Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What's the Right Amount of Copy Protection?

kdawson posted more than 7 years ago | from the no-dongles-is-all-i-ask dept.

Software 561

WPIDalamar writes "I'm currently working on a piece of commercial software that will be available through a download and will use a license key to activate it. The software is aimed at helping people schedule projects and will be targeted mostly to corporate users. With the recent Windows Vista black screen of death, it got me thinking about what sort of measures I should go through to prevent unauthorized users from using the software. While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate? Is it acceptable for the software to phone home? If so, what data is appropriate to report on? The license key? Software version? What about a unique installation ID? Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key? Would a simple message stating the software may be pirated with instructions on how to purchase a valid license be sufficient?"

Sorry! There are no comments related to the filter you selected.

None at all (5, Insightful)

Ckwop (707653) | more than 7 years ago | (#20569005)

While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate?

This may not be what you want to hear but any copy-protection will burden legitimate users. Pirates will remove the copy protection from your software and the unprotected version they create will be more usable than the version you offer.

It doesn't just hurt your customers, it hurts you too. The time you waste trying to create some copy-protection and losing the arms race with the pirates (which you will lose) is time you could have spent making your product better.

The way to beat the pirates is to provide a better service to your customers than they do. The commonly advocated business model is to provide support on the software to paying users - and since your target is business customers this makes a lot of sense.

Businesses, by the way, tend not to pirate on the scale of the private user. Piracy is a big risk to business because businesses have very deep pockets.

In short, the answer is to have no copy protection at all and trust your customers. Trusting the customer is hard but they'll appreciate it.


And the is answer is none. (0, Redundant)

srussia (884021) | more than 7 years ago | (#20569041)

None more black.

Re:None at all (4, Insightful)

JohnFluxx (413620) | more than 7 years ago | (#20569115)

I disagree.

In the work place, most people might enter a fake installation code for example, but won't go as far as to apply a crack. If the software requires you to apply a crack to use it, then I think most people at work will get their company to buy it. If it just installs anyway with just a small nag screen or something, then most people won't buy it.

Re:None at all (2, Informative)

Goldberg's Pants (139800) | more than 7 years ago | (#20569233)

My recommendation would be Elicense or similar.

With Elicense, you get an order ID. You enter that, it contacts their server and "unlocks" the software. You can choose how many installations are allowed as well. For example I have a few games that use it that come with two licenses, so you can run it on two computers. Another title only gives you one.

The install is painless (it installs a license control service that in many years of using I've never had any sort of issue with), and it stops a LOT of piracy. It IS possible to "unwrap" the executable, but of all the Elicense protected software I've used, I've only ever seen one game cracked. (Ironically it is the most obscure of the ones I own.)

I am vehemently opposed to DRM, copy protection, call it what you will, but I find Elicense extremely inoffensive due to it's ease of use. DRM should not impact legitimate consumers, and this one is the only one I've come across that has never caused me any sort of negative experience.

Re:None at all (1)

aliquis (678370) | more than 7 years ago | (#20569343)

They better have an Internetconnection then.

I doubt they will love to phone or send snail mail.

Re:None at all (5, Insightful)

FlyveHest (105693) | more than 7 years ago | (#20569545)

So, in short you recommend using a piece of software, that installs another piece of software, that stays on the system after uninstalling the first piece of software (How else could it work, if you have multiple pieces of software that uses it?), and, as you say service, I assume it runs while the original piece of software is not.

Even though you say that you have never had any problems with it, I would absolutely HATE using anything of the kind, and would actively avoid using any piece of software that uses that kind of activation.

Re:None at all (4, Insightful)

xtracto (837672) | more than 7 years ago | (#20569347)

f it just installs anyway with just a small nag screen or something, then most people won't buy it.
I agree, you just have to see the hundreds of computers I have seen in several different government offices that use WinZip, they invariably show the startup nag screen telling you how many thousands of files have you compressed and asking you to buy it... of course, you just have to click the continue button and keep using it..

Not strictly true (1)

gilesjuk (604902) | more than 7 years ago | (#20569141)

Some copy protection stops the casual pirate. The people who don't know much about computers and may email your app to friends.

But using dongle protection is pretty stupid, especially when in some cases it cripples performance (Steinberg's use of dongle copy protection on Cubase has been rumoured to do that).

Re:Not strictly true (0)

Anonymous Coward | more than 7 years ago | (#20569161)

No, those casual people will just download a copy, that someone else has already cracked and put on the Internet. Better to have no protection so current customers will not find the cracked version more convenient and stop being customers. Better still provide the source so your legs don't get cut out from under you by a competing open source project.

Re:Not strictly true (0)

Anonymous Coward | more than 7 years ago | (#20569429)

When a competing open source project emerges, you still can open up your source (you should, however, be careful from the beginning that you don't close up that possibility by using third-party proprietary code with no open source equivalent).

Re:Not strictly true (1)

oliverthered (187439) | more than 7 years ago | (#20569311)

and you can easly get a cracked copy of Steinberg's Cubase.

Re:Not strictly true (1)

clayne (1006589) | more than 7 years ago | (#20569551)

However, Steinberg's use of the particular dongle method and provider ( [] ) took the last group 1000s of man hours to crack and they vowed to not even bother with the next release (the actual group was "H2O" and they provided a small background summary in one of the Cubase release NFOs). So in reference to the OP's question? Well, that far, if he wants it to stay uncracked for a decent amount of time. Otherwise, much like an average size vs space analogy, it's convience vs security in this context.

Re:None at all (1, Informative)

Anonymous Coward | more than 7 years ago | (#20569149)

Some examples of companies which are successful and include no copy protection:

- Mysql, Trolltech (they both rely on open source software, and they're still alive).
- Paradox Entertainment (no copy protection on their software at all, and they're successful). I've got the impression they support their community quite well. And I'm already looking for a shop where I can get Europa Universalis 3.

Anybody got more examples?

Re:None at all (1, Informative)

Anonymous Coward | more than 7 years ago | (#20569577)

Stardock's Galatic Civilisations 2 [] :

No CD copy protection. Once you install, you never need your CD again. You can even use the included serial # to re-download the entire game from us years from now.
It got very good reviews too, definitely worth a look if you're into deep strategy.

Re:None at all (5, Interesting)

lukas84 (912874) | more than 7 years ago | (#20569179)

I disagree, even though just on a tiny bit.

Businesses tend to purchase software they need, yes, but extending of software licenses is often overlooked.

e.g. they buy 5 licenses of your software. A year later, a team member is added to the team using said software. Now there are 6 users. Over time, many more people than the original number of licenses will use the software.

This doesn't happen in all Businesses, but the smaller the more often.

A good idea would be to add "soft activation". This means customer have to activate your software, and the number of currently active machines counted. Deactivating machines should be running a simple tool that removes the software and decrements the activation count on the server. Activation should never fail (even if the activation server is unreachable), but the customer should be reminded if he is running unlicensed software. This way, you can make sure that users don't mistakenly use to many licenses.

Criminal elements will of course find ways around this, so i wouldn't bother with making the activation process very secure - it's essentially just a license counter for your honest customers.

Re:None at all (4, Insightful)

arth1 (260657) | more than 7 years ago | (#20569485)

A good idea would be to add "soft activation". This means customer have to activate your software, and the number of currently active machines counted. Deactivating machines should be running a simple tool that removes the software and decrements the activation count on the server. Activation should never fail (even if the activation server is unreachable), but the customer should be reminded if he is running unlicensed software. This way, you can make sure that users don't mistakenly use to many licenses.

Any system that requires an active deactivation through a tool on the machines where it is installed is badly designed, because the host might not be available for deactivation. If a PC dies, and is replaced with a new one, you can't deactivate the old installation. Similarly if a PC is restored to a point before the installation occured -- then it's impossible to deactivate. (This is part of what bit the Biosphere users -- some people installed the software, ran into problems, and rolled back to pre-install, and tried again.)

