Resources Profile - BUMshells

Example 1: Microsoft As I mentioned previously, Microsoft has introduced hardware locking in Windows XP and other software. Microsoft calls this activation. Activation locks the software to your computer. You cannot install it to a new computer, or even make too many changes to your computer without disabling the software. Microsoft realized that their bigger customers would not tolerate this treatment and thus excluded activation from the corporate edition. Microsoft felt that it was permissible to inflict such a draconian solution on their individual and small business customers however. Activation can hit mistakenly as well, even though nothing has changed. There are several well documented cases of this. Because many users refuse to submit to such treatment, special editions of Microsoft's software have been created by pirates that do not require activation. But, it's not only the pirates that are using these editions. I know of many people who have legitimately purchased or bundled copies of Windows XP, but who have not installed or have installed over top with a pirated un-activated version. Since they already have a licensed copy, Microsoft has not lost the money to these individuals. However, what these individuals have done is still illegal in most countries. But by creating the need for such cracked versions, Microsoft has made their software available to an even wider audience. In short, the end result of Microsoft's anti-piracy move is: 1. It has created more pirates. People who otherwise would not engage in piracy feel forced to become "weekend pirates" just to use software they legitimately own. 2. It created the "need" for a pirate version. Since pirate versions exist, their anti-piracy implementation has been rendered ineffective. 3. It affected customers. Such a move inconvenienced customers, and turned Microsoft's customers further against them. Customers will also consider the competition more seriously.
Example 2: Record Companies Another example of creating pirates is Napster and the record companies. The record companies may not have created Napster, but they made it what it was. Users want digital content of their music. Users also want to purchase single tracks without the need to purchase a complete album. By not recognizing this fact, the record companies "pushed" people into the black market. Please note before I proceed, that again I am not endorsing Napster, or its users. I am pointing out that being blind does not make things disappear, and often fuels the fire instead. Instead of offering what customers wanted, they turned a blind eye. What the record companies should have done is listen to the needs of the market and adapt by offering music singles for purchase and download at an affordable cost. If such a thing had been offered early on, Napster would have still existed. However, it would not have grown to the size it did, and many users would have used their service instead. Personally, if single song tracks were offered at rates from $0.25 (old songs) to $3, I would easily use such a service to legally obtain the music I want. For those with voracious appetites, bulk discounts or subscription plans could be offered. The record companies would have higher profit on such songs because there is no overhead for CD production and shipping. Only negligible overhead associated with bandwidth. But users had no way to give the record companies what they wanted (money) without purchasing whole albums. Many users did not see it reasonable to spend $20 for an album to obtain a single song, and instead turned to Napster. Record companies countered with the fact that if they provided such a solution, users would share the files. How is that any different than what users were already doing? Offering a paid solution for customers could not and would not increase song sharing that was already rampant. When a plague exists, you do not hold back the antidote because there might be some recipients with negative reactions.

Introduction

As software developers, piracy is something that affects us all. If you are a software developer who works for a big company, you likely do not see it directly. But you still have an interest in who is using your company's software. If you are in a small company or are a developer who sells software, piracy hits a lot closer to home.

However, the conventional wisdom, which often equates to the "knee jerk" reaction, is not the proper one.

Emotions and Pride

Developers have a large amount of pride in their products. Some have egos as well - but that is another subject. :)

Because of this, when developers find their product is being pirated, they react emotionally. "Those stinking pirates! They are stealing my software! I will stop them!". An emotional response is the wrong one - the situation must be evaluated logically. Break it down to a dollar figure, and forget the emotions.

If you want to react emotionally, think about it this way. Pirates only take the time to crack software that is in demand. If your software has been pirated, it's a compliment and an indicator of your software's success.

Pirates work on egos too. Pirates often crack software to show their peers (other pirates) how talented they are. We show other developers our talent by writing software, they show theirs by cracking it. Pirates are more like us than we would like to admit. It is the thrill of the chase.

Show Me the Money

A developer once called me after he found his software on a warez site. He was frantic, and had all kinds of schemes dreamed up to prevent it. We talked about it for a while. I let him talk it out for a bit then I asked him, "So how long do you think it will take you to implement these safe guards?". "I think I can do it in 4 weeks", he replied.

4 weeks. Think about this. Most professional developers' time is worth at least $50 per hour. This developer I know works about 70 hours a week. Furthermore, I knew this developer's estimates are not accurate (like most developers). So, let's factor in the standard fudge factor of at least 2. This makes it 70 (hours per week) x 2 (fudge factor) x 4 (original estimate) x 50 ($ per hour) = $28,000.

