Who is Responsible for Software Piracy?
 |
Software Piracy is far more prevalent than many would accept and want to admit. There are many published surveys and statistics that show figures like 1 in 3 or higher (some are now saying 40% see - New Economic Impact Study Details Benefits of Strong Copyright Protection ) being the illegal rate of software usage. The reality is that these figures are only industry "estimates". The fact is they are more than likely much higher than 40% as there is no way to accurately determine the true rate of illegal usage.
More importantly, despite what Microsoft and other software vendors like to think, there is no 100% secure method to control pirated software and this is the key subject matter for the first of 2 articles which identifies the key players in spreading software piracy.
A common view within the industry and across many organizations is, "It's OK to have free software, everyone else is doing it, and besides Micro$oft is wealthy and they won't even know......... and how will they find out......" (The underground and some within the IT industry often refer to Microsoft Corporation by insertion of a "$" for the "s" to signify them.)
Illegal software is freely available and readily accessible in many forms: on CDs, both home-recorded and mass-produced, and across the Internet and most recently from being snaffled through Snagster (came after Napster), Gnutella etc and other Peer-To-Peer (P2P) systems that utilise open shares on PC based systems. Port scanners have long been the source of intrusion and it is now possible to lift off files from your PC from under your nose and also extract data from your systems whilst ports are open and connections are not being monitored.
For many businesses and organizations Software auditing is often so low down the priority chain (despite the knowledge of the impact of the Anti-Piracy "Police" agencies [vendor organization groups such as BSA,SIIA,CAST, FAST, BSAA etc] that software auditing and compliance is continually put off, to be done another day or has to be restarted again thus increasing the risk to senior management and stakeholders.
|
You don't think software piracy is worth worrying about? Have a coffee, sit back and relax and read the review of the Video "It Could Have Been So Easy at http://www.cse.nd.edu/~kwb/nsf-ufe/video7-bowyer.html then go and spend $US20 and buy the videow at http://spa.org/estore/10browse.asp?Category=Anti-piracy It is provided by the Software and Information Industry Association web site link at http://www.siia.net/piracy/default.asp In the meantime read the rest of the article! |
VIEWPOINT In our view software audits can be a significant waste of time, money and effort whilst the major players (Microsoft etc) in the software industry adopt "a head in the sand attitude" to the key issues. see http://www.pcprofile.com/viewpoint.htm
So then, Who is Responsible for Software Piracy?
There are a number of key groups.
In the first instance, Microsoft are primarily responsible!
Why do we make the claim that Microsoft is primarily responsible for Software Piracy?
We maintain that through the lack of preventative measures embedded within the Microsoft operating system it is very easy for anyone to pirate their software. Every time that Microsoft comes up with technique to use registration codes or activation codes the details are either leaked direct to the Internet and underground at large or are cracked by the underground community that delights in making their (Microsoft) software available to all and sundry, who know how to search and locate what they want from the Internet.
In early April 2003 a significant bit of news surfaced as marked below **** which indicates that the new Microsoft Windows Server 2003 has had its registration/authentication codes submitted freely onto the Internet for anyone who can get their hands on to it. The underground regularly takes great delight in offering these "keys; and authentication codes to anyone for either free or for a small fee being a fraction of the price of the real software licence fee.
| **** Windows code leak threatens mass piracy By Joe Wilcox, Special to ZDNet 08 April 2003 http://www.zdnetindia.com/news/international/stories/79431.html A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet, a loss that could lead to rampant piracy of the software. Copyright © 2003 CNET Networks, Inc. All rights reserved. ZDNet is a registered service mark of CNET Networks, Inc. ZDNet Logo is service mark of CNET Networks, Inc. and other details are located at http://www.the-scream.co.uk/forums/t8315.html See an example of pirated/leaked product keys (not Win 2003!) |
Microsoft has always had the means (but has failed to deliver on the design concept) of utilising a simple electronic configuration control methodology. Microsoft can prevent and minimise the capability of anyone to install pirated software within an organization on to PC based systems by adopting a commonsense approach using software control techniques embedded within the system to effectively deliver an anti-piracy method which enables any end-user organization to control their own destiny and minimise the risk of getting caught with illegal software. (They do have "a physical identification method - but this is only part of the answer see Microsoft's piracy page and Microsoft How to Tell)
Why aren't these electronic anti-piracy techniques included yet, by Microsoft? The "technology spin doctors" within Microsoft just don't seem to understand the issues that large, medium and small organizations face when it comes to managing the desktop.