Plus, then you have a potential loophole in that people can install on one machine, back it up, deactivate, install it on a second machine, et cetera, and then restore all the backups, and you have a park full of activated copies.

The only sensible approach that I can see for large scale installations is to count concurrent usage through a network server or appliance, and bill according to peak usage. Anything else is going to create a headache for the admins who have to deal with broken machines and reinstalls on a daily basis, and can't reasonably be expected to hang over people's shoulders to count who is using software either.

Re:None at all (1)

lukas84 (912874) | more than 7 years ago | (#20569561)

Yes, a downed machine will need to be decremented by support. I don't see this as a big problem, because reinstalling the application will work fine.

The loophole is not a problem - criminal elements WILL use your software REGARDLESS of any protection.

The license server thing is bad for Small Businesses (though an option for bigger companies).

Re:None at all (1)

Half a dent (952274) | more than 7 years ago | (#20569517)

Taking this just a little further, rather than having an uninstall routine that then contacts the vendor/server and frees the license (like Adobe Acrobat and others now do which is a PITA if a hard disk gets corrupted), have a license file on the server that allows for a set number of concurrent users (like Autodesk's License Manager).

You then can simply make the installation part of the standard build (if necessary), although you may get the problem of someone forgeting to log out of the software hogging a license and no one knowing his screen saver password!

Re:None at all (0)

Anonymous Coward | more than 7 years ago | (#20569199)

Not necessarily. If this is fairly specific market stuff, it's unlikely any release group crackers will know or care about it. In this case, some average copy protection may be enough to keep the license enforced.

I cracked restrictions on a couple of specialist apps we used to use at work, mostly for the fun of doing it but in one case - where data files were rather unfairly "timing out" despite still being perfectly adequate for our purposes, which was NOT mentioned by the vendor - we got some benefit from it. If it had been packed by a copy protection wrapper (that I couldn't find a generic unpacker for) it would have been more trouble than it was worth.

Re:None at all (5, Insightful)

struppi (576767) | more than 7 years ago | (#20569247)

Good points, but I can not completely agree with you. I personally never found it much of a burden to enter a license key. Even a one-time online activation is OK IMHO as long as it's painless. And I can understand why software companies put these measures in, not to stop pirating at all, but to keep the honest people honest.

I know that piracy is not so much of a problem when it comes to businesses, but consider the following: A company purchased 50 user licenses of a product, but the product has no copy protection whatsoever. Probably the people in charge won't even notice if more than 50 employees install the software - at least not in the companies I have worked so far. OTOH, if this software would have told the 51st user "Your company has no more licenses for you to install the software. You can use this program for another 30 days, but please contact your system admistrators to buy a license for you", the company probably will buy another 20 licenses.

So, IMHO, one-time activation is OK if it doesn't get too much in my way, but phoning home at every start or some annoying procedure like the Vista phone activation (I went through that once - took me more than 1.5 hours to activate a copy of Vista) is not OK.

Re:None at all (2, Interesting)

jamesh (87723) | more than 7 years ago | (#20569301)

In short, the answer is to have no copy protection at all and trust your customers.

It depends on how the product is distributed. If it's downloadable then I think a one off registration key is probably a requirement - it doesn't have to be very complex, just a step so that people won't download the product and not get around to paying you.

I'm all for trusting people not to be intentionally dishonest, but I think you'd go broke trusting people not to be slack.

Re:None at all (1)

rolfc (842110) | more than 7 years ago | (#20569339)

I second this opinion. One of the reasons I favor GPL is that I don't have to hazzle with licenses. If Oracle can sell software without copy-protection, so can you. Those who dont want to pay, wont pay anyway.

Re:None at all (1)

mmarkusro (1121481) | more than 7 years ago | (#20569581)

I second that. I hate it to type in serial numbers. It is not a protection at all. The people who don't want to pay won't pay anyway. Just make the installer big enough so that you can't email it.

What's the Right Amount of Copy Protection? (2, Insightful)

Thondermonst (613766) | more than 7 years ago | (#20569021)


Re:What's the Right Amount of Copy Protection? (5, Insightful)

pilaftank (1096645) | more than 7 years ago | (#20569105)

If the question is how much should I beat the customer over the head, the answer is none. However, the question is wrong. The really question is how can my licensing mechanism best help legitimate customers track their licenses and stay compliant within the licensing agreement. The customers you want have no desire to steal your software, but they'll get annoyed if you make it laborious to maintain license compliance. Forget about the people who want to pirate your software. You add no value to your product when you waste time on them.

Re:What's the Right Amount of Copy Protection? (4, Insightful)

cliffski (65094) | more than 7 years ago | (#20569265)

wow, what awesome insight. you sound like you are answering the question "what is the right price for my software?" to which the slashdot crowd will answer "Free!".
You will not get a sensible answer here on slashdot, as this post above me clearly illustrates. there are far too many people in the "stick it to the man!, lets torrent everything!, all software should be free!, information wants to be free! MAFIAAAAA! is dinner ready yet mom?" crowd on here.

Yes, copy protection will annoy a small fraction of legit customers.
That's the price of doing business. Do security guards irritate people in shops? does having to get a security tag taken off clothes at the till slow down the sale and irritate the end user? We get sued to a small amount of hassle in return for businesses preventing casual theft in the real world, the software world should be no different. I'd like to see most of the anti-DRM people on here try to extend your theories to the meatspace world. Try leaving the right money on the counter and walking out of a store next time you go shopping, after all, that guy at the till is just an irritating bit of theft prevention in this case isn't he?

As for this lunacy that you should make it free and charge for support, that gives you zero incentive to ship a bug-free product, and makes you a wage slave again rather than a creator of new products.

Re:What's the Right Amount of Copy Protection? (3, Funny)

Rik Sweeney (471717) | more than 7 years ago | (#20569387)


Wrong, everyone has the right to protect something that they've worked hard on. What if the product you made was your only source of income and no-one bought it but everyone had a copy of it? You'd do whatever you could to protect your livelihood.

Get out of your fucking tree, cut your hair and get a job.

Re:What's the Right Amount of Copy Protection? (1)

Technician (215283) | more than 7 years ago | (#20569523)


Close answer. It should be the same as a newspaper or magazine. It should be cheaper to simply buy your own copy than the time and effort requried to rip, crack and burn a duplicate. You can do a copyright violation on an entire newspaper. What's stopping you? Other items with artificial high prices and low manufacturing (duplication) costs are the most pirated items. Low cost items are rarely duplicated.

You could ask you neighbor to videotape the season of (name your show) so you don't have to pay for a premium channel, but the labor and delay is enough of a burden that it is simply easier to add the channel to your package.

Over done copy protection on the other hand burdens not the pirate, but the customer. Do you or your kids have an MP3 player. Ever try to rip a DRM'ed CD or DL purchased track to the wrong player? iTunes to an RCA Lyra or a protected WMA to an iPod? DRM kills sales. High prices encourage piracy. See where I am going...

Drop the artificial high prices and DRM and sales goes up while piracy goes down. Inexpensive DVD's are priced at the sweet spot. The drive to either DL or copy a rental is diminished by the fact I can simply pick up many of them at 4 for $20 at Blockbuster.

CD sales on the other hand are suffering artificial scarcity, excessive DRM, high prices, and massive piracy due to the above. Finding a few pirates to make examples of hasn't slowed down piracy much. The record companies need to find a new business model to face the cost to fill a 40 Gig iPod. Demand is there for bulk content. They dribble it out like it was high priced Champagne. It is easly duplicated at prices less than cheap beer. Do the math. The incentive to beat the high price is extreme.

Give it away for free (1, Insightful)

BadAnalogyGuy (945258) | more than 7 years ago | (#20569023)

First of all, you need to open up the source. Get those customer eyes working for you!

Second, you don't have to charge for the software or limit the distribution of the software in any way. You wrote the software, so you have the most/best knowledge of it. You can make tons of money on service contracts.

All I need to know about life I learned on /.

Re:Give it away for free (5, Interesting)

Anonymous Coward | more than 7 years ago | (#20569281)

You can make tons of money on service contracts.
Spoken like somebody who has never run a software development company.

