Re: Want to Protect my Software - Recommendations?



On Aug 13, 9:55 pm, Andrew Swallow <am.swal...@xxxxxxxxxxxxxx> wrote:
jmorton123 wrote:
On Aug 13, 2:31 pm, Unruh <unruh-s...@xxxxxxxxxxxxxx> wrote:
Ertugrul =?UTF-8?B?U8O2eWxlbWV6?= <e...@xxxxxxxx> writes:
holtz.reg...@xxxxxxxxxxxxxx wrote:
On Aug 12, 6:46 am, Ertugrul S=C3=B6ylemez <e...@xxxxxxxx> wrote:
I recommend a simple license key check.  You can use public key
cryptography to make it impossible for crackers to generate valid
license keys.  This is the offline equivalent of what you want.
This is a great idea. It makes the entire thing so much simpler. Can
you recommend an article or tutorial how to use public key
cryptography for this kind of simple license key check?
No, I'm sorry.  But it essentially involves generating some license data
(either a random string or some customer-related information), and
signing that.  The program verifies the signature as a step of the
license validation.
And can always be gotten around. You simply replace the verification
routine with a noop that always returns the "valid" response.

OTOH, since my software can be purchase only from my web site, what's
the point of emailing a product key with the software? It can be
copied even more easily than the software. Any insights on this?
The license will then be electronical.  There is no reason not to send
it by email.  If the license contains personal information, the customer
won't want to send it around to his friends.
By the way, that should suffice.  Credit card numbers would be more
secure for you, but would potentially endanger the customer's security.
And the "security" will almost certainly impact the customer's enjoyment of
your product, driving away users. If you tie the security to a specific
computer, the customer will get very upset when he buys a new one and
discovers his program does not work, and you have gone off on a month
summer holiday.

You should also take into account that such vendor-side protection
is considered annoying, no matter how well you implement it.  It
doesn't stop pirates, but it may easily scare away your legitimate
customers.  You _will_ run into problems with all active DRM methods
you implement, especially if you try to validate by hardware
configuration.
If 60% of your customers pay, but 95% of your _potential_ customers
moved to products with less annoying DRM, then your idea was a total
failure.
What you say sounds very logical and I myself identify with this.
However, it seems that consumers (and business in general) don't
behave this way. If vendor-side protection annoyance were a factor, no
one would have bought Windows XP or Vista...
You have not heard? They aren;t buying Vista.

I would love to not bother at all with implementing product key or
activation for my software, but unfortunately it seems that this is
not how the world works.
Consider that Windows is the most widely used operating system in the
world.  Microsoft knows that (currently) crackers will break their DRM
methods.  People in need of Windows and not willing to pay for it, will
not get an alternative, but instead find an appropriate crack.  This is
not true for your software.  And if you look closely, you'll find that a
considerable number of people actually do turn away from Microsoft
products.
One more important thing is that Microsoft decided not to use
sophisticated DRM for a long time.  One of the main reasons is that this
makes Microsoft software spread.  People used to handle it like
freeware, like the obligatory essence of every PC.  Now Microsoft
doesn't need that feature anymore, so they implement active DRM.
Take Microsoft's example and try to view it from the other side, as they
did.  Write software of high quality or high innovation and don't care,
if it's pirated.  If 100 people get a pirated copy of your software, 5
or 6 may be willing to pay for it.  Don't scare those 5 or 6 potential
customers away.
In other words:  Don't view pirates as criminals.  Instead view them as
users of your software and as potential customers.  This is how the
world works.
Greets,
Ertugrul.
--=20
nightmare =3D unsafePerformIO (getWrongWife >>=3D sex)- Hide quoted text -
- Show quoted text -

Here is your answer.  The key is to uniquely identify the user's
computer.  This is exactly what Microsoft does.

Use the System Services API to read the customers hard drive serial
number, the Windows OS serial number, the install date when your
custormer installs your software, and the unique serial number of your
software that your customer is installing.  Each copy of your software
should have a unique serial number to identify it.

You can use any number of parameters such as the unique identifier of
the network card, the amount of RAM, the BIOS, etc.  Use any hardware
you can identify uniquely through software.

The rest is straight forward and I'll leave the details to you.
Basically you need to then have your software generate a unique string
dependent upon these unique identifiers.  Have the customer email you
this string.

Then you use this string to generate a unique password.  Because the
string is unique to this one conputer, so will be the password since
it will be generated dependent upon this string.

Send this password in a file to your customer.  Have them copy this
password file to the same directory where the software is installed.
Whenever they run the software it should first look for this password
folder and the contained password.

Whenever they run your software it should then regenerate this string
and combine it with your password in a functin that then unlocks the
software:  this lock simply being an If Else statement that compares
the parameters you've implemented in your anti-piracy feature.

If they change any of the parameters you use to uniquely identify
their computer then the password will fail.  This would be the all or
nothing approach.

Of course if the software doesn't find this password folder or if the
password is the wrong password then the software should notify the
customer of this and generate the required string to email to you to
get the correct unique password.

Use your imagination to implement this or I am available for a fee to
do it for you.  And not too cheaply, I might add.

JM

Three cases to watch out for:
a. upgrading of the customer's computer e.g. replacement of the hard disk..
b. replacement of the user's computer - they do not like buying a second
licence.
c. running the software on a second computer.  They may pay for a second
licence but customers do not like waiting several days for the post
office to deliver new CDs.

Andrew Swallow- Hide quoted text -

- Show quoted text -

If you are referring to my post:

a. if you have enough unique identifiers then you do not need an all
or nothing approach: use a percentage metric that if 65% of the
unique identifiers are the same for at least 6 months then the
software will continue to work and then these new identifiers will
become the new permanent idenifiers

b. if complete replacement of the computer is to be made then have an
uninstall protocol that generates a unique string to prove that the
software was uninstalled and will no longer function on the original
computer before you change computers

c. all of the transactions are conducted over the Internet, perhaps
even payment through PayPal: downloading the software, getting the
password, etc.

The only major complication is if you use the all or nothing approach
to anti-piracy when the computer crashes permanently such as when the
system hard drive fails or the motherboard fails, etc. In any event,
you might want to consider all the possibilities when you determine
your pricing.

I recommend that you just be fair and reasonable and you should be all
right.

.



Relevant Pages

  • RE: Sync 3 related tables on a form
    ... You can try to maintain a multi query join string for the same purpose. ... Create a primary key in the Customers table. ... Create a relationship between the Orders table and the OrderDetails ...
    (microsoft.public.vb.database)
  • Re: Using Code to build criteria
    ... Dim strWhere as String ... The report however, still shows all Customers. ... Private Function BuildWhereCondition(strControl As String) As String ...
    (microsoft.public.access.queries)
  • Re: Overview of Paradox database structure and architecture
    ... multiplicity of customers and reports and libraries? ... Special customer reports are all stored in a folder with customers name, ... method CutToSize(s string, len smallint) string ... method CutToSizeAndAllign(s string, len smallint, right true) string ...
    (comp.databases.paradox)
  • Re: Want to Protect my Software - Recommendations?
    ... license keys. ... cryptography for this kind of simple license key check? ... If 60% of your customers pay, but 95% of your _potential_ customers ... Basically you need to then have your software generate a unique string ...
    (sci.crypt)
  • Re: needs automated clean-up tool [Re: Office 2007 beta uninstall]
    ... for both us and the customers. ... to get rid of every trace of Office 2007 beta, but that wastes a great deal ... We really have to wonder if any of those representing the Microsoft line on ... Why is it so hard to understand that we expect the Microsoft installation ...
    (microsoft.public.office.setup)