Web activation

[Tull Clancey]

Hi all, hope someone can help point me in the right direction, or maybe just
have a chat about the following.

Being a bespoke developer I have played about with piracy problems in the
past.

In most cases where systems are small and very specific there has been
little point in protecting the installed application/s. They just wouldn't
work for another other customer.

Where Host protection has been a nesessity I have used a hardware key. I'm
not apposed to this approach except I may need to hold a large stock of
them, I don't really want to do this.

I now have a couple of applications that I want to distribute in large
numbers, this means the systems are very generic and many, meny customers
could benefit, obviously I want to protect the licensing.

This is a two stage problem, I need to be able to protect Host and Portable
(PPC2003 / CE.NET) applications.

Where Portable protection has been required in the past, I've always managed
to get some 'unique' information from the portable and store it (one way
encrypted) in a host database. I've had real difficulties getting anything
unique from any portable running the CF.

Basically, I'm looking for the Holy Grail of software installations, a multi
printed CD or web download, that is unique when it hits a customer PC.

I can do all the FTP or other web comms required for the software to connect
to a site, check data, download a serial number, blah, blah, blah....

Microsoft seem to be happy with the fact that you have installed XP once on
a single PC, this is registered over the web, and works fine. Until, you
have to format a PC, sometimes your original code works, sometimes it
doesn't. When it doesn't you call MS and tell them you need a new key, and
they give you one. How does this protect them from piracy? It could be a
completely different PC! Working for another company, (Not My Own) I have
seen this done to get around a small office license.

I suppose what I'm really interested in, is what information I can gather
from a PC as a unique 'installation key'.

I've thought of Hard Drive volume number, but this changes after a format.
Video card information, but this may be changed at any time.
Main Chip, it's possible this may change, more like break!
Main Board Serial, this sounds the best, but I've had to change board from
time to time.

I could look at a mixture of Domain, Server Name, Main Board, etc, etc, but
I still can't get around the fact that a customer may 'claim' to have had a
break down.

Now to the real point of all of this!

Can anyone out there inform me of the legality of collecting information
from a PC where my software is installed?

If I were to collect by 'FTP' or 'Other means', the Domain, PC Name, Server
Name, etc, when my application was started I could immediately be allerted
to my software running on an un-approved PC.

Obviously there would be no individuals information, or company specific
information being passed to me. Is this a legitimate data transfer?

I have to say at this point I really don't want to use any 3rd party
software or hardware to protect installation sets or code. I can protect
code already, and don't want the hassle of adding others applciations to
ours.

????

Cheers,
Tull.

 

[Cor Ligthert [MVP]]

Tull,

You have mention a lot. Take an analogy

Why can the not make something to prevent stealing cars.

Every system will probably fail. The more ingenious it is, the more high is
the challenge for others, for which this is a kind of sport, to break it.

Try to get that what is in your situation the most optimal and don't overdo
it, you will than probably see that at last you are the one who has a
perfect system to prevent that your software will not be stolen. It will not
be used.

Just my thought,

Cor

 

[Ken Halter]

Hi all, hope someone can help point me in the right direction, or maybe
just have a chat about the following.

Adding to Cor's reply, if you "fingerprint" an app so it won't run on
another PC or the protection would break if the end user changes hardware,
be prepared for a flood of support calls. I change hardware so often that
something like this would drive me nuts. In MSs case, what they seem to be
doing is, eliminating the "casual" pirate. You know... the ones that say
"Hey! I just got a copy of XYZ.. Do you want me to burn one for you too?" By
placing that extra "fear factor" in a casual pirates head, they just won't
copy as often as they would otherwise.

Hardware keys are also a pain. Especially for developers like me that tend
to take work home. If I had to crawl under my desk and unplug a dongle, take
it home, crawl under the desk there, install it and possibly deal with
"Missing Hardware" dialogs on either end, I don't think I'd do homework at
all <g> Besides, anyone capable of cracking software licensing can do a
little more research and find a way to bypass a dongle.

There's a "fine line" that says "do I spend a whole bunch of time on my
protection scheme? or do I spend that time improving my product."

If you're going to be charging a pile of money for your apps and/or predict
that you'll be selling copies in a "1000's per year" purchasing environment,
you might want to consider using InstallShield's Activation Service. It's
priced well out of my range but, if I had anything valuable enough to
protect with that much security, I'd do it.

I'm not sure of their 'hand held device' support but I assume that, since
they support creating setup packages for these kind of devices, they also
support the protection of the software installed on these devices. arghhhh
their entire site changed so all of my links are broken... here's a start.

Protecting Software
http://www.macrovision.com/solutions/software/protecting/index.shtml

 

[Tull Clancey]

Thanks for your time, I appreciate your comments.
Cheers,
Tull.

 

[Tull Clancey]

Thanks for your time on this, the support side of things is something I want
to avoid at all costs, I've been in support for large companies before, and
don't want to go back!!

The apps I'm thinking of aren't huge and aren't going to sell for a great
deal of money, this is why i don't want to use any 3rd party tools, software
or hardware.

To be honest if I sold a single license to a company who then install the
software on several PC's, I'm not that bothered, what I want to avoid is
that solftware being passed to other companies.

At present I'm just wondering about the legality of collecting very simple
network information from a Host PC.

Maybe I'm thinking too much on this!

Anyway, all your comments are greatfully recevied.
Cheers,
Tull.

 

[Cor Ligthert [MVP]]

Tull,

The most simple way if you are selling them in low numbers is in my opinion
to set yourself the companyname who buys it from you in top of the screen,
can be something "Yourcompanyname/productname this software is licenced to
XXXX" just in the text property of the form.

That you can do than from an encrypted config.sys. (You create a programn
for yourself for that).

There are not much who want to have the name of another company in their
screen, showing that they are using illegal software.

This is of course easy to decrypt, and it is not real protecting, however it
helps probably a lot in the situation as you describe.

Just as idea.



Cor

 

[Grant Frisken]

Hi Tull

We provide a very low cost ($US80) public key encrypted based
licensing solution that ensures that crackers can't generate legitimate
license keys by simply inspecting your downloadable evaluation code.
You can get more info and download an evaluation version at:

www.infralution.com/licensing.html

Even if you aren't interested in a commercial product you might want to
visit our website just to see some arguments for avoiding web
activation solutions. There is also a really good article on
CodeProject
(http://www.codeproject.com/gen/design/UnconventialWisdom.asp) about
the balance between protecting your software and annoying your
customers.

The reality is that just about any licensing and code protection scheme
can be bypassed. If you look at the crack sites you will find cracks
for all of the licensing and protection products. If the security
experts can't prevent their own products being cracked what hope do you
have. What you need is a scheme that prevents casual license abuse
without driving your legitimate customers nuts.

Regards
Grant Frisken
Infralution