The fact is most companies will not make tons of money on support. If people are not willing to pay for the software up front, they are not willing to pay for support. I will take my former employer as an example. They purchased one copy of RHEL and had a support contract in place for that one copy. They installed it on over 200 machines.

My current company charges $100 per agent and $20 per agent/year for support. We often get requests from people asking if we have a free or open source version. We have had people make comments that they would gladly pay for support if we had a free version. Based on experience, that is a lie and these people want something for nothing. We have business expenses to cover and cannot rely on support fees that may not show up.

Re:Give it away for free (1)

Anonymous Coward | more than 7 years ago | (#20569433)

Yep, this theory works so well, that's why every open source person is rich.


Ok how about most of them make a great living from it.

Hrm. That's not right either.

Get customers eyes working for you! does that mean. Oh right, that theory that people actually take the time to look at your source code. Right. I do this for a living and I don't care much for looking at other peoples code even at $75/hour. So of course I'm going to do it for free on your software. We won't even get into that at least half the 'coders' out there shouldn't BE coding. The other half are pretty busy trying to make a living at it....and of course they come home from 10 hours of coding at work to look over OTHER PEOPLES source code, correct and/or improve it and send it back to them. For free. And those improvements are actually worth a crap.

Yeah. Right. I laugh everytime I read about this BS. Does happen? Sure. Is it ANY sort of motivator when you are trying to write software? Not really. What usually happens with open source is that someone will get pissy that you change some part of the code, so they'll take your code, make it work the way THEY want and then publish it. Yah, that works out great for you, doesn't it. So if your software is popular, expect a lot of clones with minor changes. If your code sucks, no one is going to look over the source. Yep, I can see the money rolling in already.

Keep in mind most people pushing open source are either 'toy' coders (i.e. they toy around and code in their spare time while announcing to their family what great developers they would be if someone would just notice them ) or are college students that don't live in the real world yet. Ignore them.

So forget the open source. It's great for community projects and things of that sort, not for commercial software. Not that you are going to write something someone else can't write - that's just crap too - I give my code to my friends and co-workers all the time. But to place it out on the website where you are attempting to sell the software is just insane.

Put enough protection on it that coworkers can't share it by just copying it - otherwise they will. This of course assumes your software is good enough they want to copy it. IF your software happens to actually NEED a service contract, then you might not need copy protection (notice how I don't assume it will). That's another bogus assumption you get from open source people - this idea that all software requires some sort of service contract and that you'll profit from that. Right - how many pieces of freeware did you purchase a software contract for after you downloaded and used it?

Anyway, anything more than stopping causual copying is a waste of time - you aren't going to stop the real pirates. That said, unless you are about to write some really successful software, you probably aren't going to draw their attention anyway. If you do, you've done well enough it won't matter.

BTW, this wasn't a very good place to even ask a question like that. This place is full of people that think linux is some sort of gift from God and that it's virus free because it's open source (not because, well, so few people have it on their desktop it's a waste of time TO write a virus for it) You aren't going to get real world answers from them, much less actual answers to your question.

Re:Give it away for free (1)

ThirdPrize (938147) | more than 7 years ago | (#20569443)

1) If it is a half decent piece of software then you won't need that much support. Then again I could put some bugs in just to drum up business. 2) As a developer I would rather be paid to write code than take phone calls from clueless customers. 3) I am sure the customer has better thing to do with their time than going through the code looking for my bugs.

Copy Protection is a Myth (2, Insightful)

gambolt (1146363) | more than 7 years ago | (#20569039)

Just like any kind of DRM. Dedicated individuals will find ways around it and likely have some fun in the process. Cracking copy protection is practically a game to a lot of people who will never even use the software. The only people who will be inconvenienced are the people willing to pay for the software.

Don't phone home (5, Insightful)

Anonymous Coward | more than 7 years ago | (#20569043)

Use a license key, make constant improvements to the product and each new version needs a valid key, disable disclosed keys in new versions.

To use your product a pirate would either have to settle for an old version, or constantly get a new hacked version and new hacked keys. It's enough to eventually get them to be legal.

Remember if you make your product hard to use with lots of negatives like phoning home, them you'll learn the lessons the Record companies are learning. Nobody is bigger than their customers.

Phoning home (1, Insightful)

Anonymous Coward | more than 7 years ago | (#20569061)

I will not use closed source software that phones home. I'm sure others feel the same.

Re:Phoning home (1)

somersault (912633) | more than 7 years ago | (#20569385)

Others yes, everyone no.. lots of people use Microsoft Office

Re:Phoning home (0)

Anonymous Coward | more than 7 years ago | (#20569559)

OS X also phones home downloading stuff that can wreck your settings.

Phoning home is _not_ an option (5, Insightful)

gunne (14408) | more than 7 years ago | (#20569069)

Prompting for a license key upon installation could be ok, since most users are used to that hassle anyway (though it's still a hassle).

"Phoning home" should never be done. Keep in mind that internet connection isn't flawless, sometimes it doesn't work for one reason or another, and would you really want to get a bunch of angry customers mailing/calling you when the software won't work/install because their internet connections went down for a while.
On top of that, if your main user base is business users, most of them will sit in a protected environment which probably won't let your program phone home even if it tries.

This is just an aside from the real problem with programs "phoning home", though. Integrity and privacy should not be taken ligthly.

Protected Environments. (4, Informative)

burnttoy (754394) | more than 7 years ago | (#20569209)

Spot on - I know plenty of people who use PCs (usually laptops) in their music and/or art studios who never connect those machines to the internet... EVER! The muso types will often strip back everything on a PC leaving a bare OS + drivers + sampler/sequencer + ASIO drivers. It's all they need and they believe they get better performance and more security without it.

I also know, and have worked for, companies where information is so secret (mission critical biz stuff or military) that you have to use a provided laptop in a room with no windows that's shielded from radio wavs... paranoid, yes, but "phone home" software is simply not an option in that case. Also. no phones were allowed in that room so manual "phone home" wouldn't have been possible.

Also, some of us are so paranoid that we don't let anything in/out of our firewalls except our browser application. Mind you, I can still use the interweb and I've never been trojan/virused... except this damn cold I seem to have but I can't blame the internet for everything!

Phoning home is counterproductive IMHO (1)

Solandri (704621) | more than 7 years ago | (#20569277)

If your app requires an Internet connection or can die if it can't phone home, my experience has been that the user will often go out of his way to find a pirated version which doesn't have that annoyance. When it comes time to upgrade, the user then thinks, "Hmm, that pirated version worked pretty well last time. Do I really want to pay for an upgrade when I'm just going to be downloading the pirated version again?"

Re:Phoning home is _not_ an option (1)

anboni (1000474) | more than 7 years ago | (#20569353)

Also, if your main user base is business users, most of them will have some sort of software distribution mechanism. Whatever you decide upon, make very sure it'll work with any form of packaging. Also keep in mind that it's often much easier for the packager to be able to enter just a single license key for all installations, so don't make the software check license keys on the local network either. If you insist on counting concurrent users, you could consider adding a simple licensing server to be installed to the local network where each running copy can fetch their license (and fail to run if the license count is exceeded)

A license key is enough. (5, Interesting)

Draconix (653959) | more than 7 years ago | (#20569085)

A license key is enough to discourage the casual pirate (custom encryption and multiple variables helps, such as name + password instead of just password) while, from my experience, not being enough to discourage regular users. Entering a key once and not worrying about it ever again is normal enough, and not bothersome. Going beyond that is asking for some glitch to cause legit customers to be calling you up to ask what the hell just caused their copy of your software to invalidate, or why they can't install it on their new computer, etc. Most importantly, it will also encourage people to crack your protection, thus making the pirate version more appealing to the end user.

