Software protection from copying and hacking: the main methods and strategies

According to statistics from the 2018 BSA Global Software Survey study:

• Unlicensed (pirated) software accounts for 37% of the total software installed on personal computers around the world.
• The cost of counterfeit software is estimated at $ 46 billion.
• Malware, which infected many pirated programs downloaded from third-party sources, cost businesses $ 359 billion a year.
• Losses from hacking licensed software are about $ 600 billion annually.

We all know that among users there are those who honestly buy the program and use it for their intended purpose, and there are also those who hack software in one way or another and work with it on their own or sell it.

Skillbox recommends: a two-year hands-on course “I am a web developer PRO” .

We remind: for all readers of "Habr" - a discount of 10,000 rubles when recording for any Skillbox course on the promotional code "Habr".

Software developers who create paid products are unlikely to want to spend several years of their lives on a program that is immediately hacked and used for free. Reputational losses can also be a problem: for example, when downloading a hacked software of a certain company that infects a user's PC with a virus introduced by an attacker, the victim is likely to blame the manufacturer for the attacker, not a hacker.

As for revenues, according to BSA, a business that decides to take seriously the protection of its software products can expect to increase profits by about 11% (however, it is important to understand that this is an average value).

But what can be done to protect your software?

There are many different solutions for licensing and protecting software. Before you choose one for yourself, you should answer a few important questions.

First, you need to decide on what level of protection your specific project may need. You should not shoot from a cannon on sparrows, the choice should be adequate. Many developers make a mistake here using more powerful (and expensive) protection than they really need.

Secondly, you need to ask yourself how much you are willing to spend on protection. The answer can be difficult, therefore, to make the right choice, it is worth analyzing what you may need.

Then, when you decide on everything, you can begin to choose protection, based on the strategy of using the software product.

Key security features

It all starts with the choice of the principle of licensing: you must choose how to pay for your product. There are many varieties, in general, they can be divided into four types:

• One-time payment. They pay for your software once, after which they can use it indefinitely.
• Functional limitations. Additional features the user can open for an additional fee.
• Temporary license. You are “renting out an app”, that is, it’s about a subscription.
• Layered. It is a combination of the methods mentioned. The user receives a Silver-, Gold- or Platinum-version of the software with the appropriate payment.

Once you have decided on a licensing strategy, it's time to start looking for software protection technologies. And here it is worth remembering such nuances as the ability to connect software to the Internet, its specialization, the type of platform for which the software is intended, and so on.

We emphasize once again the importance of choosing adequate protection. If you are going to protect your bike using the method used at Fort Knox, this is hardly reasonable. There is also an inverse relationship: if you want to protect Fort Knox, do not use a bicycle lock for this, it is useless, hacking is guaranteed. In general, the licensing strategy should match the price of the product itself.

Types of protection

As mentioned above, there are various options for protecting software from hacking and copying. These options may vary in cost, level of protection and specialization.

Protection of "trust." Here you are counting on the fact that users will pay without any problems. One user - one license, eternal. In principle, the cost of your virtually none. Once the application is compiled, you can start distributing it. But the problem is that if your product becomes popular, then someone will just hack it, starting to distribute. There is no protection against hacking in this case, it is zero.

Offline software protection

It is about protection without an internet connection. Such a scheme is usually implemented immediately after the program is compiled. The most commonly used software shell with certain settings. The protected program does not connect to verify the integrity of any external servers. In principle, such protection can be circumvented without any problems.

Online software protection

Here we are talking about a more serious method - license verification using a licensing server. In this case, relatively high costs are required at the beginning and recurring costs later. As in the previous version, the software shell is used, but the licensing parameters are checked and configured online.

If you wish, you can add software verification options: how to use, have a license or not. If a permanent connection to the network is required, then the product will most likely not always and everywhere work.

The severity of this protection is between medium and high.

Hardware protection

One of the most reliable methods that combines the advantages of all other strategies. An electronic USB-key is responsible for licensing, which does not require a network connection. The price of each key for the developer is low, there is no periodic additional expenses. You can implement both using the API, and through the software shell.

The advantage of this method is that the license can be removed outside the operating system, the key is stored outside the PC. The key is either very difficult or impossible to copy at all. Software that is protected with a hardware key can be used on systems where there is no network connection. This, for example, government facilities or industry. Another plus is that the electronic key does not require different solutions for different software environments, and the licensing options are very flexible.

Solutions based on the hardware key can be deployed literally in minutes, they are supported by almost any version of the operating system.

However, remember that the solution provider (if you cannot create the hardware key yourself) must do everything quickly so that it does not become necessary to expect a batch of keys and, accordingly, a shift in the start of sales of your software. Also, the supplier must provide a simple and effective solution that quickly unfolds. Of course, you must trust the supplier - otherwise you should not use his services.

It is worth thinking about software protection at the design stage: after the project is ready partially or completely, it will not be easy to change something.

Skillbox recommends:

• Applied online course "Python Data Analyst" .
  
• Online course "Profession frontend developer" .
• Practical annual course "PHP developer from 0 to PRO" .