Software Piracy Exposed 1st Edition

First, I ran across this book in the bookstore, went home, got abetter price, and read it cover to cover. The book was entertainingas hell. The only part I didn't particularly care for was theinclusion in the appendix of what was clearly an overview ofcurrent virus, popup, firewalls and other softwares, which Iconsidered way off the book's subject.The problem with the book is that it seems entirely unproofed(unproofread). Spelling errors are rampant, and the authorappeared to lose control of the book in places, writing"Sentinel was discovered by the FBI in late 1999, who thencalled the FBI"The various clerical errors could have been overlooked. However,there were so many technical errors and distortions, I was leftwondering if the author was reporting on what he had witnessedin the "scene" accurately. He reports again and again thatcrackers can defeat any program in minutes or hours, then laterrelates on programs that remain uncracked. Which is it ? Thereare pronouncements about how certain programs cannot be crackedwhen they make windows calls, leading to the conclusion thatthe author is not aware that even the Windows kernel can bedebugged. The author talks about dongles being "enveloped",as a "small deciphering machine". It appears that he wasn'taware that a dongle can have an onboard CPU, or be a simpleROM accessible by the main computer. The text reads likean effort to dance around the fact that he didn'tunderstand the difference.The other errors, or if you will, "affectations" of the bookare just annoying. The term "ISO" is used many times in thebook as the term for a CD-ROM image on a computer. The authordoes, at one point, give the definition of ISO = InternationalOrganization for Standardization, but never gives the fulldefinition of "ISO 9660" (or similar). Calling a disk imagean "ISO" is like calling an apple "A grocery" because that'swhere you got the apple. ISO has hundreds, if not thousands ofstandards. I do realize that such misuse of terms is commonon the internet, but I would expect better from a reporter.The term "warez" is explained: (exaggerated plural derivativeof software). Not bad, but the author repeats this expansionover and over again like a bad Saturday Night Live skit.I liked the book, but would warn that there are better booksto really learn how to protect applications against piracy.My current favorite is "reversing", but Eldad Eilam, but I havethree books on the subject so far, and I unfortunately find Iknow more about it than the writers of these books (and notbecause I know more than average).

Software piracy is a major concern of companies such as Microsoft, Electronic Arts, and others. But what exactly is software piracy? Where does its roots come from? Is it different than file-sharing? What exactly makes it so efficient? These are some of the questions explored by Paul Craig in Software Piracy Exposed (2005, Syngress Press, 310 pages, ISBN 19322266984). This new title goes behind the scenes of the pirating world to give readers a deeper understanding of this sector of the underground economy. It is a fascinating read, but is hurt by poor editing, undocumented references and information, and the seemingly apologist attitude the author takes towards the pirating community.The author succeeds very well in walking the reader through what he learned in going "undercover". He starts out by explaining how he was able to gain access, and introduces the reader to some of the main people he learned from. This is followed up with a brief history of how software piracy evolved, not from the advent of computing and Bulletin Board Systems, but from the introduction of forgery centuries ago. In fact, it is from this book that I learned how software went from an asset of no value to the creators to a protected asset under U.S Federal Law.Craig then walks the reader through each step of the, for want of a better term, the life cycle of pirated software. It is indeed fascinating to read how the process operates much more efficiently than the processes of the software vendors themselves. In fact it has to be, or the pirates would have no purpose in being. More interesting is the notion that none of it is driven by profit motives, but mainly for social affirmation that comes from being successful. What is scary is that much of the success of software pirates is due to inside employees and/or contractors providing them the code needed to crack and distribute the software. From a systems controls perspective, it is incredible to read what I already knew at some level: too many companies have not locked down their public FTP servers.The drawbacks of the book are important, at least to me. First, the book seems to have lacked the editorial review process to eliminate even the most basic misspelled words. When I see mistakes like this, it raises questions about the validity of the remaining content, Second, the author makes references to a number of incidents and information without making footnote documentation of the information sources. Third, the author comes across as too much of an apologist for the software pirating community. While at times he seems to be critical of their thought processes, by not coming right out and saying they are wrong (as well as crediting innovation in software to their efforts), he is in a sense validating what they are doing.Who Should Read This Book?This book should be read by IT security personnel to understand what vulnerabilities they may face in their own organization. It should also be read by IT Auditors, so they too can determine what needs to be added to their audit programmes to assess risk.The ScorecardBirdie on an Average Par 4

Software Piracy Exposed is riddled with factual and grammatical errors and contradictory information. The book also contains a completely unrelated and unnecessary chapter on basic computer security. Avoid this book.

This is the kind of book that is unique, original, and yet, seems as if it was accepted by the publisher as a first draft. The author makes clearly obvious factual errors every three pages or so. Case in point, he claims P2P is shorthand for "person-to-person". Another doozy: "less than 10 percent of Altair owners never paid for their copy of BASIC" (the exact opposite is true). Some sections of the book, particularly those on internet hacking and usage of firewalls, are completely pointless and out of place. This book was clearly rushed to market. Shame on Syngress for screwing this one up.