Dev.SN ♥ developers
Sections
Dev.SN
AnonTechie writes:
"Echoing a question asked on programmers.stackexchange.com - How can software be protected from piracy ?
It just seems a little hard to believe that with all of our technological advances and the billions of dollars spent on engineering the most unbelievable and mind-blowing software, we still have no other means of protecting against piracy than a "serial number/activation key." I'm sure a ton of money, maybe even billions, went into creating Windows 7 or Office and even Snow Leopard, yet I can get it for free in less than 20 minutes. Same for all of Adobe's products, which are probably the easiest. Can there exist a fool-proof and hack-proof method of protecting your software against piracy? If not realistically, could it be theoretically possible? Or no matter what mechanisms these companies deploy, can hackers always find a way around it ?"
(Score: 5, Insightful) by The Mighty Buzzard on Friday March 21 2014, @10:50PM
123
456
789
(Score: 5, Insightful) by Angry Jesus on Friday March 21 2014, @11:05PM
> Anything you do will be cracked.
Indeed. The question is like saying, "it is hard to believe that with all of our technological advances and the billions of dollars spent on engineering we still have not invented a perpetual motion machine."
(Score: 5, Insightful) by The Mighty Buzzard on Friday March 21 2014, @11:18PM
123
456
789
(Score: 1, Troll) by Angry Jesus on Saturday March 22 2014, @07:59AM
> Anything that can be built by humans can be taken apart by humans.
That's why private key crypto is such a waste of time!
(Score: 2) by The Mighty Buzzard on Saturday March 22 2014, @08:15AM
123
456
789
(Score: 2) by Angry Jesus on Saturday March 22 2014, @02:19PM
My issue is that your entire point revolved around the use of the word anything which is false. Your response seems to be to cite a case of the mis-application of private-key crypto -- where the keys are not private. That still doesn't negate the fact that not everything built by humans can be taken apart by humans.
This isn't a case of pedantry either, your whole post relies on that one falsehood. A correct version of your statement would be, "Most things that can be built by humans can be taken apart by humans." That's not on the same level as a perpetual motion machine, nevermind "worse than that."
(Score: 5, Informative) by frojack on Friday March 21 2014, @11:19PM
Never charge so much for your software that anybody bothers to crack it. You can do like AutoCad did, and charge mercenary prices, and try to make everybody pay, or you can go a lot cheaper, and hope most people pay.
Our company has tried dongles, commercial protection etc and finally the problems just got so troublesome the powers that be decided activation key only.
Our customers know the software will call home to check for updates once a month. They can turn that off if they want. But because we do update it frequently with improvements, most don't. And when it does check it sends its serial number as part of the query.
Se we know the level of piracy. We know who those serial numbers were assigned to.
But it has never reached the level that we feel we have to do something about it. When a good customer with installs it on another machine, we aren't going to go after them. Not worth turning a good customer to someone else's customer.
(We have a continuing revenue stream from our customers, and losing that would cost us more than one or two additional licenses.
Discussion should abhor vacuity, as space does a vacuum.
(Score: 3, Informative) by mcgrew on Saturday March 22 2014, @09:47AM
When a good customer with installs it on another machine, we aren't going to go after them. Not worth turning a good customer to someone else's customer.
You're a smarter businessman than Microsoft employs. How to lose customers. [cnet.com] Thanks to Microsoft and the BSA, the Ernie Ball corporation is running Linux and using very little proprietary software and nothing from Microsoft.
Look how hated the RIAA is. They're idiots, too.
Free Nobots! [mcgrewbooks.com]
(Score: 2, Interesting) by Aiwendil on Saturday March 22 2014, @02:05PM
I have seen an interesting variation on this once. Pretty much the same setup but on a duplicate key it simply (on updates) popped up a simple:
"You are using a duplicate key. Do you want to:
a) Proceed [default]
b) reassign the key to this machine as primary installation
c) purchase a new key for $Y"
and acted accordingly, was nice enough, impled the extra install was a simple change of machine of installation, and allowed a small discount if you went thru the hassle (this software was mainly distributed with a printed manual and such, the discount was less then the cost of ordering the manual separatly)
(Score: 2, Interesting) by Anonymous Coward on Saturday March 22 2014, @12:27AM
That's an interesting and provocative statement, but I think it's too broad to be absolutely true. I happen to sell some very specialized software that's a tool for a professional engineering niche and sells in small volume. For the first several years, it had a pretty simple-minded registration keying system that I put together in one evening. It soon got cracked, and somebody even created a key generator for it.
I wasn't happy about that (no one enjoys being vandalized), but a friend who also sells small-volume software advised me not to worry about it. After all, how many paying customers did I really lose in the process? The professionals who might buy the software probably wouldn't use the cracks anyway. The main purpose of the registration key was to keep honest people honest.
