Why is software still easily pirated and how to solve it?

Introduction

Laymen explanation

If you observed that cracked version of many paid software are available online and in offline market, then you might be thinking, why it is happening. Thinking loud, it can be due to one of two reasons- one, software makers are not trying to secure them OR two, it is very difficult to secure software. Note that even softwares from techie companies(Microsoft, Adobe) are pirated. So, second reason seems more valid. This article helps in this regard.

Technical explanation

It just seems a little hard to believe that with all of our technological advances and the billions of dollars spent on engineering the most unbelievable and mind-blowing software, we still have no other means of protecting against piracy than a "serial number/activation key".

Can there exist a fool-proof and hack-proof method of protecting your software against piracy? If not realistically, how about theoretically possible?

Challenges for copyright protection software

At a fundamental level, a lot of what a computer does works by copying data around. For example, in order to execute a program, the computer has to copy it from the hard drive into memory. But once something has been copied into memory, it can be written from memory onto another location. Bearing in mind that the fundamental premise of "piracy protection" is to make software that cannot be successfully copied, you can begin to see the magnitude of the problem.

Second, the solution to this difficult problem acts directly against the interests of both legitimate users and those who wish to use the software without acquiring it legally. Some of those users will have the technical knowledge needed to analyze compiled code. Now you have a competent adversary actively working against you.

Because this is a difficult problem, and because producing correct software is also inherently difficult, it's very likely that your solution will contain at least one exploitable bug somewhere. For most software, that doesn't matter, but most software isn't under active attack by a determined adversary. The nature of software being what it is, once one exploitable bug is found, it can be used to take control of the entire system and disable it. So in order to produce reliable protection, your solution to the very difficult problem must be perfect or it will be cracked.

The fourth factor is the worldwide Internet. It makes the problem of transmitting information to anyone who's interested trivial. This means that once your imperfect system is cracked once, it's cracked everywhere.

The combination of these four factors means that no imperfect copy-protection system can possibly be safe.

What to do?

Most secure approach

Considering above beautiful reasoning, the only secure method of protecting software is not giving it to the user (e.g. SaaS). One of the very important motivation behind Cloud based SaaS solutions is securing revenue streams.

Alternative approach

In case SaaS is not feasible, When deciding about anti-piracy measures, companies do a cost-benefit analysis. For any given set of measures, if the benefits don't outweigh the costs, the company doesn't do it.

Costs include time and effort to implement, document, support and maintain the measures, and perhaps sales losses if they're really annoying. Generally speaking, there are two kinds of benefits:

Larger profits because people who would have pirated the program bought it instead..

The people who make decisions are happy the program isn't getting pirated.

Microsoft office case study

For some time, MS has been selling a "Home and Student" edition of Office for way cheaper than the "normal" edition for business. It had no copy protection at all! And the "anti-piracy" technology consisted of entering a product key which was then stored in the application folder. But you could run it on as many computers as you wanted simultaneously, and they'd all run fine! In fact, on the Mac, you could drag the application folder across the network to another computer where you'd never done an installation, and because the product key was stored with the application, it ran great.

Why such pathetic anti-piracy technology? Two reasons.

The first is because the added cost of tech support for home users screwing up their installations was just not worth it.

The second is the non-technical anti-piracy measures. MS has a whistle blower program where if you know a company has pirated MS software - like installing 200 copies of the same "Home and Student" Office - you can give them a call. Then MS comes in and audits the company.

So Microsoft doesn't have to use technology to prevent piracy.

Reference

https://softwareengineering.stackexchange.com/questions/46434/how-can-software-be-protected-from-piracy

https://www.microsoft.com/en-us/piracy/default.aspx

https://www.ibm.com/security/secure-engineering/security-piracy.html

https://en.wikipedia.org/wiki/Copy_protection

https://www.utdallas.edu/~muratk/courses/crypto09s_files/modes.pdf