Software Protection Harms Customers

November 06, 2012 / by / 0 Comment

This year, two longtime music software developers closed up shop without giving their customers advanced notice: Redmatica and BIAS.

Redmatica, a company based in Italy, had developed a number of specialty tools for helping people manage sample libraries for the Apple Logic-based software sampler, EXS24. When Logic was originally developed by E-Magic in Germany, the original programmers created an interface that was not particularly user-friendly, and as competing software sample players matured and overtook it in popularity, EXS24 never appreciably improved, even under Apple’s guidance this past decade. Redmatica’s EXS Manager can scour your hard drive for EXS24 sample programs and .WAV files, removing duplicates, and compressing audio files without losing audio fidelity.

Redmatica’s Keymap Pro eliminated the need to go into EXS24 to develop new sample libraries, and made it much easier to convert samples from more popular formats to EXS24; I’ve been using it for a couple of years and it’s a terrific product with far more features for developing sample-based EXS24 instruments than one gets working directly in EXS24. But as you might guess, their market was a small subset of Logic users, probably comprising only a few thousand customers.

Apple liked the work of their lead programmer well enough to hire him away from the company, forcing them to shut down. Customers were given four days notice that their products would no longer be supported, but at least Andrea Gozzi was nice enough to send an email to Redmatica’s customers to explain that he was going to work for Apple; previously, he had offered 1-on-1 support for his customers, which was likely time-consuming.

There is no word on whether or not Redmatica products or features will be integrated into Logic or EXS24, so customers are pretty much on their own now, without a website or user forum to visit to share tips with other musicians. Eventually these products will fail as Apple updates OS X to a state where they will no longer run. It happens.

R.I.P. BIAS, 1994-2012

The second company to close up shop was even older and had a much larger customer base. BIAS (Berkeley Integrated Audio Software) had been operating since the early 1990’s, and in addition to developing the top-rated audio editing software for Macs (Peak Pro), they had developed one of the first audio multi-track recording & editing programs (Deck). For many years, the light version of Peak was bundled with audio interfaces, and BIAS had created several effects programs that were popular with video editors because of their simplicity, stability and flexibility (Sound Soap for cleaning audio, Squeeze, V-Box). Although their company had been successful, the competition with free or low-cost audio editing software (like Audacity and Cuckoo’s Reaper) made it impossible for BIAS to stay in business because they could not expand their customer base further with their pro-quality products ($350+).

While some may mourn the loss of familiar software, new tools have come into the market to replace the functionality of BIAS Peak. Both Sony Soundforgeand Steinberg Wavelab have crossed over from Windows to OS X in order to fill this gap. But what about those of us who own BIAS Peak? Can we continue to run this software once the company has gone out of business? Only if it’s already installed, and does not attempt to “phone home” for product authorization. The BIAS authorization servers are no longer functional, so if you have to reinstall your product, you’re screwed – there’s no official way to authorize your hard drive because there’s no longer an authorization server for the software to contact.

Here’s the dirty little secret that the music software industry doesn’t want to talk about: Music software developers can spend from 20%-50% of their development budget to implement security features to fight software piracy, and those features have the potential to make the software less stable and more bloated.

Here’s the dirty little secret that the music software industry doesn’t want to talk about: Music software developers can spend from 20%-50% of their development budget to implement security features to fight software piracy, and those features have the potential to make the software less stable and more bloated. That’s because developers see piracy as their number one threat, and many have been unable to invent a business model where high-quality software can be sold cheaper to a much larger customer base; interestingly enough, Apple’s IOS App Store model is a solution that has worked well in this regard, but the App Store for OS X was designed so to not allow plug-ins, which is the main type of software developed by music software programmers.

Music software developers have gone to great lengths to prevent their software from being stolen. In one particularly sad example, Waves Inc. brought lawsuits against professional studios that were using pirated versions of their plugins, caught during a string of sting operations in 2007.However, in some cases the Waves plugins had been installed without the studio owners’ knowledge by musicians or producers who had rented studio time, making the owners liable for tens of thousands of dollars in fees without compensation from the people who had installed the cracked plugins. After several cases were brought to trial, Waves stopped this practice because it generated a great deal of bad press and likely hurt their sales.

How could these software “protection” schemes affect you, if you’re not using music software? Millions of people still use Microsoft Windows XP, which has not been officially for sale from Microsoft since 2008. Windows XP uses an online authentication method like BIAS and Redmatica. Should Microsoft shut down their authentication servers for XP, nobody will be able to get it to run, even if they install it fresh. In the case of Windows Vista and Server 2008, you have 3 days to activate your software or it’s unusable and the computer will need to have the software reinstalled, which could have devastating effects on people using a corporate Windows 2008 Server. Windows 7 and Server 2008 R2 are more forgiving, but Windows 8 and Server 2012/2013 won’t run without being authorized. Adobe’s software is licensed in a method quite similar; without authorizing it over the Internet, you cannot run it past a 30-day trial mode. It’s also worthwhile to note that Microsoft’s Windows Genuine Advantage (WGA) program was found to have a 20% false positive rate – that is to say, 20% of the time, it wrongly found customer’s installations to be unauthorized (pirated), and generated so much customer backlash that they have dropped the WGA program from current products. It is estimated that Microsoft lost $5 billion in potential revenue by falsely claiming that their customers were pirates, and by angering their customers with the WGA program.