"To combat and overcome both illegal and unauthorised software in organizations you need much more than a technology based solution to what is really a PEOPLE based problem!"
If Microsoft's operating systems had the means to detect installations of any software to PC based systems above an agreed baseline configuration utilising a simple software control methodology in a manner that shifted the responsibility for managing the effort in-house then the amount and rate of piracy occurring within organizations would decrease, and would decrease very rapidly when coupled with self-governance rules that are becoming more in-focus for corporations and stakeholders.
Instead, Microsoft's technology spin doctors have been focused on a marketing model based on authentication and registration codes for the operating system and its products in conjunction with punishment where license counts don't match on investigation. Microsoft backs this inward-looking strategy up with the policeman approach of punishment by using reward schemes to trap organizations who are caught out with illegal software and sends regular letters of bluff to many large companies to coerce the organization to self audit and come clean.
"Back to base authentication" will always present problems for organizations see http://windows.about.com/cs/productactivation/ (primarily due to security concerns) in terms of web based access to systems hence the method of authentication does not favour the end-user client-side organization and only satisfies Microsoft marketing strategy. This is a "one-way benefit approach" that ONLY benefits Microsoft, assuming the organization complies.
Microsoft has attempted, and continues to attempt to stem piracy by using authentication and activation code measures which require entering a user code called a registration, or authorisation/activation code key and this has been the source of probably the most common and largest amount of pirated software available.
Why? You can readily find registration codes/authentication/activation codes and keys, including key code generation tools that emulate the algorithms used, and other hacks and cracks (sometimes called hackz and crackz) that will enable you to open up and access almost any, if not all versions of Microsoft software on the market.
Digital Rights Management (DRMA) presents a new spectre with authentication codes being used to manage content and other licensing mechanisms, however history has shown so far (and is likely to repeat itself again) that once these codes become "known to the market", the underground will devise ways to ensure they are leaked in the same manner as the codes for Windows Server 2003. See also http://www.computerworld.com/softwaretopics/os/story/0,10801,70294,00.html
If Microsoft had a set of code embedded within the core of all their operating systems that captured details about what software was being installed and gave the end -user organization the means to control and monitor installations then this would clearly help the end user organization and lower the rate of piracy within organizations. Corporate governance rules that apply to management, directors, stakeholders, accountants, IT professionals and company secretaries etc would mandate that the accountability rests within the organization. For an organization to be accountable they need the capability to manage the situation effectively. The most effective method is to embed anti-piracy techniques within the operating system permanently as a configuration control method of anti-piracy protection.
Microsoft, (and all the other software vendors) have been focusing on "playing policeman and catching out miscreant" organizations who get caught with illegal software. What needs to happen is for Microsoft to provide the tools that will allow an organization to self-manage as an integral part of the operating system installations of software. Benefits of adopting this approach are far more wide-reaching than any attempts to stick with activation codes and policeman style tactics. These benefits then flow 2way instead of just to Microsoft!
Customer Benefits (the 2nd part of the 2 way benefit cycle) that flow from this approach are;
Here is a recent end-user customer comment;
"We have just recently purchased a set of new notebook PCs with legally acquired licences for XP Professional and a range of Microsoft Office Professional software all covered by an official vendor invoice for the entire delivery. Frankly after the experiences with the activation code process, we are not surprised that organizations find it so hard to do business. Even when you buy legal versions at the outset Microsoft INSISTS (with the activation code technique) for you to log on to the Internet and REGISTER with their site "to release" the activation code. Sound simple? Well, in principle it is, BUT if you run a business and have to repeat the exercise from a remote location that has slow dial in lines or you have 500 PC's to rollout in the same manner, then the issue no longer is non-trivial. We can understand why organizations seek ways to get around the activation code process by seeking hacks and use cracked codes off the Internet that can be readily deployed without dial in and configuration issues. This is no way to continue for the end user site".
Who says Activation doesn't work? http://support.microsoft.com/?id=818798 provides support for the following ACTIVATION GLITCH - On April 15, 2003, some Office 2000 users were prompted to re-register Office - although they had already registered Office and/or they were running volume licensing versions of Office 2000 that don't require registration.
