Cyber Security
Adopting “Ring of Defense” licensing strategy to reduce hacker theft By Steve Beards VP APAC and Japan, Flexera Software
A
ccording to a study from IDC and Flexera Software, a significant proportion of software companies feel their licensing and pricing strategies are not effective in capturing the real value their software provides. As a result, their bottom line is suffering, and increasingly they’re subject to software piracy. While automated software licensing tools exists to ensure vendors receive adequate compensation for their products, many are yet to employ this technology. The consequences of falling behind in software licensing are abundantly clear. The amount of revenue illegally being siphoned away from software companies due to unauthorised software use is staggering. A recent BSA Global Software survey notes that 43 percent of the software installed on PCs around the world, totalling more than $62 billion in value, was not properly licensed. This, combined with evermore sophisticated and relentless hackers is leaving software companies who fail to implement the latest security measures, very vulnerable. Gaps in Traditional Hacker Protection As a result of revenue leakage from hackers, software companies are re-assessing their traditional licensing
32 | Australian Security Magazine
security approaches and noting gaps that must be closed. One area of particular vulnerability in software protection is the binary attack. This is a term used to describe how hackers inject malicious code into the application to circumvent licensing. A binary attack can occur in disk with a disassembler or in memory while an application is running. The hacker typically applies a patch that changes the application storage location and its behavior. The code requiring license validation before performing an action is modified, so the application doesn’t check for licenses or, even worse, it looks for the hacker’s licenses. Typical approaches to fighting these hacker modifications include encrypt ion, dongle protection, secure boots, and more. While effective in less sophisticated times or in only certain specific situations, gaps exist which can expose software companies to hacker risk: • Encryption gap: Offers only one level of protect ion. Hackers can find the decryption keys hidden in the application, which then removes all protection. There’s also a rework impact of the encryption gap, as software companies then have to rewrite application code when protect ion is compromised. Finally, encryption can significantly impact performance.