Why License?


In this chapter, we explore reasons for licensing your software applications. After reading this chapter, you should better understand some of the risks to your software applications.


The main reason software development organizations look into licensing solutions is due to software piracy. It's a known fact, that revenue that would have been gained through software sales can walk right out the door if you have no licensing solution, or have a poorly implemented licensing solution.

The "cooler" your software is...

The "cooler" or inherently useful your software is, the more likely it is to be pirated. The following lists show frequently pirated software that illustrates this point.

2007 Software Titles Most Frequently Pirated By Companies
1. Symantec Norton Anti-Virus
2. Adobe Acrobat
3. Symantec PC Anywhere
4. Adobe PhotoShop
5. Autodesk AutoCAD
6. Adobe DreamWeaver
7. Roxio Easy CD/DVD Creator
8. Roxio Toast Titanium
9. Ipswitch WS_FTP
10. Nero Ultra Edition
2007 Software Titles Most Frequently Pirated on the Internet
1. McAfee VirusScan
2. Symantec Norton Anti-Virus
3. McAfee Internet Security Suite
4. Intuit TurboTax
5. Adobe Photoshop
6. Adobe Acrobat
7. Intuit Quicken Home and Business
8. Symantec Norton pcAnywhere
9. Symantec Norton Ghost
10. Adobe Creative Suite

Due to the power and "cool" factor of Rich Internet Applications developed in Flex and AIR, they are prime targets for piracy.

Also notice that some very expensive software made this list like the Adobe suite of products and AutoCAD. High initial price can be a determining factor in whether software is pirated or not. We'll look at the ramifications and solutions for this later in the chapter on Software as a Service.

Knowledge is Power

Most piracy happens after the sale. This can take the form of one co-worker sharing software with another, or even taking software for use on a home computer. By implementing a licensing solution, you maintain visibility into Who, What, When, Where, and How Much your software is being used.

Knowledge of what is happening with your users can also save your company money. Sales people often waste countless hours calling existing customers who don't need to be contacted. By using Nitro-LM Notifications, Sales people can target their customer touch-points to only those times when the customer needs attention. Sales people are then freed up to focus on new business and opportunities.

Hackers Exist

Many modern languages such as Java, .NET, and Adobe Flex/AIR are based on the idea of a virtual machine. In traditional languages such as C++, the code written by a programmer is compiled into machine code. This machine code is specific to the type of hardware the application will be run on. The process of compiling to machine code is virtually irreversible.

Languages based on virtual machines however, are susceptible to de-compiling. In a virtual-machine language, a virtual machine (Java Virtual Machine, FlashPlayer, .NET runtime) is first installed on the computer in order to run ByteCode. This gives these virtual machine-based languages their platform independence. Adobe, Sun, and Microsoft would only need to port each of their runtimes to different computing platforms and then everyone's ByteCode-based applications would in theory, still run the same.

Compiling to ByteCode and targeting a virtual machine or runtime does come with the drawback of being more easily de-compiled. Some ByteCode compilers do a better job than others of obfuscating (scrambling) the ByteCode. The Flex/AIR compiler mxmlc does a particularly poor job of obfuscation. This has more to do with the environment where FlashPlayer began (web-based animations requiring little or no security) than any particular oversight on Adobe's part. Regardless of how Adobe got there, they now find themselves in a position where the FlashPlayer runtime can't do a good job of securing the full-blown Rich Internet Applications that now run on top of it.

By de-compiling code, a hacker can get at valuable information about your product such as resources, database and server locations, and even proprietary knowledge, techniques, and algorithms used in your application. A Nitro-LM solution for the problem of de-compiling Flex and AIR applications will be discussed in the later chapter Encryption vs. Obfuscation.

Another risk to your software application from Hackers is using the common licensing solution of license keys. A license key solution is based on an algorithm that generates a set of potential keys that will then "unlock" software when used by a customer. The problem with this solution is that a hacker can crack the code used to generate license keys. Keys can also be easily shared, and "clock games" can be played to keep software active after a key's expiration. Virtualization software can be used to copy an image of a whole operating system containing licensed software from one machine to another. Key-based solutions do give some measure of security, but as a whole, represent a loss of control after the sale.