P R OT E C T I O N
How Secure Do You Want Your
Application To Be?
“Anything executed on a computer can be monitored by hackers. They can understand and bypass security mechanisms just as
easily as regular code.” This might be true, but what does it mean for software developers?
Three options exist:
■ ■ You cannot see a point in all of this and do
not use any copy protections or licensing.
■ ■ Hackers can understand how your soft-
ware operates, but you are using Code-
Meter to make hacking the software as
labor-intensive as writing it from scratch.
■ ■ You move essential code into a CmDongle
for execution far from the prying eyes of
would-be hackers.
The Ostrich Stratagem
The first and certainly worst scenario is to
forego any copy protection or licensing. The
old story that “Microsoft became big because
of piracy” is not only misleading – it is plainly
false: Much of the success of Microsoft was
due to the bundling of its operating system
with IBM personal computers. The nature of
the market at the time also played its part,
as many of the operating systems had a
reputation for being complex and hard to use.
Market reach and popularity came first, piracy
came second. Security mechanisms have been
improving over the years. Activations with au-
thentication and serial numbers stored in the
BIOS are just one example of a whole gamut
of techniques and approaches.
For small and medium enterprises, a “head in
10
the sand” strategy could potentially threaten
their very survival. Studies and surveys have
shown that the greatest losses are caused by
ignorance of licensing terms or unintentional
license violations. This goes primarily for busi-
ness software in commercial use in Europe and
North America. With the countless licensing
models in the market, it is hardly surprising
that administrators get confused and believe
they have more licenses than they actually
paid for. Simple technical countermeasures
are enough in these instances to protect the
legitimate monetization of the software.
The Hacker Pyramid
The hacking scene seems to be made up of
four types: script kiddies, leisure-time hackers,
professional hackers, and the all-stars. The first
lot might know how to google and find either
hacking instructions or ready-made hacks, but
the professionals and the stars of the scene
are the ones doing the damage and earning
an illicit living by selling their hacks. They are
motivated by simple profit: Which hacks can I
sell most often, at the highest price, and with
the least effort? It seems like the story of the
two hikers and the bear. Both are caught off
guard by the bear and take off running. As one
hiker stops to put his running shoes on, the
other scoffs: “They won’t make you faster than
the bear.“ Says the other: “They don’t have to.
They just have to make me faster than you.”
The same applies to software protection. It
does not have to be perfect and unassailable.
It has to be appropriate for the value and
appeal of the software, and it has to be – only
just – better than the standard protection.
With CodeMeter, this is already guaranteed by
using AxProtector.
Better Safe than Sorry
The second strategy relies around making the
hackers’ job as hard as possible. It should be
impossible for them to automate their shady
work, and knowing one crack should not help
them with finding another crack.
As software developers, you can now benefit
from the complexity of your software. Hackers
might be able to analyze anything executed
on a CPU, but first they need to be able to
execute. With typical business applications,
users will only ever use between 10 and 20%
of the functions. Only a fraction of the code
is actually executed. This makes it harder
for hackers to monitor the code in action.
They need to find a strategy to execute the
entire code completely. Whoever manages to
complete that task would become the king of