Re:A license key is enough. (1)

jamesh (87723) | more than 7 years ago | (#20569231)

I agree completely, and would also add that by releasing updates (with new features) often, you'll also avoid the pirates somewhat, and give paying users a sense of value for money (assuming they are entitled to free updates). It doesn't take long to break a registration key system (I used to do it when I was a kid on games I owned so I didn't have to futz around with code wheels which invariably got lost or wrecked), but it does require some effort, and to have to do it every 3 or 6 months is a bit of a pain, as well as for the users who have to go over to the 'dark side' of the web to find the latest keygen and risk exposing themselves to viruses etc.

A few games have come out in the past with CD based copy protection which just flat out didn't work under some setups. This pissed off quite a few customers

Also, if your software isn't really that useful to a home user, you probably don't have a lot to worry about. The company I work for has a few products which are used in schools. I ask google about serial number cracks for it every so often and have never turned up a hit yet.

Re:A license key is enough. (0, Flamebait)

jamesh (87723) | more than 7 years ago | (#20569271)

Also, if your product is a popular one in the home user market, flood google with fake keygen apps which produce keys that initially look like they work (eg for a week or so) but then either:
. chastise the user for trying to break the copy protection
. if your program produces any output to the printer, always only print out an order form for the product
. overwrite the systems windows product activation key so that they have to re-activate it - I'm just waiting for a virus to do this causing a huge overload for Microsoft as people have to manually re-activate their keys for the nth time.
. email you (that way, someone will report you to slashdot and you'll get even more publicity for you product, and then you can claim that it is only the fake keygen that activates this function. flamewars and hilarity will ensue)

(some of the above options are only offered in jest... see if you can guess which ones!)

Phone home to what? (1)

mist (67304) | more than 7 years ago | (#20569101)

If you want your software to phone home, are you going to provide a fully resiliant highly available infrastructure for it to phone home to? If not, what's going to happen to your customer base when they can't use the software they have legitimately bought?

Every piece of protection you add to your software burdens the legitimate end user. It tends not to burden the pirate, because he/she will have downloaded the version that someone else cracked for them ages ago.

Your software will either be good enough for people to pay for, or it wont. If it is, then people will buy it, you don't need protection for that, you just need to write a good piece of software, that people want.

Don't require a connection (4, Interesting)

dargaud (518470) | more than 7 years ago | (#20569123)

I worked with equipment that was 3000+km and 10 months away from the closest internet connection, so anything that requires a net-activated key is an absolute no-no. We are still using Win2K for that purpose, and more Linux all the time (although you have to select a distro that won't try to download itself all over again once a week).

You don't need to go this far: I spent the last 3 weeks on the road with my laptop: Matlab ceased to function as soon as the license key manager got out of touch of the license server. I hate that macromedia shit.

Re:Don't require a connection (1)

nietsch (112711) | more than 7 years ago | (#20569449)

[quote](although you have to select a distro that won't try to download itself all over again once a week)[/quote]
Showing your lack of skills are you? Some distros might include a desktop program that reminds the user that there are new updates available. If it can't find any repository (or you create a cdrom repository), it can never find any updates so it won't bother you. Just turning off the nagging program works too. Was it too hard to figure that out yourself?

Re:Don't require a connection (0)

Anonymous Coward | more than 7 years ago | (#20569497)

Wow. Where were you at? Atlantis?

Re:Don't require a connection (1)

petermgreen (876956) | more than 7 years ago | (#20569509)

matlab is from mathworks not macromedia and i'm pretty sure you can get nodelocked licenses that don't require a license server. If you really need matlab on the road then your company shouldn't have bought a floating license for you.

Windows XP corp and big brand OEM don't need activation either and even whitebox OEM and retail can be phone activated.

Re:Don't require a connection (1)

prefect42 (141309) | more than 7 years ago | (#20569583)

Then you bought the wrong license. You can get node-locked matlab licenses that don't require any connection. Funnily enough the shared floating-licenses require a connection to the license server...

As little as it takes... (4, Informative)

pla (258480) | more than 7 years ago | (#20569125)

Is it acceptable for the software to phone home?

As a member of a small corporate IT department, I can tell you that (except for Microsoft itself), software phoning home for anything other than updates means instant banning of your product.

If so, what data is appropriate to report on? The license key?

If you insist on going down that path, what information would really help you reduce piracy? Keep in mind that, merely during the initial evaluation of your software, the same license may get used a dozen times without any intended piracy... "Yup, works on XP. Yup, works on 2k... Oops, blows a gasket on 98... Doesn't seem to like server versions...".

Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key?

That gets tricky... IANAL, but only the big boys like Microsoft can get away with that BS. If you try it, you should probably prepare to get sued.

Now, you do have one chance to block it - At installation. Even I'll allow (grudgingly) most products a one-time online activation. If at that time you deny activation and give an EASY way to contact you to resolve the problem (you can expect them to lie, and should probably just give them a new code, but it might serve as a reminder to the users that they shouldn't make too many more copies), okay, fair game. After-the-fact, though? YOu'll just piss legitimate users off.

That's Easy (0)

Anonymous Coward | more than 7 years ago | (#20569131)

Easy. Make a it a crappy, buggy program so that it won't be worth pirating. Fool proof!

IF it's any good, it'll be stolen like hotcakes (0)

Anonymous Coward | more than 7 years ago | (#20569137)

IF, and that's a big if. Unless you have alternate exposure (in other words, not online), most of your "users" will steal it. You can count on that. If they can use google, they can and will seek out the "free" (as in piss) version 100 to 1. It may well be true 99 of those 100 would not have bought it anyway, so consider that. Also, if you're only available for download/online, chances are slim you will see any real return on your investment. If you want to make a little extra money, you WILL do better at Mickey D's, with a lot less effort.

I May Get Lynched for This, But (0)

Anonymous Coward | more than 7 years ago | (#20569145)

I'm a fan of including some sort of unique identifier (serial number or some such, probably encrypted) embedded into the software so that if the software does get loose, you can at least trace the problem back to its source and potentially take appropriate action. In other words, you'll have more evidence that a specific someone committed copyright infringement than otherwise.

Code Wheels (4, Funny)

ameoba (173803) | more than 7 years ago | (#20569151)

I've been waiting for code-wheels to make a comeback.

Re:Code Wheels (1)

IndieKid (1061106) | more than 7 years ago | (#20569381)

Ahh the good old days, when you had to take the weird paper rivet from between two sheets of card and photocopy them so you could play your pirated (*snigger*) copy of Monkey Island 2.

I quite liked the copy protection in Sam and Max Hit the Road, where there was a picture of Sam and Max in fancy dress on each page of the manual and the game asked you to dress them on screen to match page X of the manual. Maybe this guy could take a load of photos of himself in different fancy dress outfits and put them on a section of his website that required registration! :-)

Personal Delivery (4, Funny)

clickety6 (141178) | more than 7 years ago | (#20569155)

Have each copy personally delivered(*) to the client and you will find that they never pass on copies and will faithfully purchase every upgrade you make available.

(*) Personal Delivery service to be carried out by Marco and Guido who have their own, very smart uniforms (Gucci suits, dark glasses) and will also provide their own baseball bats. A personal message from you to the client will also be delivered with every copy of the software with a reassuringly soft, menacing undertone. Contact Marco and Guido DRM(**) Services on 555-NO-REFUSAL.

(**) DRM = Delivery with Real Menace

Do unto others (2, Interesting)

TheLink (130905) | more than 7 years ago | (#20569157)

As you would have them do unto you.

FWIW, I think license keys are fine. But phoning home is not a good idea.

If you can link a license key to a mailing address or email address then that's good (could be yahoo mail doesn't matter - it's a matter of getting some stats).

If you're planning to have future versions of your software then you might as well decide on how upgrades and patching is to be done - key upgrades, discounts etc :).

As long as it's fully transparent, most don't care (1)

Opportunist (166417) | more than 7 years ago | (#20569159)

Companies usually don't apply cracks. At least not anymore in this climate of "we sue the pants off you if you crack our shit". But they care about productivity.