Even so, the crack and key generator really bugged me. The worst part is that the top slots of Google's search results were dominated by the cracks, with my own page about the product appearing in about the middle. (That's PageRank at its finest...) So I decided to fight back. I found a nice article that explained how to remove trails within the software that crackers might follow, so I did that. I then spent several weeks putting together a very complicated registration keying system that uses layer upon layer of cryptography. It's so complicated that I barely understood it myself at the time (I don't by now.) It's certainly not impossible to crack, but I figure if it took me that long to develop it, no cracker would spend that much time on it since the software is specialized and small-volume.
Several years later, I'm not sure if it's been cracked or not. It does appear in some crack sites in search results, but all of them seem to want a credit card now, so I haven't been able to check if their advertised cracks are real or not. (When the software was originally cracked, the cracks were given away freely so that was easy to check.) Anyway, I figure that anybody who gives their credit card to crackers deserves what they get. So, even in the unlikely event that the cracks are real, it's OK. I got enough moral satisfaction out of at least putting up a good fight to make it all worth it. I also learned a lot about cryptography in the process, which ain't all bad.
(BTW, if you folks think I deserve what I get for selling software, that's OK too. :-)
(Score: 3, Funny) by chromas on Saturday March 22 2014, @02:23AM
Actually, I just find it hilarious that you implemented a security scheme you barely understood and you don't know if it's effective. But we'll forgive you since it's just copy protection instead of bank transactions plus you learned crypto.
(Score: 1, Funny) by Anonymous Coward on Saturday March 22 2014, @09:09AM
Good point. But remember, it was mainly about moral satisfaction. In that regard, it's been a huge success.
(Score: 3, Insightful) by Tork on Saturday March 22 2014, @04:30AM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 5, Interesting) by anubi on Saturday March 22 2014, @08:17AM
I have been burned before over software with protection schemes. The first sniff I had of it was purchase of Circuit City "divx" disks. When they turned the servers off, the disks were useless.
Imagine my chagrin when I am tasked by the company to implement our first CAD system ( this was MANY years ago!) , and I knew we were probably going to use this system for 50 years. ( Yes, it was an oil refinery ). When I invest the time and trouble to implement something, I expect it to last. I do not build refinery supports out of lumber. I do not use cheap pumps. I am not running a topsy-turvy try-to-keep-it-running operation. Once installed, stuff is expected to work - for all practical purposes: forever. I have plenty of problems as it is without having to worry about finicky crap. I looked at most technology offerings the way I looked at bad concrete... looks good for the acceptance handshaking, but would it last under the stresses of production?
I ended up going with Futurenet ( Dash-2 ), under DOS at the time. I had a crack for it. The only reason I felt comfortable with this is because I knew at least if I could maintain compatible hardware, I could keep this thing going.
Yes, as anticipated, the dongles eventually failed. The program became obsolete and no longer supported. For all I know, its now abandonware.
Its now going on 30 years old. You know what? IT STILL WORKS!
I still pull it up once in a while if I need to see how I had wired something years ago. I have that and the companion PCB layout program PADS pwork for DOS. Both still work albeit I have to refresh myself every time I bring it up because I am doing all my new stuff on EAGLE... which was selected for the exact same reason. I expect it to be working 30 years from now as well.
I have watched a lot of stuff come and go - especially word processors and office type stuff. I consider most of the kind of stuff that software kept track of was extremely ephemeral in nature, as I no longer give much of a damm how many resistors I had in a bin four months ago, but the wiring diagrams to a refinery is to me a horse of a completely different color. You simply do not throw a manufacturing plant away because some MBA did not like the color of one of the distillation columns.
I no longer work for the company, however I can still use the tools, just as I can still use old screwdrivers and pliers. Finicky software to me is like a wrench that cannot be counted on to do the job. As far as I am concerned, finicky software is mostly to give PHB's a sense of accomplishment by signing for it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Kell on Saturday March 22 2014, @09:34AM
Thank you! This is the most interesting thing I have read all day.
Scientists point out problems. Engineers fix them.
(Score: 2) by Runaway1956 on Saturday March 22 2014, @01:50PM
"Finicky software to me is like a wrench that cannot be counted on to do the job."
Or, as I was taught, "Always use the right sized wrench!" A Crescent or a Monkey wrench (or some cheap knockoff) may be convenient, but it will never fit as securely as an open and box end wrench that was made to turn that one specific sized nut. Million upon millions of rounded off nuts and bolts prove that you should use the correct wrench!
(Score: 2, Interesting) by el_oscuro on Saturday March 22 2014, @05:40PM
I would agree, as long as I can find the correct size wrench. Unfortunately, the correct size is always the one that is missing. If you were look up "correct size wrench" in the dictionary, it would have a picture of an empty slot in my tool chest. :)
So sometimes you need to use a crescent. Just make sure to get the original, actual Crescent wrench. They are still made in the USA, and will hold a bolt a lot better than the cheap made in China crap. Same thing goes for Channellock pliers, also still made in the USA. While almost everyone has some knock-off of them in their toolchest, try picking up a Channellock 440. You will not believe the difference in quality.
