Sep 07, 2016

Adobe “Phone Home”: Clarification on a New Audit Tactic

The desperate need to “phone home” was immortalized in the 1980’s science fiction film, E.T. in which a loveable Alien searched for rescue after becoming stranded on Earth. Thanks to Adobe’s new Genuine Software Integrity Service, the “phone home” concept has returned to the small screen. But, instead of looking for a lift home, Adobe is on the hunt for non-authentic products.

Adobe’s Software Integrity Service periodically validates already installed Adobe Software. If it finds evidence of incorrect and invalid licenses, or tampering of program files, it automatically “phones” the company an alert for fraudulent use. The validation looks for illegitimate serial numbers, as well as whether the software code “has one or more of several known software hacks.” Violators are then sent a notification that the software they are using is “not genuine”.

Adobe is auditing, but it’s not what you think

This technology is a new, automated way for Adobe and other software publishers to track down counterfeit copies and other non-licensed use of their software. In the simplest sense, that’s what a software audit is. However, unlike traditional audits in which publishers search for license misuse within enterprises, the Software Integrity Service primarily focuses on catching counterfeit software.

The service has launched to a limited subset of US Acrobat X customers. It doesn’t affect enterprises unless employees have purchased consumer licenses for Acrobat X in the US. But, companies could also be affected if they buy Adobe licenses from non-qualified resellers, or buy hardware with pre-installed Adobe software.

Adobe isn’t currently gathering information about how Adobe desktop applications are used if those applications were installed either via Creative Cloud Packager, with enterprise IDs, or through Adobe Volume Licensing. It’s unclear whether the lack of information would have an effect on the service to perform validations. At this stage, it’s also questionable whether the integrity check can analyze more complex product use rights such as secondary use or downgrade rights.

What the future could hold

Adobe distributes their “phoning home” service through several channels. Product updates, the Adobe Application Manager, and the Creative Cloud Installer all may deliver the Software Integrity Service. Broad circulation capabilities could be an indication that Adobe plans to add the service to other products at a later date.

Any potential future plans by Adobe to implement the Software Integrity Service for enterprises could provide the vendor a substantially less expensive audit process. The service automatically collects audit data, without physically sending an auditor on-site. This would mean more audits for enterprises, because it's faster, cheaper and easier for Adobe to do.

It will be interesting to see if Adobe applies this service to meter cloud licenses. Doing so could enable enterprises a flexible purchase option for licenses that allows software use for fractions of time, such as hours. Adobe could offer hourly rates and automatically warn users before they’ve used their allotted time. This would give enterprises an improved cost-benefit ratio for products, and provide a direct revenue stream to the “phoning home” service. Because we don’t always phone home for a ride; phoning home for more money is a good reason too.



Topics: Audit Defense, Adobe




Comments (0):

There are no comments yet.