What I would do is this: Have your software, upon installation, create a keyfile. This file can be saved and, should a reinstall be necessary, be reapplied to the software. That way, you can requrest that your user enters a few key informations about himself upon installation, even a lot, because he will only do it a single time. This keyfile can then be sent to you. Inform the user that this will happen, so his license is personalized, and do not transmit any data beyond what you told the user. This way he can review what data is going to be sent to you.

This pretty much does it, in corporate environments. The company will certainly dread to see their corporate license appear anywhere else, because they'd be liable for it, so they will store that keyfile somewhere safe.

And that's pretty much it. I wouldn't require constant phoning home or similar. If people want to spread software, they will. Remember that most bosses don't know too much about computers. The existance of such a file that can link their license to them is often already more than enough to ensure they won't spread it.

Re:As long as it's fully transparent, most don't c (1)

ch0ad (1127549) | more than 7 years ago | (#20569487)

Have your software, upon installation, create a keyfile. This file can be saved and, should a reinstall be necessary, be reapplied to the software. That way, you can requrest that your user enters a few key informations about himself upon installation, even a lot, because he will only do it a single time. This keyfile can then be sent to you.

data protection act would surely prevent this (holding information that you do not need/ is not relevant/ will not be updated)

embed protection into features (0)

Anonymous Coward | more than 7 years ago | (#20569169)

Companies tend to short-buy their software and install single copy on several computers, if they deal with small fry software providers. Since this is a program for corporate users, furthermore a program which assists coordination and cooperation, make it produce as much confusion as possible if there is duplicate identity (license key) in company. E.g. require user details to generate license key and have program output put stationary with that details (e.g. name, function, department) on each printout.

Let some fall through the cracks (3, Interesting)

otter42 (190544) | more than 7 years ago | (#20569181)

Who was it that said to always make sure to leave a spot in the fence where children could sneak through? P.T. Barnum, perhaps? The point is, people used to understand and accept that a certain amount of "losses" will occur, and that sometimes these "losses" are in fact good for profits, by driving more paying customers to the business. It's only recently that we've evolved the technology and capabilities to ensure that EVERY person gets charged for EXACTLY what they consume. As if we could even know that for sure...

Don't apply macro-laws (movement of fluids) to micro situations (individual molecules in a fluid). Focus on the macro violations-- widespread corporate use without a license-- but let the little people slip through the cracks. Those of us who install and forget, and never really get much use out of the program anyway, are very unlikely to buy the program in the first place.

Explaining to people how to pirate but appealing to their goodwill might go a little far, though. I would report only the serial numbers used in the registration, along with the IP address that contacts your server (not the IP address of the machine itself). The rest of the information is None Of Your Business (TM). Try to find a happy medium between accepting a couple copied serial numbers in the wild, and noticing that a large number of computers coming from similar IP addresses are using the same serial number.

Definitely do NOT disable the program if it cannot phone home. I *hated* that about Bioshock, when my crappy firewalled network made it almost impossible for me to activate the software. Since you're aiming at corporate networks, you're certain to have lots of people with this problem.

Good luck with it.

PS: What are the current laws on downloading a program and using a serial number to unlock it? We all know that EULAs have yet to be proven in court, with many cases existing that both support and reject EULAs. So is there a clear case where it's illegal to use a serial number to unlock freely given content?

Some ideas (1)

mwvdlee (775178) | more than 7 years ago | (#20569185)

Any copy protection will affect legal users.

Short and simple, that's it, take it or leave it. If you want copy protection, you must understand that you cannot "hide" it from legal users.

As for the right amount... it all depends on the situation.

Since you are going for businesses which would have multiple installations; make it centralized. Make a small central "activation" server app that all installations contact at some interval and manage all registration from there (just use single multi-seat keys or something). Atleast this spares trouble for the end-user. Just count the number of currently active installations and give warnings to the users and/or server admins (make sure it works with common admin reporting tools). Most importantly; allow grace periods. i.e. Allow 10% more installations to be used for some short period or allow the product to be used 1 month more than licensed. Think of something that won't affect continuity of the companies buying your product assuming the make honest mistakes. Businesses generally want to be legal; help them, don't force them. Provide them with tools to make it easy for them to comply.

Use nothing, or hardware (2, Insightful)

Alkonaut (604183) | more than 7 years ago | (#20569193)

If I was really worried, then I'd skip the hassling of customers, and instead try to gather data on wether there is any real piracy going on. For example, let the setup program phone home and log itself as a unique installation. You can even skip the license number then. Of course, if the phoning home fails, it fails quietly. Noone should need an internet connection to install the software. And if the software is denied an internet connection (by means of a firewall for example) the installation should succeed anyway.

Be open about the phoning home. Noone likes a closed source software that phones home for no reason. Don't hassle customers, even the ones who install a copy that is known to be pirated. You can't really tell who's the legitimate customer and who is not.

If you discover that there is widespread piracy of your product, and you want to do something about it, then make the leap to hardware protection. Bear in mind that dongles are quite a hassle for the customer. But at least the hassle is effective. Other means of protection means a hassle for paying customers, and just a fun challenge for pirates.

Very little, but some. (1)

Fross (83754) | more than 7 years ago | (#20569217)

The key is to make the protection a slight annoyance/reminder to the user (but not enough that stops them using the software), but not worth the effort for a cracking group to spend time ripping it out and distributing it.

The best example I can think of is Windows Commander ( [] ), which is a program I both use and love. It has a nagware screen each time you start it up, but otherwise functions fully for free. I did actually buy it, as it's a great program, but I found that out by using it for a year or so - the protection didn't get in the way of that.

Of course, this is a balance in that windows commander only costs $30, if it was a piece of software that cost $300, it may have to be a lot stricter as there is more incentive for a user to never register it.

Re:Very little, but some. (0)

Anonymous Coward | more than 7 years ago | (#20569479)

Just like WinRAR who make an excellent product I've been using for years. And I haven't paid for.

A couple of things to think about (1)

StaceyRey (687641) | more than 7 years ago | (#20569221)

A lot of people have said it is unacceptable to phone home. However, I haven't seen too many explanations as to *why*. First, if it requires an internet connection to register, and you don't have a connection at the time, the software will fail to register and then you have the problem of software that will not function. Also, will it validate itself over and over or just the first time. And, what happens when the user inadvertently blocks communication through a software firewall? In that scenario, your software will be blamed for the problem even though the firewall is what prevents the communication.

Don't do nag screens. A lot of people despise nag screens and will not use software that implements them.

There's a lot of truth in the argument about pirating. There *will* be a lot of theft of your stuff, especially if the trial and "full-up" versions are the same. Think carefully before going this route. That said, if you do, consider using email registration, which ties a code to an address (but make sure you avoid anonymous addresses such as Yahoo, gmail and mailinator).

You *could* go with two distinct versions, but that also becomes a maintenance headache. Not an attractive choice, but it will give you the most control and will allow you to "fingerprint" every registered copy that goes out the door, especially if you have a unique identifier that can be traced to a specific user.

Good luck.

Unnecessary (1)

1u3hr (530656) | more than 7 years ago | (#20569223)

As you say it's "targeted mostly to corporate users", you don't need any software locks. Just a simple serial number activation. Doesn't matter if it's easily cracked or shared. That market doesn't use cracked software. It may irritate you to see it traded on warez groups, but none of them will actually use it, even if it were free. Don't use sneaky phone-home tricks, but you can be up-front and have a default option to check in, for the purpose of seeing if there are any updates, but of course at the same time you can use that to keep track of your installed base. But let the users turn it off if they want.

If it were a Photsohop plugin or the like, that market is more likely to just copy, but corporate types will just fill out a requisition form if they want it.

Corps want their licence so let them have one (1)

paj1234 (234750) | more than 7 years ago | (#20569245)

You don't need any copy protection if you're after corporations. Why?

1. Corporations are terrified of the Business Software Alliance.
2. Corporate IT departments have an incentive to search the company for unlicenced software - it gives them something to do. Licence compliance is a nice, simple, easy-to-explain and wonderfully time-consuming activity. It provides a marvellous way for the IT department to justify its own existence and be seen to be busy bees.

