In this chapter, we explore reasons for licensing your software applications. After reading this chapter, you should better understand some of the risks to your software applications.
The "cooler" or inherently useful your software is, the more likely it is to be pirated. The following lists show frequently pirated software that illustrates this point.
Due to the power and "cool" factor of Rich Internet Applications developed in Flex and AIR, they are prime targets for piracy.
Also notice that some very expensive software made this list like the Adobe suite of products and AutoCAD. High initial price can be a determining factor in whether software is pirated or not. We'll look at the ramifications and solutions for this later in the chapter on Software as a Service.
Most piracy happens after the sale. This can take the form of one co-worker sharing software with another, or even taking software for use on a home computer. By implementing a licensing solution, you maintain visibility into Who, What, When, Where, and How Much your software is being used.
Knowledge of what is happening with your users can also save your company money. Sales people often waste countless hours calling existing customers who don't need to be contacted. By using Nitro-LM Notifications, Sales people can target their customer touch-points to only those times when the customer needs attention. Sales people are then freed up to focus on new business and opportunities.
Many modern languages such as Java, .NET, and Adobe Flex/AIR are based on the idea of a virtual machine. In traditional languages such as C++, the code written by a programmer is compiled into machine code. This machine code is specific to the type of hardware the application will be run on. The process of compiling to machine code is virtually irreversible.
Languages based on virtual machines however, are susceptible to de-compiling. In a virtual-machine language, a virtual machine (Java Virtual Machine, FlashPlayer, .NET runtime) is first installed on the computer in order to run ByteCode. This gives these virtual machine-based languages their platform independence. Adobe, Sun, and Microsoft would only need to port each of their runtimes to different computing platforms and then everyone's ByteCode-based applications would in theory, still run the same.
Compiling to ByteCode and targeting a virtual machine or runtime does come with the drawback of being more easily de-compiled. Some ByteCode compilers do a better job than others of obfuscating (scrambling) the ByteCode. The Flex/AIR compiler mxmlc does a particularly poor job of obfuscation. This has more to do with the environment where FlashPlayer began (web-based animations requiring little or no security) than any particular oversight on Adobe's part. Regardless of how Adobe got there, they now find themselves in a position where the FlashPlayer runtime can't do a good job of securing the full-blown Rich Internet Applications that now run on top of it.
By de-compiling code, a hacker can get at valuable information about your product such as resources, database and server locations, and even proprietary knowledge, techniques, and algorithms used in your application. A Nitro-LM solution for the problem of de-compiling Flex and AIR applications will be discussed in the later chapter Encryption vs. Obfuscation.
Another risk to your software application from Hackers is using the common licensing solution of license keys. A license key solution is based on an algorithm that generates a set of potential keys that will then "unlock" software when used by a customer. The problem with this solution is that a hacker can crack the code used to generate license keys. Keys can also be easily shared, and "clock games" can be played to keep software active after a key's expiration. Virtualization software can be used to copy an image of a whole operating system containing licensed software from one machine to another. Key-based solutions do give some measure of security, but as a whole, represent a loss of control after the sale.