In some cases, the registered systems reverted to "50 starts and the system is locked down as its not registered" -ie; they could start the various Office programs up to fifty times before Office locked itself down to a read-only version even though it had been already paid for by the end-user and registered. This is a CONFIRMED bug in Office 2000's Registration Wizard. Se web link above for the fix. It's not as easy as it looks and will take some effort to overcome! NOTE: Think of the costs you have incurred by re-imaging a site with 1,000 PC based systems when you look at how complicated the fix offered by Microsoft is and what disruption it will have caused to your organization! You have no rights of recourse to liquidated damages for lost time and disruption as stated in your license agreement!
Microsoft IS RESPONSIBLE for software piracy,
Microsoft needs to get smarter and make sure that the onus is shifted to the end user site for management of their own systems using self-governance and the ONLY way to do this is to embed an anti-piracy technique within Microsoft software so that sites can self-manage, legally and professionally without the ongoing trauma of product activation.
Microsoft IS RESPONSIBLE for software piracy, by failing to prevent piracy from within the operating system and for other reasons such as confusing and ever changing EULA's.
Microsoft needs to get over the marketing hype of product activation and get back to basics so we can all run our businesses effectively and efficiently.
Microsoft needs to empower organizations (the end user customers of Microsoft) to self manage the process and control it within their own self-governance rules area rather than for Microsoft to rely solely on the activation code process, (and playing policeman) which adds NO VALUE to the end user customer but satisfies the Microsoft marketing model.
Microsoft also needs to simply the end user licence situation further and make the details more readily available with less frequent changes.
Microsoft IS RESPONSIBLE for software piracy, by failing to prevent piracy from within the operating system AND they need to FIX this issue before too much longer before they are overrun by the ground swell to Open Source that is becoming increasingly attractive to organizations as it is based on "free" software principles. (Although this is a fallacy and we will address the "free aspects of Open Source" later in a separate article.)
In the second part of this article "Who is Responsible for Software Piracy?" "(now published at http://www.pcprofile.com/who_is_responsible_for_software_piracy_2.htm May 2003) we address the remaining key groups responsible for the rampant spread of software piracy.
SOFTWARE AUDITS ARE NOT YOUR CORE BUSINESS ACTIVITY!
Software Compliance Audits for many businesses and organizations are so low down the priority chain (despite the knowledge of the impact of the Anti-Piracy Police agencies [BSA,SIIA,CAST, FAST, BSAA etc] that the software audit is continually put off, thus increasing the risk to senior management and stakeholders.
The MOST significant issue (and the most common reason for the low priority activity) is that software compliance is NOT the core business
activity of the entity and the money spent (as an overhead cost) on traditional auditing techniques is ALMOST TOTALLY WASTED.
This is no way to run your business entity, when the money could be far better spent on core business activities such as customer service, marketing, product
development etc!
"To combat and overcome both illegal and unauthorised software in organizations
you need much more than a technology based solution to what is
really a PEOPLE based problem!"
TAKE SOFTWARE COMPLIANCE SERIOUSLY!
FORCE a SEA-CHANGE in end-user attitudes by managing Software Compliance by keeping the level of effort FOCUSED at the end-user level and this
will lower the cost of ownership.
Having a Software Asset Control system in place within your organization enables both you and your staff
to get on with your CORE business activity - which we know is NOT conducting
software compliance audits!
You can Manage software compliance by keeping the level of effort down and
reduce risk! There is s simple approach that can help you achieve this! How?
|
OTHER RELATED STORIES
What has Software Licensing got to with SOX (Sarbanes Oxley) http://www.zdnetasia.com/news/software/0,39044164,39277303,00.htm
Ensuring License Compliance http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=5660
TOP SOFTWARE ENFORCER TALKS TOUGH http://news.bbc.co.uk/1/hi/technology/4350958.stm
BUSINESSES UNITE TO FIGHT PIRACY http://news.bbc.co.uk/1/hi/business/4307498.stm
SOFTWARE PIRACY SEEN AS NORMAL http://news.bbc.co.uk/1/hi/technology/4122624.stm
Software-compliance Audits Reduce Piracy Exposure
Home | Site Map | About Us | Contact Details