(Score: 2) by Reziac on Sunday March 23 2014, @12:04AM
The difference is that you'll only buy ONE of the tool made in USA or Germany or Finland, since it will last pretty much forever, and A BUNCH of the cheap Chinese knockoff (or worse, the cheap Indian knockoff) since they keep breaking.
(Score: 2) by Runaway1956 on Sunday March 23 2014, @05:34AM
Uhhhmmm, while I tend to agree with your statement, the conversation wasn't directed that way.
No matter how well made a crescent wrench might be, it is a general purpose tool, lacking in precision. It might be "good enough" to turn your nuts and bolts most of the time, but it can't be counted on. A precision built hex wrench or socket will fit the appropriate nuts and bolts exactly, time after time, with no slipping. It only takes one broken knuckle to convince a more intelligent person that precision tools are worth the extra cost. I do own and use slip joint pliers and channel locks, but I never use them on nuts and bolts. Even expensive high dollar crescent wrenches are known to slip when a lot of torque is applied to them. The monkey wrenches I mentioned will take more torque than a crescent, but they will slip too.
(Score: 2) by Reziac on Sunday March 23 2014, @02:18PM
This too, tho sometimes a person can't be arsed to go find the correct wrench or socket, and vise-grips do the job well enough. Or the damned socket won't FIT in the spot, but vise-grips do.... a situation I have a lot of experience with thanks to the vagaries of fence clamps and irregular fence panels. :( And then there's the crescent wrench I use mostly as a hammer, because it fits conveniently into narrow spots. We won't even discuss how I use the tire iron. :)
I'd say the software market, DRM and all has much in common with both situations.
What was the question? :)
(Score: 2) by Runaway1956 on Monday March 24 2014, @12:05AM
LMAO at the crescent wrench hammer - that is just to damned true!! Not to mention that the crescent wrench fits into a hip pocket, but a hammer normally stays in the drawer of my toolbox because it doesn't fit into a pocket.
(Score: 2) by Reziac on Monday March 24 2014, @01:03AM
Nonsense. This ball-peen with the busted-off handle (er, without the busted-off handle) that I found in the mud today fits in my pocket just fine!
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @09:23AM
I don't have any real data on this because this software sells in such small volume (both before and after) that statistics are nearly meaningless. The one data point that I do have is that the crack results no longer appear in the first page or two of search results unless you put in terms like "crack" or "registration key" alongside the product name. I think that's pretty good evidence that it was worth the several weeks I spent on it about four years ago. Or, maybe my marketing or Google search algorithm has simply gotten better.
That may be true, but it was never about that in my case (see the advice quoted from my friend above). It was about fighting back against vandalism. The people who might use the cracks are thieves, but at least they're getting some benefit from it: when they steal it, I can take some satisfaction in the fact that I'm helping somebody in some way. OTOH, the people who create the cracks are just plain vandals: they damage someone else's property without getting anything out of it themselves.
Oh, except that they get a fun puzzle to solve. And if that's what they're looking for, I've given them an even funner puzzle to solve. (You're welcome. ;-)
(Score: 3, Interesting) by mcgrew on Saturday March 22 2014, @09:54AM
Expected, considering a study a book publisher did a couple of years ago. He wanted to know how badly piracy was hurting sales so he commissioned a study. Unlike a movie or song it takes a few weeks for a book to be scanned, OCRed and uploaded so they looked for a dip in sales when the book hit the internet.
Rather than a dip in sales there was a spike in sales. Piracy results in more revenue.
Free Nobots! [mcgrewbooks.com]
(Score: 2) by Reziac on Sunday March 23 2014, @12:13AM
That would be Baen, I presume.
What they also found was that suddenly there was renewed demand for older stuff. Which meant not only was Baen profiting, their authors were profiting, from works that normally would be past their shelf life.
Baen found this all so enlightening, that they started releasing big swaths of their stuff on redistributable CDs, as a bonus with printed works. Frex:
http://baencd.thefifthimperium.com/ [thefifthimperium.com]
(Score: 2) by mcgrew on Sunday March 23 2014, @01:21PM
Thanks, I didn't remember everything from the article. It probably was Baen.
Free Nobots! [mcgrewbooks.com]
(Score: 1) by khakipuce on Monday March 24 2014, @05:38AM
The thing is it is analogous to process that causes string to be tangled. There are very many ways in which a piece of string can be tangled and only one way in which it is untangled. So statistically it pretty much always ends up tangled.
Your software is the same, there are very many ways of cracking a software activation code and you have to find and block each and every one. An attacked only has to find one of the many that you have missed.