So, just let them get on with it. All you have to do is issue nice licence documents that says "X copies of [your product] licenced to [company name] at [address]" followed by the product key. Then, the typical corporation will spend ages doing all the licence checking for you. Some won't be very good at it but do not worry, just ignore it. If they make mistakes with their licencing, the worst that can happen is they might get into trouble and you won't.

Companies won't use unlicensed software (1)

joe_n_bloe (244407) | more than 7 years ago | (#20569253)

If you have any kind of marketing and sale infrastructure at all, you have nothing to worry about. No company in its right mind will allow software piracy on its premises, especially not for the benefit of the company. Don't bother with anything fancy; just give your prospective users an easy hoop to jump through. The more red tape and annoyance you add, the less likely you are to gain customers.

Think like your customers (1)

ricegf (1059658) | more than 7 years ago | (#20569269)

Caveat: I'm speaking of corporations in the USA here - I know nothing of how corporations in other countries approach software licensing, but I deal with it on a daily basis where I work. If I sound like I believe corporations are mostly about lawsuit avoidance when selecting software, then I'm coming through clearly. :-)

If you choose to go the fee-per-user route, corporate customers will expect the ability to easily manage their licenses conveniently from one or more central servers. The value you are adding to them is that they can easily prove that their copies are licensed by running a simple report, and that report is an affirmative defense against any claims of illegitimate use. It also gives management confidence that their employees are not making copies without their knowledge and exposing them to legal risk.

The best approach if you choose this route is to license an existing license manager - ask your primary customers which ones they use, and go with the most popular in your business sector. Of course, the license fee will come out of your profits, but that's the solution your customers will appreciate.

Alternately, you can offer a reasonable "site license" fee based on the number of users of your software that they believe they will have (*not* their employee total). At annual maintenance renewal time, each customer counts up how many people are actually using the software, and the renewal fee is based on that. This adds the burden to your customer of tracking installations, but also provides an affirmative defense ("we have a site license!"). Of course, you'll need to trust your customers more with this one, as a dishonest customer could "miscount" to save money. Legitimate corporations, though, would never intentionally game the system out of fear of legal repercussions.

In NO case should you pull a stupid stunt like phoning home. Where I work at least, we reject any candidate application that discloses spyware-type behavior in the license agreement (unlike home users, corporations have lawyers that read license agreements - and modify most of them). If an application phones home without disclosure, it's blacklisted at a minimum. A lawsuit in your direction is certainly a possibility as well.

The "correct" answer on /. is to open source the code and sell support services, of course. This may work quite well, too, although in some sectors corporations consider open source to be less desirable than commercial code because of the cost of verifying that you actually own the code you're licensing. Smart corporations audit the source code of open source applications before deploying them, and correct any illegitimate code inclusion (e.g., mixing code with incompatible licenses); it proves "due diligence" in the event of a lawsuit. They don't have this expense with closed source apps, because they can't - and that means they can't be accused of lack of due diligence for not examining the code. The law is just like that. :-(

The good news with the open source approach is that you're well-positioned competitively - once validated, the application can be deployed and used extensively, and then comes the "Who can we pay to support this?" opportunities. Code auditing can work in your favor here - once you're proven "clean", you'll be everywhere, diminishing the value add a competitor can offer.

Personally, I would open source the app and provide a detailed audit of all the code at the same location you host the source code; this proves the code is "clean" and safe to use, and provides optimal value from a corporate perspective. Offer custom services built around the free code, and that pays the bills (if you're good). ActiveState is one successful company that uses this approach (they wandered into the fee-per-user area with Komodo, but that's now moving toward open source as well - another indication that this may be the best approach in the long run).

Hope this helps, and good luck!

Golden Hawk's CDrWin (0)

Anonymous Coward | more than 7 years ago | (#20569303)

Does anyone remember it? Man it is the first a software fought back. I lost tons of creative works. Ah...2gigs of porn... then pufff...gone.

A few vital pointers (1)

CharonX (522492) | more than 7 years ago | (#20569305)

A few vital pointers: First of all, I'd recommend using a serial as the core method for authenticating your software. Preferrably a key somehow based on the name & e-mail address should be used, having your name on "the record" is a deterrence to casually releasing the key on the net. I do not know if you plan to offer a "trial/demo" functionality (something I'd recommend, as try-before-you-buy is always good) but if you do then I'd suggest an additional "hardware-fingerprint-hash", displayed when he installed the trial version, of maybe six letters that the user is asked to add in his activation e-mail. Make no issue out of it if he wants to re-activate the key using a different hash, only if there are over two or three dozend of activations from the same user you should raise a red flag and take a deeper look why he changes his PCs that often. As an additional defence against piracy be certain to monitor the "Serialz" websites and maintain a blacklist based on the serials that appear there (and to put the heat on the guy who purchased that serial). Release updates on a regular basis, and include the blacklist in them. Also, with each update, slightly alternate the way your program checks the serial against the username, and make sure "old" executional files are not compatible with the new updated version, so if they want to bypass the serial check, they at least have to do it over and over again with each update. I'd use a slightly sloppy way to check for serials, i.e. a way that allows slightly more serials than it should, to make it harder to create a keygen (and to create headaches for said keygen once the key is used for a newer version). Alternatively do only a partial check on the serial upon entry / program launch, and perform additional check if certain important functions are used. Throw an obscure error message if the initial check is passed but the laters checks are failed (usually sign that someone tried to crack the program, bypassed the initial check, but failed to crack the later checks). Recommend that the user contact the creator for a bug report, for the offside chance that a legitimate user manages to fudge up his serial "just right" to trip it. Once a keygen surfaces (that is a once, not a if) change the key-generation scheme in the next major revision, be sure to apologize for the inconvenience caused for your registered users (both in the update and e-mailing them) and send them new keys.

The right amount of copy protection is none (1)

Bozovision (107228) | more than 7 years ago | (#20569309)

BUT. You should provide benefits for registration and you should let people know clearly that they are using unregistered software, and that you know.

Why is the right amount none? I don't believe that we were unique when (in a past life) on removing copy protection on our software, our sales grew by about 20%.

I think people want to test software before they pay for it, and copy protection stops them from using a try-before-you-buy approach. I think that most people who can afford the software and who think it's good value will pay for it whether or not there's copy protection. The others won't, but they may be an advert. I think it's more likely that companies will pay than private individuals, particularly if they are worried about sanctions posing a risk to their business.

So, include no active copy protection, but do include measures that let people know the status of the software very clearly. A nice bright - 'Unregistered software' on startup + a similar notice on screen + a similar notice on print outs + these notices should change so that they don't become background that is filtered out of consciousness + a help link to your registration page + a note in the help about why they should register the software [make a point of saying that it's not just their company that is breaking the deal, but them personally] + a record of the IP address on screen + a note to say that the software phones home to say it's being used, with a note of what it tells + a note about benefits of registration - e.g. registered software gets automatic update notices + whatever extra benefits you can think of that are only available to people who have registered. The point is to embarass people into paying if they are on the borderline, but not to annoy those who will pay.

If you are being clever, track the number of times a particular copy is used, and let the user know. And let them know that you know.

Also make provision for unregistered, old versions of the software to become free - i.e tone down the notes when they are 2 versions old, but replace with a sign that says 'Version 1 is now free for use provided it's not used with projects of more than 100 steps. Version 3 includes many useful features and is only $150.' Old versions become adverts: after all, you aren't selling them anymore, and if someone hasn't paid after 2 years, they aren't likely to start now.

You also have to make it ridiculously easy for people to register, and even more importantly, for people who have previously registered, who change their machine, or who lose their hard drive (or whatever) you have to make it incredibly easy for them to retrieve their registration.

Put *NO* barriers in front of people who want to pay you, or who have paid you. These are the people who need your love because a major portion of profit on commercial software comes from upgrades.

Hope that's useful.


You can do a couple things... (1)

fbartho (840012) | more than 7 years ago | (#20569317)

If you can guarantee internet access in most circumstances:
Provide value added web only services tied to a user account. These services could be embedded in your application, but be subscription or a 1 time fee. The base application you could give out for free, but depending on what services you provide on the user's online account they'll want to pay you the fee to have an account. No license keys! But you do then have to provide some web-based services, and if your site goes down, all your paid users lose their paid functionality.

If you can't guarantee internet access, or can't identify services that would work well attached to a web account, you could go the route of the "phone home" license key. tie the serial number to a simple e-mail address db, and track the number of computers on each key. The app doesn't immediately degrade if it can't get online, but if it does get online, it adds to the count using that key, beyond some arbitrary number, the system notifies you, and you can reissue the original user a key via their stored e-mail address, and then you can blacklist the old key (degrading any future machines and any old machines as they ping home). In this case truly determined people can block internet access from your program, or they can keep the computer offline or they can go through the effort of patching out the license key call and they'll still have a free copy of your software.

Really it's a question of how much effort it takes to get around things vs how much annoyance things become for the real users if something small goes wrong.

Don't even bother... (1)

Kwirl (877607) | more than 7 years ago | (#20569321)

Assuming that your program manages to differentiate itself from the 255 million other software programs that do that exact same thing, the answer to your question is none.

If the piracy community wants your software for free and considers it worth having, then they will have it. You can't do anything about it. Ask Apple or Sony or Microsoft about how much money they spend protecting their software from piracy. Ask the 16 year old kid from New Jersey how many episodes of Pokemon he had to miss to destroy that protection.

Is where I'm going with this making itself clear? You are already jumping into a small pond full of big fish, why waste your energy and resources attempting the impossible? Use an honor system, and hope that enough honest people use your product to justify your expenditures.

Use a serial number (1)

KingofSpades (874684) | more than 7 years ago | (#20569329)

Use a serial number scheme and post a non functional "crack" on p2p networks.

Unrealistic expectations (4, Insightful)

Peeteriz (821290) | more than 7 years ago | (#20569341)

"While I don't wish to burden legitimate users, I do want to prevent most piracy."

This will not happen. Cracks for very heavy-handed measures will be available to exactly the same people in exactly the same ways as a cracks for a simple serial-number check on installation, ergo a simple serial-check will get you 99.9% effectiveness of any other software system.

The only things I have seen that seem to work are the hardware usb-dongles; the earlier ones were cracked but the new versions seem to be quite safe. (but they cause a number of other issues and don't qualify as non-intrusive).

Unique ID (1)

JonyEpsilon (662675) | more than 7 years ago | (#20569345)

Of all the commercial software I've used that's had "strong" copy protection (i.e. you'd need to use a cracked copy, not just find a serial number), I've found Wolfram Research's Mathematica to have the best system. It generates a unique ID for your computer, and then you need to go online/call to get a password that works with your licence number and unique ID. I think the secret to making this work smoothly, and Wolfram have got this right, is to make sure that it takes no more than a second, and that there's always someone on the end of the phone who doesn't make you feel like a criminal if anything goes wrong. They're also very tolerant towards generating new passwords if you change your hardware enough to change your ID.

The only other real "strong" option seems to be hardware dongles. I hate them! I don't have a parallel port anymore, or a floppy disk drive, and I hate carrying extra crap around if I want to use stuff on my laptop.

Re:Unique ID (1)

SirJorgelOfBorgel (897488) | more than 7 years ago | (#20569463)

You got to be kidding me - Mathematice the best system? I've never had so much crap from a program I tried to install (yes, fully legal, university license, you tend to get one when studying astrophysics). And not just the first time. Every upgrade, every time I got a new PC, etc. Absolutely HORRID system. If it wasn't Mathematica but a program that has real alternatives, I would ditch it immediately and never look back.

Re:Unique ID (1)

JonyEpsilon (662675) | more than 7 years ago | (#20569495)

Wow. I guess I've been lucky then. I look after a large number of licences for a physics department and we never seem to have any problems. What sort of difficulties did you have?

I once had a great message... (1)

toQDuj (806112) | more than 7 years ago | (#20569359)

The license key I entered was "unoriginal", and the software knew.

I believe it said something like: "You do not wish to pay me for this software huh? Well, fine. But please then donate some money to UNICEF."
And the software continued to work with that code.

I liked that. Some people can't afford to pay for each bit of software, but still need it. It shouldn't be made easy for those people, but it shouldn't be impossible either. One day they'll pay.


Don't provide an unlockable version (0)

Anonymous Coward | more than 7 years ago | (#20569369)

If you want to have an evaluation of your software, simply don't provide it with full functionality. If you allow a fully-functioning version of your program
by simply entering a code then it will look very tempting to reverse. Instead, compile a demo with the certain functions and data completely removed. Then, on your
site, have a downloadable full-version with no restrictions. If you feel that you need to protect your investment and your company is willing to invest the money it
would take to do so then you could look into binary watermarking.

Know thy customer (2, Insightful)

Minupla (62455) | more than 7 years ago | (#20569379)

Consider your potential customer:

You're writing project management software, so we're probably talking 150-200+ employees. Companies of this size are going to have some sort of security policy in this day and age, and potentially (depending on your market segments) may be on closed (meaning no or extremely limited external internet access) networks.

There's a good chance at the low end of your customer base that they will have some variety of managed software push in place where IT pushes down software and licenses to the workstation users, and it's almost a certainty at the high end of project management using companies (my primary contract fits into this category, and uses centrally managed software).

I'd therefore recommend a model that allows for central licensing, preferably with no need for IT management to install a license server (lower barrier to entry for your application) and does not need to phone home. I'd suggest a license key mechanism with an optional ability for volume licensees to share a single license database via a network connection.

Will it be hacked? Yep, naturally (but you sound like you're clued enough to have worked that out without my help) but you're trying to keep honest people honest here. Let's face it, do you really care if you have one or two users install it for free at home to hone their skills if you just sold 500 licenses to the multinational who employs them?

Large organizations have busy IT depts who appreciate it when software developers make their lives easier. Having an IT dept pushing your software over your competitors can only be perceived as a good thing, so take advantage of it! IT can put up very effective roadblocks if they perceive you as making their life more difficult and impeding things such as system imaging. The last thing you want to be is branded "incompatible with our environment" by your customer's IT dept.


"Appropriate"...? (1)

kripkenstein (913150) | more than 7 years ago | (#20569389)

How much copy protection is appropriate?

Define 'appropriate', and you will have your answer immediately.

If you want to maximize immediate profits at all costs, use the most powerful copy-protection you can - phoning home, disabling suspect keys even at the cost of inconveniencing paying users, etc. etc.

If you believe the project has long-term possibilities, then you need to start worrying about pissing people off. Don't phone home. Minimal product activation once at installation.

If you believe the product has world-domination possibilities (i.e., that every product manager or whatever in the world will use it) then remove all copy protection. People pirating your software are part of your market share. Also, consider opening the source in an appropriate manner.

And if you are asking about 'appropriate' as in ethics, then certainly open-source the app. Note that this does not mean abandoning copy-protection! GPL (even GPL3) apps can have copy protection... it is just possible to remove it. 90% of users won't care about removing it (or know how); 10% of them might. Not a big loss considering the advantages.

I think you should have to (1)

Boomer_Zz (548219) | more than 7 years ago | (#20569421)

Turn to page 46, what is the first letter of the first word in the second paragraph? Bring back photocopying!

Re:I think you should have to (1)

servognome (738846) | more than 7 years ago | (#20569529)

I miss Code-wheels or bad sectors on floppies that made your drive make horrible sounds when you tried to copy.

FLexlm (2, Informative)

Colin Smith (2679) | more than 7 years ago | (#20569425)

License management software. Very common.


Vista "Black Screen of Death" is a hoax (0)

Anonymous Coward | more than 7 years ago | (#20569435)

With the recent Windows Vista black screen of death, it got me thinking about what sort of measures I should go through to prevent unauthorized users from using the software.
I can't believe Slashdot readers continue to believe this hoax [] .

Too good to be true (1)

fastest fascist (1086001) | more than 7 years ago | (#20569457)

I can just see the grin on the editor's face as they noticed this one...

It is not only india (1)

Dominican Code Monke (1155595) | more than 7 years ago | (#20569461)

You know guys you are talking about India all this time but have you forgotten that like India other countries (a lot) that have people living the golden dream on a salary that you guys would see as charity.
  • Argentina
  • Chile
  • China
  • Pakistan
just to name a few. Granted, number one outsourcing is India but by far is not the only one. for companies looking to outsource it the world is their oyster and us is the part that gets thrown away(the shell)

No copy protection is good copy protection (1)

linebackn (131821) | more than 7 years ago | (#20569471)

Since you are talking about corporate software, I don't think any copy restriction measures are needed at all. In fact, make the full uncrippled version downloadable freely for personal/evaluation use. Of course charge $$$ for full licenses and "support". Companies need the ability to evaluate software before buying, do not want to be encumbered by crazy copy restrictions, and they almost alway will pay for the software because they always have to have "support".

Oracle lets you download much of their software for free for evaluation purposes. And they are doing ok.

This reminds be of back in the day when ID software made episode one of Doom 1 available as shareware. Where did giving this away get them? At one point, reportedly, Doom was installed on more computers than Microsoft windows! And enough of those people bough the full version that ID was laughing all the way to the bank.

They didn't learn anything though. I bought Doom III but haven't even played it because it requires the Cd to be in the drive at all times. Complete unusable crap. And I won't buy other games these days because of the stupid stuff game makers think they can get away. Games are supposed to be fun. When they root my system or inconvenience me with restrictions, they are not fun.

There is no spoon (1)

Stumbles (602007) | more than 7 years ago | (#20569473)

and there is no "right amount of copy protection". Its a waste of your time and money to even try and implement it. If someone wants your program bad enough and you have some form of copy protection, they WILL find a way around it. Any argument it is intended to deter the casual user, etc is complete and udder bullshit. So forget about it.

What to remember (2, Interesting)

rjwoodhead (112122) | more than 7 years ago | (#20569489)

As a veteran of the first copy protection wars, let me give you one simple insight that should guide you:

"Thieves don't buy"

Software thieves will not pay for your software, no matter how much you lock it up. If they can't get a cracked copy or code, 99.44% of them won't use it. It doesn't matter if they still live with their parents, or are the CEO of a big company; thieves don't buy.

Thus, you must tailor your strategy towards supporting your non-thief customers, while minimizing the parasitic cost of the thieves.

Consider doing this:

* Require registration for support, not for running the program. If they run an unregistered copy (ie: no serial number), give them full functionality but remind them how to pay on startup, gently. Perhaps do it only when you do the weekly update check, or whatever. Support is your major marginal cost, so you want to try and avoid giving support to the thieves.

* Phone home to check for updates, but continue to run no matter what. If the phone-home does detect a registration conflict, alert the user ("someone may have stolen your registration number") but continue to run.

* Explicitly disclose what your phone home does, and allow the user to disable it, or the registration check, if they so desire.

* Provide a way for your legit users to get logs of the phone-home information. Say their laptop gets stolen; the IP address logged on the phone-home could mean it gets recovered, you're a hero, and have a customer for life. But have strong data privacy rules about the information and how long it gets retained.

* If you have a product with low/no marginal costs, consider letting your users decide how much to pay you (works best with small ticket items). See [] for an essay I wrote on this some years back.

* Always remember to add the clause to your software license that makes Bill Gates promise to become your towel-boy.

The easier you make it for your honest users to pay you, and the more helpful you are to them, the more you will be paid.

There's always a faster gun (1)

bl8n8r (649187) | more than 7 years ago | (#20569519)

The problem with digital media; it's digital and can be reproduced and transferred easily. Non-standard CDROM formats are just as ill fated as the physically damaged floppy sectors of the early 90's. The spell books for entering RPG games were easily xeroxed or scanned, and anyone that can trace a program through softice, or ida, can circumvent dongles and just about anything else. Copy protection is a false sense of security that will cost you a lot of money. There are plenty of snake-oil salesmen out there to sell you neet whizz-bang hardware and software libraries that don't really work like they told you. I read something in a Louis Lamour book once that said "There's always a faster gun" and it's true. You can put all the copy protection you want on something, and there is always someone who can undo it. Don't you think windows, with it's infinite pool of money and software budgets, would have figured something out by now? A lot of people argue M$ hasn't because they want their product plastered all over; pirated or not. I think that's BS. It's a convenient answer for a problematic question.

Microsoft Project (0)

Anonymous Coward | more than 7 years ago | (#20569539)

Never heard of it I see...

The answer is... (1)

Dumbush (676200) | more than 7 years ago | (#20569563)

Short answer: nil
Long answer: none

How important is your software? (2, Interesting)

15Bit (940730) | more than 7 years ago | (#20569567)

Any level of copy protection is an inconvenience to the end user:

1. Install keys are a pain, but we're all used to them now and we accept them. Very few users send the software back or refuse to upgrade just because of install keys.

2. Phone home activation is a bigger pain. It gives you some control but can cause headaches for the customers IT dept. It can also make cracked versions more appealing, and makes non-internet connected computers impossible to activate. In general though, it is acceptable if its a once only affair. However, regular phone-home checks are more than enough to sway the purchasing decision against your product.

3. Locally installed license servers can be a pain, but they offer both you and the end user complete control over whats going on. They do represent an initial setup hurdle, but after that they offer considerable flexibility in that the end user can install your software on all the computers on their system and then there is a limit applied on how many clients can run at any one time. Your customer can then buy a small number of licenses and upgrade to more if necessary. Obviously this still needs the customer to have a decent internal network, but not necessarily internet connected, which is an issue in some places.

4. Hardware dongles are just a menace and a guaranteed way to drive your customers away.

At the end of the day i think you need to evaluate how important your software is to your customer. If its critical, and they have no alternative, then you have the option of going the Microsoft route and pissing them off as much as you like cos they need you more than you need them. This may come back to bite you in the arse.

If your software has little or no value to the home user (i.e. they have no use for or it or wouldn't pay for it anyway) then you can probably get away with just a license key activation cos business customers tend to be a little more honest by nature. This also makes your product appealing to small companies cos they can buy one license (so they feel honest) and use it on 3 or 4 computers. This *is* technically "stealing", but you've still sold one more copy than you might have done.

If you really want to have total control, and you think your customers will accept it, then the license server is a good choice. Your sales people should be able to dress it up as a convenient way for the IT staff to manage their licenses and if some sort of phone home is needed then only one hole needs to be drilled through the firewall. In future revisions you could also expand its role into an update server or something.

It is possible to do some mix and match. For instance, Intel distribute the free versions of their C++ and Fortran compilers with both a phone home activation code AND a license key file. I find this to be quite convenient (though admittedly it doesn't stop the software being replicated across several machines). You could for instance sell single or double licenses to small companies (in the expectation that they will use it on more than one or two computers) and sell license servers to larger companies (who might be more strict about license accounting). This sort of flexibility (not adopting a one size fits all approach) would reduce the chances alienating whole segments of potential customers.

So in summary, you are selling a product and that product has to be acceptable to your potential customers. If its not, they won't buy. Consider your target market and implement your controls accordingly. And if you can afford it, don't be afraid to offer flexibility in the licensing systems.

gentle reminders (3, Informative)

devonbowen (231626) | more than 7 years ago | (#20569569)

A while back I wrote an app that was key activated. The key had two components. The first was the name of the person that it was sold to (from the credit card) and the other was a hash of that name, the version number, etc. The user needed to enter both in order for it to work. (And the two needed to match, of course.) My thinking was that using the name in plain text would make it personal and encourage the user to not give it away while still allowing them to do what they thought was reasonable (running on both a laptop and desktop, for example). Basically, a gentle reminder to help honest people stay honest. The dishonest people are just going to hack your binaries anyway.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?