Piracy is a long-standing issue for most, if not all, software publishers. Way back in 1976, when computers were solely the domain of businesses and hardcore hobbyists, a young Bill Gates railed against people stealing Altair BASIC, software he had written with Paul Allen and Monte Davidoff. (The letter in full can be found here.)
In those days protection mechanisms were unheard of. There were no holographic install media or licensing validation servers. Copying a program was as simple as copying the contents of one floppy disk to another. In this piece I’d like to discuss software piracy not as a moral or legal matter but simply as a security issue and as a complicating factor when working on a client’s system.
When written, computer code is simply text that defines a list of actions to be performed. If you are familiar with the programming language it is possible to read the text and follow how it works (the flow of execution) in your head. In this form it is called source code. In order for the program to run it must be converted into a form that the computer can work with: commonly termed a binary.
In open source programs, both source code and binary are available to download. Those with the relevant skill can read and modify the code. Proprietary programs however are closed source: the binary, in the form of an executable file (MyAmazingProgram.EXE) is available but the text files of readable computer code are not.
Without source code, every time you install a piece of software, you trust that the authors have not included any malicious code. In open source systems, the non-technical rely on those higher-mortals who can read the code to do so and spot nay nefarious activities. For the more paranoid users however, binaries are anathema: the only way they will install programs is by downloading the source code and compiling the executable binary themselves.
Closed source systems have normalised the idea that end users should not know what they are installing beyond its name and the publisher’s description of what it does. This has helped to prepare the ground for two forms of piracy in particular, the cracked .exe file and the key generator.
The major forms of bypassing validation are:
- Volume Licensing Key
This is where a large corporation buys a large number of licenses for a particular piece of software but the key is released to the public. One particular instance which comes to mind is the Windows XP VLK which was compromised and widely distributed online.
- Key Generator
This is a tool which generates a serial which is indistinguishable from an official key. This is done by working out how official keys are generated (usually a fairly straightforward algorithm) and then replicating that process.
- Cracked Executable File
This final method is far and away the most fraught with danger. The idea is that the executable file that starts the program running is replaced with one which has had its protection mechanism removed.
Both the key generator and the cracked executable require you, the user, to run them and, if necessary, grant them permission to do so. As was noted in an earlier piece, though not involving pirated software, this granting of permission is where virus and other kinds of infections can begin. Ironically, it is better, in this situation, to be infected by something immediately evident, such as one of the fake anti-viruses (20445 INFECTED FILES FOUND!!! EXTREME WARNING!!! PAY NOW TO CLEAN YOUR SYSTEM!!!!) than to be silently monitored by a keylogger, crafted to harvest your personal details.
The complicating factor for anyone working on a computer that has pirated software installed is that genuine software problems can be confused by symptoms from an infection or from a badly coded cracked executable. Computers are complicated enough running legitimate software from reputable vendors without the introduction of poor quality code with questionable purpose.