Re: Storing data
- From: "Peter van Liesdonk" <peter@xxxxxxxxxxx>
- Date: 6 Dec 2006 02:27:10 -0800
The problem is that your initial problem is superfluos. Why don't you want
the customer to know what changes are applied to his system? Hint: Seeing
the customer as the attacker is a flawed concept.
Just a question. How can you know why my customer wants to do this? For
this problem eg. customers allready tryed to "fix" some
licensing-limitations on some existing software. Licenses are sold by
date from/to eg, not by product.
It is just a practical limitation of computers: A customer who uses the
program can always trace everything your program does and reverse it,
because he has total control over his own computer. That is why seeing
the customer as the attacker is a flawed concept (among other things)
There are programs on the market that trace the entire installation
procedure of your program, with every modification to every file. They
allow you to remove every last trace of your program. They are simply
available for download and work very simple, even picking up the
creation of alternate streams as mentioned before. Such a program makes
anything you try useless. In the simplest case someone can format his
hard drive to remove any trace.
So what you should do is make a security model. Without a callback
possibility, a customer is technically able to circumvent anything you
throw at them. But of course, when you just store an installation
timestamp in the registry this will already be sufficient for most
users that do not have any technical know-how. You must find a middle
course between these things.