The five main methods employed to protect software are:

    A) Upon installation, the user is prompted to enter a serial number
    B) The software requests that the disc be present in the machine (usually CD nowadays, but it used to be floppy disks. Logic and GForce used this method in the past)
    C) Prior to use, an online authorization code must be entered, which is communicated back to the home company via a live Internet connection (like Microsoft, Adobe, BIAS, Redmatica, etc.)
    D) The software will not run unless it detects that a USB security hasp (dongle) is installed on the computer (like Syncrosoft eLicenser, iLok)
    E) The software will not run unless it detects the company’s hardware is connected to your computer (installed internally or externally through the USB or Firewire bus)

For over two decades, the music software industry has been treating their customers the same way they treat pirates. As a result, it is rare that a piece of professional-grade software is not tied to some form of security. The products that handle this the best from a user perspective are Apple Logic (OS X-only), Cakewalk Sonar (Windows-only), and MOTU Digital Performer (OS X and Windows). Each of those products uses method #1: the user enters the serial number as they’re installing the software. Almost every other product I have seen in over 20 years uses the other four methods, to varying degrees of success.

In the case of Redmatica and BIAS, their products rely on method C, which means communicating from your computer back to their server for authorization (a process which may be difficult for studio DAWs that are not connected to the Internet) to keep the production environment clean from viruses and prying eyes. While I have been extra-careful with my Redmatica software, I continually have had difficulty with Peak over the years, which generally meant contacting the company for re-authorization every time I use their product (once or twice a year). In fact I moved most of my audio editing work to Audacity and ProTools because I was tired of the hassle that it took to get Peak to work. Perhaps this impacted their ability to acquire and keep customers?

How do other top software developers manage software authorization?

  • Avid ProTools employs both methods D and E, which is a case of overkill – but at least authorization usually does not fail. Usually the issues I run into are with initial product registration, before the iLok comes into play.
  • ProTools 3rd-party plugin developers (Izotope, McDSP, SoundToys) use the iLok USB dongle. iLok has a huge list of companies that use the iLok dongle.
  • Waves left the iLok dongle and now handles software authorization through method C.
  • Arturia, Steinberg and the Vienna Symphonic Library use eLicenser. eLicenser, formerly Syncrosoft E-licenser, does not provide a compatible products list.
  • Korg changed from using eLicenser dongles (D) to using online authorization (C) a couple of years ago. I’ve had to re-license their plugins a couple of times as I’ve upgraded computers and it’s always worked quickly and easily through their website and automated emails.
  • Native Instruments have implemented C across their entire product line, which would be frightening if their company ever becomes insolvent because Komplete constitutes thousands of dollars worth of products, each with its own authorization. Their software authorization is similar to that used by Adobe, in that there is a Service Center program that manages the licenses for all the programs and plugins.
  • GForce now uses a simple user authentication code, similar to Korg’s.

What’s the process of getting software to work if you cannot get it reauthorized by the company? Apparently, solutions are available by Googling for torrents that contained cracked and potentially dangerous versions of the software. Rather than opening up their software for users upon the company’s demise, or setting their code free for an open source project, both BIAS and Redmatica have left their customers no other choice than to turn to cracked versions from pirate torrents in order to get their software to run without requiring an authentication server. I’m not promoting piracy and cracking, I’m just stating the facts. Developers need to think deep and hard before making technological choices that could bring harm to their customer base.

Piracy Protection: At What Cost?

Paying customers are learning that the energy and efforts spent on piracy protection is a threat to the investment customers make in software. Paying customers do not have tools to “crack” software to make it work without software authentication methods. But software hackers will ALWAYS find a way to crack copy protection. The result is that copy protection only harms paying customers.

Software developers, you owe it to your users to come up with a better plan for handling software licenses. Piracy hurts your bottom line, but oppressive software protection schemes hurt your customers worse. When I first started using USB hasps, I feared that losing it or forgetting to remove it from my jeans before washing them would wipe out over a thousand dollars worth of plugins. But now that I have several USB hasps containing several times that amount, I sleep easier knowing that successful security companies, and not the individual software developers themselves manage the licenses. iLok and eLicenser are likely going to be around longer than the companies whose products their dongles support because they each provide a tollbooth for hundreds companies – not just providing security – but also web stores so that the software developers can sell products directly online without having to ship CDs to Guitar Center.

I have also found that I use Logic more often than ProTools or Cubase because it means never having to look for my USB keys. And when Microsoft Office 2008 installed an update on my Mac Pro this week that disabled it from running, instead of reinstalling, I migrated to Apache Open Office. The moral of this story? The software tool that is easiest to use is often the tool that gets used.

Leave a Comment