$28,000 is a lot of product! Let's assume your product is a higher end product and sells for $500. That's 56 products. Which is more productive - trying to sell 56 more products - or preventing 56 losses?

A Little Piracy Can Be Good Now and Then

I am not endorsing piracy, or telling anyone that they should pirate software. So, please do not take what I have said out of context and run around saying "But Kudzu said I can pirate!". But a little piracy is a good thing, pirates spread the word about your product.

Many pirates become consultants later for corporations. And most corporations are not pirates, they have too much at risk. When they work for these corporations, they make the recommendations, and the corporations become your customers.

One reader posted a reply that he would rather the pirates use his software than his competitors. He said later they might have money and buy it. This is very true, not all pirates are financially deprived forever and only engage in piracy while it is "financially necessary" to do so. Please note that when I say "financially necessary", I am speaking about their rationalization of the situation - not mine.

If the people that are pirating your software will not buy it anyway, why not let them have it? Does it cost you anything? No, only if you consider it a lost sale. But considering an individual in Siberia or Africa as a potential paying customer, is not sound marketing. Yes, some corporations will buy your product if it is too difficult to obtain a warez copy. But an individual making $100 a month, and using it at home, will never buy your product unless it goes on the dinner table.

I am not recommending that you encourage piracy as your latest marketing technique. However, it is good to know that there are at least some benefits that may be reaped from the piracy that you cannot prevent. If you have lemons, make lemonade. But I am not proposing you become a lemon farmer.

Financial Incentives

Your financial incentive is to sell your product. While some pirates make money by selling your software at $1 a piece, most pirate it for peer recognition, trading abilities, or for use. The ones that pirate it at $1 a piece do not make very much at it because of the overhead of distribution, CD copying, etc. Thus, the pirates make nothing, and have no financial incentive for their efforts.

Your motivations are not the same as theirs, and you cannot approach the problem from the same angle. When you speak of bread, you mean money. When many of the pirates speak of bread, they really mean it.

Your Software Will *NEVER* be Pirate Proof

There is a saying, (referring to houses) "Locks keep honest people honest". Criminals will just bust the door down. The same is true of software. Make it reasonably difficult, you will never succeed in building a burglar proof house, and you will never succeed in producing pirate proof software.

Microsoft spends more on anti piracy measures than most of us will ever earn in our lives, and their products are pirated more than any other software. You may be smart, but so are many of the high paid brains at Microsoft.

Impact on YOUR Customers

Some developers are so pirate crazy they implement hardware locks, dongles, impossible to enter keys, registrations, and other crazy schemes. Each of the schemes I cited has an impact on your paying customers. This is bad. When you make it harder for your customers, you increase technical support, their dissatisfaction with your product, and more. Many of these will also cause customers not to buy your product because of concerns of transferring it to new computers, etc. So, in preventing piracy, you are pushing away paying customers. You gain nothing by preventing the pirate from using your software, but you lose because paying customers are not buying your product. Is it worth killing a paying customer for every pirate you prevent?

Release Often

If you have a strong enough protection scheme, pirates will have to resort to cracks. This is a good thing. Easy ways to pirate are using key generators or shared keys. If they cannot use these, they will crack your software. You can make it difficult to crack your software, but you will not make it impossible.

However, cracks take time, and if your code is structured properly they will have to crack each version. If you release often, the pirates will soon get tired of cracking all the latest updates, and the pirate copies will be older versions.

Goals of Piracy Prevention

While it may seem like I am suggesting you allow a free for all on your product, I am not. Let me summarize what you should be doing to limit piracy:

1. Take reasonable steps to prevent piracy. Implement prudent, and non-invasive solutions to "keep the honest people honest".
2. Follow the money. Forget those without money. If they do not have money, they will not buy your product.
3. Forget your elaborate anti-piracy schemes. Stick to something simple, un-intrusive and reasonably effective.
4. Sell more than software. Provide your purchased users with private authenticated support and other options that cannot be pirated.

DO's of Piracy Protection

1. Track your keys. This will prevent widespread key sharing because you can track them. Make your users well aware that keys are trackable to them, and they will be less likely to share them.
2. Use strong keys. If you use weak keys, the pirates will generate key generators and make their own keys.
3. Use asymmetric encryption. If you use symmetric encryption, the pirates have your key and can make keys as well.
4. Change your license logic. Change the procedure names and logic of your licensing code frequently to prevent routine cracking.
5. Never release debug builds to the public. Debug builds contain tons of information in your program to assist pirates.
6. Release often. Keep the crackers busy, and make their return on investment a negative value.
7. Protect your executable. While there are many such utilities, and none are crack proof, ASProtect is a nice affordable one. The developer even provides custom builds upon request.