Wider business community should act against piracy
ISPs for example could be held accountable in the future for pirated software, says Mark Noctor
The High Court has made a landmark decision in requiring ISPs to block access to websites they host which trade in counterfeit goods.
At heart, this is about companies protecting their IP and brand as well as their revenue. It should also open the door to the possibility of ISPs being held accountable for cracking down on pirate software sites.
Given that the judges relied on the precedent of them having already implemented mechanisms to block content that is unsuitable for minors, a similar approach could be taken to justify the blocking of counterfeit software.
For all businesses in the software market, not only traditional software companies and ISVs but new entrants from a multitude of vertical industries such as healthcare, IT hardware, wearables, banking and payments that monetise software products, there are new challenges in a highly networked, decentralised and mobile world.
It is not difficult to find pirated software on the internet. A simple Google search reveals the prevalence of websites offering pirated versions of the latest software.
This phenomenon is nearly out of control. Once you throw into the mix the rise of mobile devices and a BYOD culture, the situation is exacerbated.
A decentralised approach to the distribution of software goes beyond the traditional network perimeters.
We are seeing a trend for hackers to try to change the binaries in applications for personal gain or to access corporate data. Software players need to prevent the bypassing of licence management policies and unauthorised access to applications; the copying of applications or application logic and other IP; the modification of applications such as the insertion of malicious code; and ensure the environment in which the software is running has not been compromised.
One approach is to force ISPs to block readily available sites offering illegal versions of software. This move would also reduce the threat to consumers and businesses posed by the increasingly common use of pirated software as a smokescreen to deliver malware.
Although this would potentially have an impact, it is limited in scope and does not address the underlying issue.
Also make sure that the software is harder to crack and tamper with, protecting it at the binary level by embedding a collection of interdependent protection routines.
Licensing and compliance technologies may not have the necessary layer of application security, rendering the licensing and compliance method useless as well as exposing underlying IP.
So software vendors should be looking at tamper resistance and self-defence. If the mechanisms look like normal code and can be embedded directly into the application, and enable the program to defend itself under attack, and have custom responses such as fixing itself if it is modified, then unauthorised functionality changes can be prevented without disrupting further developments.
The software industry is still growing, and with applications and software programs being centred on mobility and the Internet of Things, there are more opportunities for hackers to target distributed software.
It has already been ruled that ISPs need to block sites that sell counterfeit goods; targeting pirated software is just another string to that bow.
Ultimately there is no difference between a counterfeit handbag and a piece of pirated software: both infringe on an organisation's IP for personal or financial gain.
Measures that can be taken by the software vendors and organisations themselves in protecting their software at binary level needs to be supported with backup from the wider community if it is to be successful.
Mark Noctor is director of EMEA sales at Arxan Technologies