode, as pirate prestige -- and dollars -- are gained by the number of "warez" they upload to BitTorrent or sell via a shadow market, DeMarines said.

"They only want to do as much work as they need to. Meanwhile, our technology lies dormant during that initial crack cycle," he said. It remains inactive until software is installed and used a certain number of times by the end user -- a number that the independent software vendor can specify.

But Wang points out that if detected, CodeArmor Intelligence would be "pretty easy to stop."

"All the pirates have to do is identify the port or the gateway server and put a firewall rule or a network-filtering rule to block that communication," she said.

While most pirates are "lazy ... this is an arms race," she said. "Once they find out the intelligence tool is preventing them from getting pirated revenue, then the pirates will do something about it."

Still, Wang thinks that CodeArmor Intelligence's data can give software vendors the leverage to help turn a pirating company, if approached correctly, into a paying end user and ultimately a loyal customer.

While the hyperbole around so-called cloud computing has many declaring the end of client software, DeMarines said that won't happen for a long time with the CPU and graphics-intensive PLM and CAD applications that V.i. is targeting.

An increasing number of hosted Web applications are adding client runtimes based on Java and .Net to add offline modes or extra features. Independent software vendors may also wish to track such code, to track and prevent tampering with those runtimes, he said.

One example is online gambling company that is using V.i.'s software to ensure that the client runtimes that its 30 million users run are not modified so that some users give themselves better odds, DeMarines said.

Related:

Copyright © 2008 IDG Communications, Inc.

  
Shop Tech Products at Amazon