Software protection against copying and hacking: basic methods and strategies

Original author: Tim Regas
  • Transfer


According to statistics from the 2018 BSA Global Software Survey study :

  • Unlicensed (pirated) software accounts for 37% of the total amount of software installed on personal PCs around the world.
  • The cost of counterfeit software is estimated at $ 46 billion.
  • Malware, which infects many pirated programs downloaded from third-party sources, costs businesses $ 359 billion a year.
  • Losses from hacking licensed software amount to about $ 600 billion annually.

We all know that among users there are those who honestly buy the program and use it for its intended purpose, and there are those who hack software in one way or another and work with it themselves or sell it.

Skillbox recommends: a two-year practical course, "I am a PRO Web Developer . "

We remind you: for all readers of “Habr” - a discount of 10,000 rubles when registering for any Skillbox course using the “Habr” promo code.
Software developers who create paid products are unlikely to want to spend several years of their lives on a program that they’ll hack and use for free. Reputation losses can also become a problem: for example, when downloading hacked software of a certain company that infects a user's PC with a virus introduced by an attacker, the victim will probably blame the manufacturer and not the cracker.

As for revenues, according to BSA, a business that decides to take the protection of its software products seriously can expect to increase profits by about 11% (however, it is important to understand that this is an average value).

But what can be done to protect your software?


There are many different solutions for licensing and protecting software. Before choosing one for yourself, it is worth answering several important questions.

First, you need to decide what level of protection your particular project may need. Do not shoot from a cannon at sparrows, the choice should be adequate. Many developers make a mistake here using more powerful (and expensive) protection than they really need.

Secondly, you need to ask yourself how much you are willing to spend on defense. The answer can be complicated, therefore, to make the right choice, it is worth analyzing what you might need.

Then, when you decide on everything, you can start choosing protection based on the strategy for using the software product.

Key security features

It all starts with choosing the principle of licensing: you need to choose how they pay for your product. There are many varieties, in general they can be divided into four types:

  • One-time payment. They pay for your software once, after which they can use it for an unlimited time.
  • Functional limitations. Additional features the user can open at an additional cost.
  • Temporary license. You "rent the application out", that is, we are talking about a subscription.
  • Layered. It is a combination of these methods. The user receives a Silver-, Gold- or Platinum-version of the software with appropriate payment.

Once you have decided on a licensing strategy, it's time to start looking for software protection technologies. And here it is worth remembering such nuances as the ability to connect software to the Internet, its specialization, the type of platform for which the software is intended, and so on.

We emphasize once again the importance of choosing adequate protection. If you are going to protect your bike with the method used in Fort Knox, this can hardly be called reasonable. There is an inverse relationship: if you want to protect Fort Knox, do not use a bicycle lock for this, it is useless, hacking is guaranteed. In general, the licensing strategy should be commensurate with the price of the product itself.

Types of protection


As mentioned above, there are various options for protecting software from hacking and copying. These options may vary in cost, level of protection and specialization.

Trust protection. Here you are counting on the fact that users will pay without any problems. One user - one license, eternal. In principle, there are practically no costs on your part. Once the application is compiled, you can start distributing it. But the problem is that if your product becomes popular, then someone will definitely crack it, having started distributing it. In this case, there is no protection against hacking, it is zero.

Offline software protection

It is about protection without an internet connection. Typically, such a scheme is implemented immediately after compiling the program. The most commonly used shell with certain settings. A protected program is not connected for integrity checking to any external servers. In principle, you can bypass such protection without any problems.

Online software protection

Here we are talking about a more serious method - checking the license using the licensing server. In this case, relatively high costs at the beginning and recurring costs later are required. As in the previous version, the shell is used, but licensing parameters are checked and configured online.

If desired, you can add software verification options: how is it used, is there a license or not. If you need a permanent connection to the network, then the product is likely to work not always and not everywhere.

The severity of such protection is between medium and high.

Hardware Protection

One of the most reliable methods that combines the advantages of all other strategies. Licensing is the responsibility of an electronic USB key that does not require a network connection. The price of each key for the developer is low, there are no periodic additional expenses. You can implement it both using the API, and through the shell.

The advantage of this method is that the license can be removed outside the operating system, the key is stored outside the PC. The key is either very difficult or impossible to copy at all. Software that is protected with a hardware key can be used on systems where there is no network connection. This, for example, government facilities or industry. Another plus is that the electronic key does not require different solutions for different software environments, and the licensing options are very flexible.

Solutions based on a hardware key can be deployed in literally minutes, they are supported by almost any version of operating systems.

However, remember that the solution provider (if you cannot create the hardware key yourself) must do everything quickly so that there is no need to wait for a consignment of keys and, accordingly, postpone the start of sales of your software. Also, the supplier must provide a simple and effective solution that is quickly deployed. Of course, you must trust the supplier - otherwise you should not use its services.

It is worth thinking about software protection at the design stage: after a project is partially or fully ready, changing something will not be easy.

Skillbox recommends:


Also popular now: