It doesn’t state anything we haven’t heard many times before, as developers, but it is an opening gambit, in the public political sense, of mine on this issue.  The objective is to raise awareness overtime and hopefully nip in the bud certain subversive influences I’m aware of, in the political scene here in Australia, in relation to this issue.

It would be fair to say that the average person, not producing work covered by copyright, would love to see copyright law fall by the wayside.  Certain politically motivated elements certainly would as it suits their socialist agendas.

So, the article introduces the concept to the casual reader, makes mention of the usual semantic arguments we all love to hate when discussing the topic and acknowledges the role organized crime plays in producing cracks, serials and keygens targetted at piracy.

I won’t reprint the article here beyond a quote.  You can click the quote below to read the full article.

Increasingly, individuals illegally downloading content with file sharing tools like Limewire, Kazaa and torrent tools like Azureas are being detected and prosecuted in the United States, the United Kingdom and Germany.  It is only a matter of time before prosecutions become more common in Australia.  The stakes (and the losses) are too big for companies and individuals producing intellectual property to ignore.

An ironic benefit, to the average person, from this enforcement is that by not using tools such as these they limit their exposure to viruses, trojans and malware which literally fill the services that offer cracks, keygens, serial numbers (often written serialz) and circumvention of DRM – Digital Rights Management, all of which aid in the copyright circumvention of owned music, video and software.

It is not illegal to have these downloading tools on your computer.  They do in fact have legal and valid uses.

But it becomes illegal when they are used to access items without the permission of the copyright holder.

That many of the circumvention tools – cracks, keygens etc – are created by organized crime groups such as the Russian Business Network or RBN is also significant.

Scott Kane

Related posts

• Cracks, Hacks, Keygens, Torrent Files and Lamers (2)
• Micro ISV, Duke Nukem And Swine Flu – Damn! There's a Link? (2)
• ISV’s Working As A Team To Bury Hacks, Cracks, Serialz, Keygens And Torrents? (1)
• DO ISV Websites Keep Bad Company? (2)
• “Otters” And The 30 Day Challenge? (2)

The posts you’ve seen here in most cases, bar one and not including this one, were written prior to getting sliced up and grated, in short I planned ahead – but not nearly enough it seems.

Frankly I’ve been going a little stir crazy.  I’m still alive, but my right hand is making it impossible to do the things I would prefer to be working on.  A week ago the plaster came off, but my fingers are only just starting to work again properly.

Not being the kind of person who can sit and watch day time TV for longer than 30 seconds I’ve instead been attending to business building of things I never get time to do, but can actually be done one handed.

With many local schools closing these last few weeks in the Northern part of Melbourne due to an outbreak of the Swinefluenza Hamdemic, you find you’ve got to do something or you’ll go nuts sitting their making extremely lame jokes about barnyard illnesses.  I think my worst joke was about a certain Australian politician turning into “Swinestein” -  the political porker.  I’m not fond of most “Australian Greens”.  Told you the jokes were lamer than usual. 

That’s what you’re reduced to when you go stir crazy wanting to do your work.  Worse jokes than your usual bad ones – right at a time when everybody seems to have lost the last vestiges of their sense of humour.

So, apart from making my kids laugh (youngest daughter fractured her foot on Thursday, more pain doubled by emergency admission taking five hours due to the swine flu admissions – many of whom are infants – at the hospital) by doing my Duke Nukem voice impersonations every time anybody said anything (adult or kid) I figured I’d better do something constructive lest somebody hit me for saying, for the hundredth time “Damn!  Your ugly!”.

So, some news here soon of some marketing support for MixAction that may be of some interest to ISV’s for use in their podcasts, video presentations and training tools.  CDROO, our audio website, is coming back online this coming week.  Last year I took it off line to allegedly prepare it for this task – and never got anything else done.  A silly mistake as it lost all of it’s traffic in the process, which while irrelevant to the interests of the business now, was still traffic.

Not to worry.  “Coupla, days.”

Seems one can work on websites with one hand providing you don’t type to much text, but instead work with images, and in the case of preparing CDROO for relaunch, mixing audio and signing off on license agreements.

So, hoping next post here will be an announcement that it’s up and open for business.  With a couple of packages for readers of this blog.

Scott Kane

Quote of the day:
He who can, does. He who cannot, teaches. – George Bernard Shaw

Related posts

• Writing Content For Multiple Sites – Hard Work But Essential And Fun! (12)
• Tools For Startups (3)
• Starting An ISV? No Domain Knowledge? Go To Incubator, do not pass Go, do not collect a Registration… (1)
• Micro ISV Spelling For Marketing And Marketing For Spelling (0)
• Day 123 – Starting To Fall Into Place – 30 Day’s Is Idiocy When Building A Company (2)

Why?

Consider this article Chrome is a browser? What’s a browser? across on ZDNet.  I quote:

“I want the old Google search engine, not Google Chrome. How do I go back to regular old Google? I want to change my default search engine from Chrome to Google. The tools don’t help me,” asks Orville.

“If I change from Outlook Express to Chrome browser does my E Mail address have to be changed to a G Mail address?” wants to know Haljoan.

“I don’t like the design of the Google Chrome.page. All of the toolbars I’m familiar with are missing, and I don’t even know how i got it. If I uninstall it, will I be able to get just plain Google?” wonders Stellar.

“Should I remove my original Google now that I have installed Google Chrome?”

Seriously!  How are we ever going to get people to understand they are responsible for their own security, that security requires following some simple steps, like, let’s see, “if it’s to good to be true it probably is”???

If they think the Internet,  increasingly I notice alarming a word that is double pluralled to “Internets”, is Google and that their browser is “Google” and that their operating system is – what – Google?

Strike a bloody light!

Scott Kane

Quote of the day:
If the only tool you have is a hammer, you tend to see every problem as a nail. – Abraham Maslow

Related posts

• Cracks, Hacks, Keygens, Torrent Files and Lamers (2)
• An Ill Corporate Wind Is Blowing – And Many Are Not Helping One Byte (2)
• Some ISV Marketing Freebies (0)
• Day 52 – Downloadsiteasaurus – Extinction Event (8)
• About (0)

Today’s blog post however is of specific interest to ISV’s, both micro and huge.  It’s showing their analysis of links between websites.  It’s rather stunning, if not scary.  Note – normally I do not just publish stat’s that don’t have detailed analysis data published with them.  However I trust these guys implicitly (they are leaders) and to be honest in this instance their word is well worth considering.

OK.  Consider the chart below published on their blog today showing website topics that tend to link to malware or badware sites (all images are Copyright Websense Security Labs and Amy Steier) from their web analysis (their article is worth reading too):

Now, ignoring the obvious in the blue area for the purposes of this article, you’ll notice the purple area “Freeware and Software Download” as well as the green “Information Technology”.  Amy writes:

“At Websense, our analysis leads to one clear conclusion: bad leads to bad.”

Apologies for no percentage or other numerical values here, this is the only data they’ve published for this.   But their contention is quite clear in the trend shown in the pie chart above. 

She continues:

“You’ve probably heard that freeware is risky. Our link analysis overwhelmingly supports this. It’s a death trap for machines and networks. If you are in the habit of downloading freeware, you will, without a doubt, eventually find something malicious or illegal.”

Well, actually no.  I’ve not “heard freeware is risky.”  But I’m assuming her customers have, or the readers of her blog have, and if not then they have now. 

So why is this pertinent to ISVs? 

Simple.  Our almost religious dependence and support for software download sites.  I’ve written here time and time again that if you use download sites as part of your marketing strategy then you’d better be prepared to pay the piper when it comes to guilt by association whether it be from search engines blocking you because you link or web threat trending companies telling their customers that going to these sites is a risk.

If you really give a damn about your company and comprehend that it’s a “company” you’re running, not a product you make at the weekend and sell via a car boot sale (download site) be careful linking or associating in anyway with sites whose sole justification is to harvest Google advert income or phishing or malware distribution – or both.  If you can not guarantee it 70% you can’t afford to have your software there, or your website link to it. 

Get real – this is a business, not a nature walk with your prep teacher.  If we learnt anything at all from the spyware/adware debacle of the late 90’s and early 2000’s it was this.  Good products are destroyed overnight through being sullied by schemes they had no control over.

Scott Kane

Related posts

• How Not To Run A Software Company – GetSatisfaction.com And Ethics. Bastards? (15)
• A Developer Says He’s “Speechless” That I Am Targeting Vista And Win 7 With .Net. But Does He Know His Onions Or Have I Flipped My Biscuit? (8)
• An Ill Corporate Wind Is Blowing – And Many Are Not Helping One Byte (2)
• 10 Years Anniversary Today. EPIC FAIL. I Quit. Starting An ISV … (7)
• Scams Not Good Enough? Now Download Sites Are Stealing Your IP Too! (3)

Now Norton (Symantec) are in the game.  Click above Picture to Zoom in…

As reported by an anonymous poster (for obvious reasons) on The Business of Software forum.

So who would they label as dangerous to kick off the ball rolling?

Forget penny Anny mISV ’s they’ve gone for the throat and are ripping out the jugular of mISV ecommerce.

Now.  A disclaimer here.  I have not verified if these threats are real or not.  All I know is that Norton are flagging them.  Given who they are flagging I’d suggest if they are wrong then the tiny patter of lawyers feet will be heard in their reception soon I should expect…

Here’s the list:

Plimus:

http://safeweb.norton.com/report/show?url=www.plimus.com&x=0&y=0

RegNow

http://safeweb.norton.com/report/show?url=www.regnow.com&x=0&y=0

ShareIt

http://safeweb.norton.com/report/show?url=www.shareit.com&x=0&y=0

Here’s their site:

http://safeweb.norton.com/

Holy Cow Batman!!

They’re either found something incredibly bad or they’ve been smoking something incredibly illegal or something because this is pretty serious stuff.

I’ll be watching this with interest..

Scott Kane

Quote of the day:
Failure is not the only punishment for laziness; there is also the success of others. – Jules Renard

Update: All sites listed above our now showing green, warnings removed. Would love to have been a fly on the wall.

Related posts

• Day 52 – Downloadsiteasaurus – Extinction Event (8)
• Starting An ISV? No Domain Knowledge? Go To Incubator, do not pass Go, do not collect a Registration… (1)
• Content – OK, But What About The ISV Competition And Their Content? (2)
• SpellQuizzer – ISV Helps Kids Learn Weekly Spelling Lists – Learning More… (0)
• Another nail in the coffin (0)

I’ve blogged here before about MultMediaSoft and their stunning developer tools.  MixAction uses them and because I’ve been so delighted I purchased the entire audio suite, the whole shebang and not just part as I had previously.  An absolute bargain.  It’s a pleasure working with Severino with support issues, instant response and almost (within one hour) instant solutions.  The audio library is an absolute joy to work work with and it allows me to expand for the future into areas more quickly and easily with MixAction and associated products than I’d originally envisaged.  I mention this as an indication that MixAction is still being heavily re-developed, in spite of some hiccups this week with bad power supply (ongoing brown outs at my wife’s place destroying three computers this year there, even with a filter) and an adventure here with a very dead, 6 month old Microsoft mouse that I had to replace as my other mice are cable mice and the darn cables don’t reach on the development machine to my desk.  So another $100 + on a new Microsoft keyboard/mouse combo which is – er  – “comfortable” I guess even if the pricing is ludicrous.

OK.  Today I thought I’d do a quick piece on an issue I’ve spoken to a few people on, that I feel is significant to mISV’s.  Namely those archaic, pre-dot com bust relics of the bulletin board era, that I now firmly believe to be deleterious to an mISV’s business.

These website’s, that swallow voluminous quantities of PAD files daily expelling them onto pages like some kind of digital dysentery, surrounded by pustules of Google  Adsense, have become so common it would be fair to label them a web-pandemic.

In order to get a handle on these blights, that pockmark the search engine landscape like serial acne, one has to consider a little bit of history of where they came from.  How they began, as is so often the case, as a good thing and then devolved into a malicious out of control monster.

So let’s dig a little for a moment, into the strata of software downloads history.

When I began in this industry, or at least, first started participating in it, there weren’t any download sites, no publicly available “Internet”  and, scary as it may seem, no Bulletin Boards – at least in this country – that one could log onto and get the latest and greatest.  You exchanged floppy disks.  Actually, that’s not true.  You exchanged cassette tapes because my (and everybody I knew who had one) “home” computer accepted that as a storage medium.

Things changed and in the early to mid eighties,  while I typed in decimal into a terminal and got hex out the other end on tape (unless I was forced to work on software for an even older machine that spat out oct) by day I could go home and dial in on a modem and save all kinds of goodies to my – er – floppy disks.

The era of the bulletin board had come to Oz.  Later came the “shareware” revolution that brought such cool things as PKZip (Yay!!  We could finally get rid of Arc and LHA and AlHarc and all the others).  This was the only method a software developer could distribute software if you couldn’t finance retail distribution (which meant most of us).  You basically uploaded your latest and greatest software to your local friendly BBS and through a network of services like Fido and others your release actually could go world wide.  One of my favorites was Algorithms Anonymous run by my good friend Glenn Crouch in Kalgoorlie Australia.

In the early to mid-nineties the Internet era dawned and the humble BBS began to decline (in some ways I still miss them, they tended to attract folks who were a little friendlier than the Internet is today).

With the development of the “Web” (and if you’re reading this and thinking Web = Internet please do some research) the download sites appeared.  Download.com, Winsite, Tucows, even the renegade NoNags (a rather two faced download site that prohibits software asking for payment (nags) but who has no problem asking the visitor continuously to “register” for unfettered access), to name a few.

There were of course a lot of smaller sites who were run by enthusiasts who gave a damn about software (often programmers themselves)  and who offered value to the web surfers experience on the net and greatly aided us all in the distribution of our software to the public (a more technical and specialized public than the general public who now also access the Internet (and to whom most malware is squarely aimed).

Many of these sites, big and small, used banner adds to defray the costs of running the site, and hopefully a bit on top as profit.  Remember this was pre-dot com bust.  Google’s founders hadn’t begun Google yet, the search engine landscape being dominated by players that many folks haven’t heard of , but were big in their time.

The only real survivor of this era search engine wise now is Yahoo.  Since we’re using paleontology as a metaphor in this article, if download sites are Jurassic then the likes of Yahoo could be classified as being relics from the Pleistocene of the digital era.  Any similarity to Yahoo and a Neandertal are purely coincidental.

Anyway, these download sites served a valuable function to both the developer (distribution) and the consumer (access).

To facilitate the process a file was distributed with every download of a program (almost) called FileID.diz.  This was a descriptive file that the download site could use for information about the software product and to a lesser extent the consumer could get a summary after downloading (most downloads were still in archives, such a zip files,  installers and especially exe installers were as rare as chicken teeth).

Towards the end of the nineties a developer friend of mine, Harold Holmes, along with several other folks in the ASP discussed and then Harold created the PAD file (Portable Application Description), an XML file that could be parsed by a download site to provide a full description of the product, with a choice of parameters almost automagically.

I still have the official mouse mat that went with the release. 

A great idea.  A truly great innovation.  An elegant solution to a problem and worthy of great respect.

That’s when PADKIT was born.  This monster was inadvertently spewed from the ASP as a tool to assist in the automation of PAD file incorporation by download sites.  The idea was a good one, but little did they know (or could know) that it would end up being used for the purposes of SEO spamming.

Once Google had become a predominant force in the SEO wars after the dot com bust the door was open.  Previously to get folks to advertise on your website you had to get results.  To get results you needed a reputation.  A bit of a chicken and egg problem.  Google removed this with one fowl (misspelling intentional) swoop.

Adsense.

It’s not that Adsense in itself was evil, or that Google was evil, or is, but rather that the world is composed of some folks who are intrinsically and pathologically evil and Adsense + PADKIT + PAD meant “BHHHhhhhahhahahhahaa!” in voices that make the witches from Macbeth sound like ladies you’d invite home to meet mother.

It’s bad enough most of these cruddy sites surround a listing with Adsense adds that all to frequently advertise your competitor or a link to some pimply faced Jolly Roger’s site advertising a crack or keygen, but they then started burying the download link in tiny text literally compelling the visitor to click an add.

The next phase was to require you to click the download link and be taken to another page full of more Adsense and another download link in type size that would make a great home for an amoeba, but wouldn’t fit much else.

That the likes of Softpedia, the ultimate spinners of bovine excrement in relation to scanning for spyware, who founded themselves on PAD files would then move to ripping content not from the PAD file but directly from the software developers website was the first indication I saw of where things had arrived.

OK.  We did have (and have) the cases of PAD spoofing.  Basically the process of some crook posting a PAD file purporting to be from a real software developer with real products (in other words replacing legitimate entries on a download site with a link to a malware payload) which led to the ASP pursuing digital signing of PAD files.  A concept that is a great idea, but not overtly successful at this point, nor to I expect it to become so.

Andy Bryce did some great work exposing and defining the nature of these download sites with his Software Award Scam.  Click the link to Andy’s site if you’ve not read it, then drop back here.

Right.  Read it?  Got it?  Scam.  Worth less than the electrons used to generate the “awards”.  If you’re displaying this garbage on your website then GET RID OF THEM!  Don’t participate in this fraud, it just encourages these sites and for some folks lends them credibility.

Alright.  Given the last four paragraphs above.  These sites, Softpedia (who remember had no problems stealing content to do so) and others fill pages 1 to 50 (and beyond) of Google for just about any downloadable software product available on the net today.  For a canny software developer this isn’t a big problem.  Getting to the top is possible.  For newcomers it’s almost futile.  It’s not a level playing field.  Stealing content, being good Google customers (lots of Adsense remember?) and sheer numbers of the darn things means they frequently outrank the actual software developer and genuine reviews of software by journalists and consumers.

Remember, if they rip your content from your website or steal your search terms and other tricks Google is likely to punish you, especially if you’re new, for duplicating content.  These download sites become “authorative”.  You are assumed to be SPAM.

Hardly good SEO sense for the software developer, is it?

I blogged here some time back about downloading early this year bucket loads of files from download sites, many well known ones and some mentioned above.  Download.com, Tucows and their likes were as clean as a whistle.

But most of the others had malware.  Not every download, not even most downloads, but some downloads.  Belying their banners proclaiming scanned and “spyware” or “malware” free.

Why do they do it?  I don’t think they place the nefarious files there themselves.  That’s the work of others, unconnected.  In some cases it’s PAD file hijacking.  BUT – these download sites simply don’t care.  They don’t even remove the offending links.

Apart from the Adsense income to boost the ranking of other sites it’s about “Blackhat SEO”.  The process of creating a website specifically to benefit another site.  In fact they BRAG about doing it.  They have no interest in the software, the developer or the consumer.  Indeed all indications are that all they have is utter contempt.

In conclusion, for now at least, I for my part will have nothing to do with the download sites with the exception of download.com, Tucows a few others carefully picked by me.

Google will wake up to them.  But it will take time.  Probably within the next twelve months to three years IMHO.  At that point they’ll be dropped from the engine.  Many of them are going to be labeled for containing malware.  Google has begun doing this, Yahoo has joined up with Useless Incorporated (otherwise known as McAfee SiteAdvisor) – see my post here on this – and I certainly don’t want to be caught in the fallout, which I believe must occur, when they do.  Do you?

MixAction will be released with a license prohibiting download sites carrying it with implicit written instructions for those sites that may do so.  For sites in the Western world I intend to enforce that license.  For those elsewhere who can cringe from such things impervious (for now) to Berne and other restrictions, I’m working on something a little different.

Conclusion?  Download sites = Extinction Event.  A Google driven comet impact coming their way.

It’s way past my bedtime, I’ve written enough for this article.  I’ll look at following it up in the future if folks are interested.

I know a lot of folks are not going to agree with me here.  I guess it’s one of those inconveniant posts one would prefer not to read.  All I ask is that you consider it.  Think about it.  Do some snooping of your own.  It’s not hard.  Then come to your own conclusions.

For those who think the SEO advantages outweigh the disadvantages I’ve talked about, consider that the software industry is the only industry that has these kind of leeches hanging of it on the web.  Nothing comes close nor has the same impact.  Even the music download industry has to fight it’s way to the top of the listings unaided – and they manage to do it…

Scott Kane

Quote of the day:
The squeaking wheel doesn’t always get the grease. Sometimes it gets replaced. – Vic Gold

Related posts

• Starting An ISV? No Domain Knowledge? Go To Incubator, do not pass Go, do not collect a Registration… (1)
• Content – OK, But What About The ISV Competition And Their Content? (2)
• Cracks, Hacks, Keygens, Torrent Files and Lamers (2)
• Micro ISV Book Review – How To Generate Traffic For Your Website (5)
• Another nail in the coffin (0)

Originally I intended to make this blog something that the ISV and mISV could use to reference in relation to some of the issues faced with piracy of 2008 and potentially beyond.  I’ve simply not had the time I hoped for to compile several years of research on this into articles on a consistent basis – or any basis.  My own decision to launch a mISV and grow it applying some of the things I’ve learnt from a few folks on the BOS forums and in the past from my previous “life” in software development and marketing that took a different and I believe now to be frequently outmoded method of delivery, intent, design and more importantly *mindset*.  I would never have believed, even six month ago, how fundamentally life changing this shift in mindset actually is nor how limiting following the older tenets actually were.

But I digress.

This is to be the first article and I hope not the last, no guarantees there though as I am genuinely flat out coding and would much prefer to look at the more positive business issues in this blog rather than this rather distasteful subject.  However some folks might get some value out of the articles and if they do that’s great, if they don’t know harm done.

I do need to make it clear that there will be *nothing* mind shatteringly new here in regards to the topic of piracy.  Rather it’s a summation, not a complete treatise, on some of the issues for ISV”s to consider and this first article is just an introduction to terms purely as a “know thy enemy”.

OK.  Preliminaries out of the way.

Some definitions are in order of the kind of people and things/services we will discuss as I throw these articles together.  For the purposes of these articles I will be defining the following as:

1. Hacker: Technically the name for a programmer, misapplied by the clueless media and the clueless masses who believe anything a journalist tells them as given.  I will not use the word “Hacker” to describe a person engaged in piracy in any form or somebody who uses their skills to cause willful damage.  Such people are:

2. Crackers: Otherwise very intelligent people, sometimes programmers who are motivated by a variety of reasons to crack security of systems, software and data or a combination of these.  It’s a grave pity that their intellect could not be applied to software development, systems design etc, though in some cases it actually is.  Lots of grey areas in all these definitions BTW.

Most genuine Crackers do not publish their methods widely for general consumption.  They tend to be elite and remain that way.  However there are those who do publish their results for general consumption or make it possible to follow their techniques by publishing their methods.  This is done for altruistic though I believe misguided reasons frequently, but there it is.

Some of them despise open piracy and you will find forums (public and private) where they vent their feelings.  Some on the other hand actually support piracy, often with the “stick it to the man” mentality that is akin to the kind of otherwise intelligent people who fall for Leninism, Fascism, Maoism and other dysfunctional agendas.  Most of the serious cracking of software is initially done by these folks and it is in the context of software cracking that we are concerned with here.  It’s from these guys we get the hard to beat cracks and of course the ubiquitous Keygen.

3. Script Kiddies: Technically folks who crack software aren’t referred to as Script Kiddies however those who do most of the scene cracking where kudos are given to the highest cracked software turnover (day, week, month etc) are probably best described as such as they use scripts/Tutorials or “Tut’s” as they prefer to call them (literacy is not a priority of these losers) to achieve their goal.  Personally I prefer the term Wanker for these guys, but if I use Wanker for them nobody is really going to know what I’m referring to. Scumbags, Scrubbers, Petty Thieves, Bogans are also terms that apply.  To say they are clueless and lame (incredible insults in their community) is probably an understatement.  Most of them couldn’t program a simple batch file let alone a simple text editor in assembly, never mind a fully functional GUI that anybody wanted.  These are the folks who will use a Tut to learn how to unpack an executable protector (insert name of your favorite protector) and think they are real “cool dudes” and “mean hackers”.   Total wankers of course but none the less dangerous to an ISV’s business.

4. Organized Crime: There are many net orientated organized crime gangs.  One of the best known and most widely publicized is the infamous RBN (Russian Business Network).  Allegedly the head or heads have a family tie to a Russian politician who it is alleged makes them tough nuts to crack – no pun intended.   According to what is known they disappeared off the radar last November 2007, popped up in China, did a bit of damage for late December and early January and then disappeared again.  A lot of security pundits have declared this a huge victory over the RBN.  I would argue the security pundits claiming this as a victory have a few kangaroos loose in the top paddock or somehow believe that by claiming it they will achieve a clandestine advantage of their own.  Be that as it may.  Organized crime is involved in the software hacking and cracking scene and not, as many tend to suggest, so they can sell it illegally.  Sure this happens but the real value seems to really be in getting bots and Trojans into Joe and Jill Six-pack’s machine.   The number of cracks and Keygens containing Trojans and Bots is phenomenal.  After downloading thousands of these (in a dedicated old clunker machine, no way I’d even visit these websites on a good machine) for examination I found only 100 that contained no payload.  I did not test them against the software they were supposed to work against so I have no idea if the payload is transferred or not.  Scanning them with various anti-virus programs was also an eye opener as most of the big boy AV packages simply didn’t pick them or if they did failed to render them harmless.  These Bots and Trojans delivered, in many instances, correspond or are similar to those delivered by alledged organized crime gangs.  Whether this is a direct result of their influence or not is not clear – which is pretty much the case for most of these kind of things.

5. Torrent Sites: The technology of the torrent is a wonderful thing that has many great *legal* uses.  Sadly scum and petty thieves have adopted the technology all most as if it was there own.  Enter sites, for which I refuse to help increase their Alexa ranking or Google ranking any further for by using their real name here, such as the PatheticCriminalBay in Sweden and other places make popular destinations and relative safe havens for Joe and Jill Six-pack to download software like byte addicted kleptomaniacs.  These places are next to impossible to shut down because they have weak governing systems (hello Sweden!) in relation to enforcement of copyright law and convention (even when signed up to Berne as the likes of Sweden are).  Sending cease and desist and DMCA violation notices is laughed at and publicly used to taunt inept lawyers who really don’t get it.  Only political and economic muscle can fix this, or massive DOS attacks on the offenders.  I do not support the latter option as it’s not effective.  Political and economic muscle will fix it in countries such as Sweden but the risk is incredible.  The Euro, for example, has a lot to loose from any action taken by the USA, UK, Canada, Australia etc if such action is taken in unison and it is sad, to me, that so many innocent people could get financially hurt because of such action.  Are our politicians thinking about this option?  I am.  I have no idea how many software developers become directly and actively politically involved, but this one is and it is on my own agenda and it’s something I’ve discussed with politicians with more influence than I have and who were interested in the concept (and the losses the industry faces now and into the future).

6. Download Sites: No.  I’m not suggesting for a moment the download sites are necessarily assisting directly in piracy.  There may be a few who do it inadvertently through Google adds and such on their sites but I’m yet to confirm a single one who is actually doing it on purpose.  That is not to say there are none or none with connections.  But I have no proof of that, if you do contact me, I’d be happy to investigate in the strictest confidence.

HOWEVER.   I did use the word inadvertently and I will expand on that.  When they claim they have scanned for viruses and Trojans they are invariably telling pork pies.  I have *never* found anything wrong malware wise from a file on say Download.Com/C-Net or Tucows who I know do scan.  But I have on an incredible number of others.  BOTS, Trojans etc.  Some of it linking supposedly to legitimate software but through various techniques bypassing the real developer of the software and their real package and delivering their own nasty one.  Contact one of these download sites and don’t hold your breath for a reply.  They don’t care.  They run them for the Google add income and/or Black Hat SEO potential such sites currently bring.  Look towards Google addressing this sometime in the next few years.  Still think the SEO advantages of a download site outway the concerns you should have in relation to our responsibility to consumers and of course our own businesses?

7. Crack: Usually a piece of software (program) that patches an executable by changing original values to something else.  For example bit flipping or returning a desired result from a Boolean (like the classic IsItRegistered routines so many programmers unwittingly use).  Telling a real crack from malware is virtually impossible for most people.  Complicated further when it can be both at once and/or uses “secrets” known only to insiders in the cracking “scene”.  This hidden payload method is a favorite on peer to peer networks like Limewire and similar.

8. Keygens: A program written to generate a working serial number for a piece of software.  More deadly than a crack a Keygen can really eat into profits when released and depending on the technology you employ (see here for information on PKV) very hard to counter-attack.

9. Serialz: Corruption of the word “Serial” as in “Serial Number”.  A working serial number for a program.  Very popular Google search term.  Sometimes gained via a Keygen, commonly gained by purchasing a valid license by using a stolen credit card number and “released” via crack sites and torrent sites.  Probably the lamest and most identifiably illegal method used to most people, employed by many who fall into the script kiddy and scene cracking area.  Lamest of the lame in essence.  This hurts more than the software company from who the serial is illegally purchased from.  It doesn’t hurt the credit card companies – they charge the software company via a charge-back that includes a fee.  It hurts the consumer who owned the credit card as well and adds to the cost of online security.  Often users of this technique (in keeping with lame excuses used by criminals since time began) will blame the software company for making their software so darned hard to crack.  Keep this lame justification in mind when you are trying to use or employ commercial “uncrackable” software protection (if there even was such a thing) or just in making it really hard.

10. Casual Piracy: Believe it or not this remains, since the early days of software, one of the biggest piracy issues where-by the consumer hands their license key to Mary, who gives it to Joe or hands it to John or has ten friends who…    This is a tough one to beat.  I’ll talk more about this in another article, not that I have any solutions to it mind as I don’t believe there is a one size fits all solution to any of these.

In conclusion for this article.

What does all this mean to the consumer?  Basically use cracks or Keygens and you are pretty much guaranteeing yourself grief or handing your computers processing power over to an organized crime gang for use in other activities when you don’t even know they are doing it, even if you have anti-virus and a firewall!  It’s been estimated that the RBN could, if they chose, shut down a massive chunk of network or even a country in terms of computing infrastructure if they chose.  Reports that they’ve been selling access to their bots make one wonder just how clued most of our politicians are when it comes to security, domestic and international, crime and of course terrorism.

In the next article on this particular topic I’ll be looking at protection of executables more superficially and in a sense what it is we do wrong and how there is basically no bloody way, with current methods available, for us to fix it.   Sounds cheery huh? 

Related posts

• Starting An ISV? No Domain Knowledge? Go To Incubator, do not pass Go, do not collect a Registration… (1)
• Day 52 – Downloadsiteasaurus – Extinction Event (8)
• The Politics Of Software Pricing Models, FOS, FUD And Economic Pragmatism. (5)
• Content – OK, But What About The ISV Competition And Their Content? (2)
• CDROO Launched – A Micro ISV Resource For Royalty Free Music And Sound + An Offer To Readers (2)