Metaforic crosses swords with software pirates

Metaforic crosses swords with software pirates

Tags:    application security   Business Software Alliance   IDC   MetaFortress   Microsoft Office   pirated software   secure software development

By Neil Roiter, Senior Technology Editor, Information Security magazine | Nov 16, 2008

The market for pirated software is enormous, so it's no surprise that there's a growing market for antipiracy/antitampering software in response. Glasgow, Scotland-based Metaforic Ltd., the newest vendor in what analysts have dubbed the application hardening market, debuted its MetaFortress product in April and announced its entry in North America this week.

IDC and the Business Software Alliance estimate that a third of the global software market is for pirated copies -- tens of billions of dollars, mostly in Russia, China and Vietnam. The theft runs the gamut from games and standard business applications, such as Microsoft Office, to high-end specialty code worth hundreds of thousands of dollars that businesses in emerging markets can purchase for a fraction of their legitimate price.

Software crackers may reverse-engineer the code or simply break the licensing protection, the low hanging fruit in many cases.

MetaFortress runs an analyzer on code to determine where and how to insert protections and then embeds the protections in the program at compile time. Like other products in this space, this approach allows organizations to separate antitampering measures from the development process if they choose, which will improve efficiency and sidestep messy turf battles within an organization.

Chief competitors in this space are Arxan Technologies Inc., Cloakware Corp., PreEmptive Solutions LLC and V.i. Laboratories Inc. They use a variety of sophisticated obfuscation techniques well beyond standard obfuscation inserted by developers, and dynamic encryption methods far stronger than the usual encryption "wrappers" that can be cracked by capturing and decompiling code at run-time.

SearchSecurity radio:

MetaFortress' differentiators in the market are ease of deployment and the ability to debug code after the solution has been applied, said Andrew McLennan, CEO at Metaforic The latter is an important tool to help certify compliance for software interoperability.

"With debugging, you can disprove that security has any influence on or is interfering with the software; it's a comfort for the customer." McLennan said. "You can continue to pass unit tests or integration compliance regimes that all large software vendors run on their applications."

McLennan said this will be especially valuable with virtualization software and for Windows.

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Comments

Comments

There needs to be a huge

Submitted by SEO Services on 21 March 2009 - 12:52am.

There needs to be a huge effort to eradicate all pirates. Otherwise the software industry would be throughly destroyed by the pirates, especially in this economic downturn.

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
 
 
 
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.