What's the Right Amount of Copy Protection? 561
WPIDalamar writes "I'm currently working on a piece of commercial software that will be available through a download and will use a license key to activate it. The software is aimed at helping people schedule projects and will be targeted mostly to corporate users. With the recent Windows Vista black screen of death, it got me thinking about what sort of measures I should go through to prevent unauthorized users from using the software. While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate? Is it acceptable for the software to phone home? If so, what data is appropriate to report on? The license key? Software version? What about a unique installation ID? Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key? Would a simple message stating the software may be pirated with instructions on how to purchase a valid license be sufficient?"
As little as it takes... (Score:5, Informative)
As a member of a small corporate IT department, I can tell you that (except for Microsoft itself), software phoning home for anything other than updates means instant banning of your product.
If so, what data is appropriate to report on? The license key?
If you insist on going down that path, what information would really help you reduce piracy? Keep in mind that, merely during the initial evaluation of your software, the same license may get used a dozen times without any intended piracy... "Yup, works on XP. Yup, works on 2k... Oops, blows a gasket on 98... Doesn't seem to like server versions...".
Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key?
That gets tricky... IANAL, but only the big boys like Microsoft can get away with that BS. If you try it, you should probably prepare to get sued.
Now, you do have one chance to block it - At installation. Even I'll allow (grudgingly) most products a one-time online activation. If at that time you deny activation and give an EASY way to contact you to resolve the problem (you can expect them to lie, and should probably just give them a new code, but it might serve as a reminder to the users that they shouldn't make too many more copies), okay, fair game. After-the-fact, though? YOu'll just piss legitimate users off.
Re:None at all (Score:1, Informative)
- Mysql, Trolltech (they both rely on open source software, and they're still alive).
- Paradox Entertainment (no copy protection on their software at all, and they're successful). I've got the impression they support their community quite well. And I'm already looking for a shop where I can get Europa Universalis 3.
Anybody got more examples?
Protected Environments. (Score:5, Informative)
I also know, and have worked for, companies where information is so secret (mission critical biz stuff or military) that you have to use a provided laptop in a room with no windows that's shielded from radio wavs... paranoid, yes, but "phone home" software is simply not an option in that case. Also. no phones were allowed in that room so manual "phone home" wouldn't have been possible.
Also, some of us are so paranoid that we don't let anything in/out of our firewalls except our browser application. Mind you, I can still use the interweb and I've never been trojan/virused... except this damn cold I seem to have but I can't blame the internet for everything!
Re:None at all (Score:2, Informative)
With Elicense, you get an order ID. You enter that, it contacts their server and "unlocks" the software. You can choose how many installations are allowed as well. For example I have a few games that use it that come with two licenses, so you can run it on two computers. Another title only gives you one.
The install is painless (it installs a license control service that in many years of using I've never had any sort of issue with), and it stops a LOT of piracy. It IS possible to "unwrap" the executable, but of all the Elicense protected software I've used, I've only ever seen one game cracked. (Ironically it is the most obscure of the ones I own.)
I am vehemently opposed to DRM, copy protection, call it what you will, but I find Elicense extremely inoffensive due to it's ease of use. DRM should not impact legitimate consumers, and this one is the only one I've come across that has never caused me any sort of negative experience.
FLexlm (Score:3, Informative)
gentle reminders (Score:4, Informative)
Devon
Re:None at all (Score:1, Informative)
Re:Speaking as a very successful vendor: None. (Score:3, Informative)
Well done.
Wheee, my first slashdot article! (Score:4, Informative)
1) Upon purchase, user gets a license key.
2) When installing, the software generates a random (somewhat) unique installation id
3) The license key is checked locally, with no net connection required.
3) Upon app startup, if there's an internet connection, the software phones home with the software version, the license key, and the installation ID
The phone-home also gives a version-check to let the user know about any updates.
4) We log the license key and installation ID
Someday, we do some data analysis and find any license keys with a large number (maybe 5, maybe dozens, not sure) of installation ID's. The data analysis should look for interwoven log records of installation ID, because the user might have uninstalled it on one machine, and installed it on another. Then a person (not automated process) would get a report and be able to investigate and flag certain keys as compromised.
What happens next?
Do we cause the software to stop functioning? (I don't like that)
Do we cause the web service-portion to stop functioning? (I don't like that either)
Do we pop up a window saying, "SOFTWARE PIRACY DETECTED!! YOU ARE GOING TO JAIL IF YOU DON'T STOP!"
Do we pop up a window saying, "Hey, this might be pirated. Go to http://xxxxx/ [xxxxx] to purchase additional copies"
Maybe the software does nothing, and we deal with it through customer support. A friendly email to the original purchase agent?
I guess the goal is make honest people stay honest. As many have pointed out, it will be impossible to prevent someone who REALLY wants to pirate the software.
Re:None at all (Score:4, Informative)
You obviously have no clue what you are blabbering about. There is no reason whatsoever why you can't have multiple independent products protected by the same third party mechanism without linking said products together. I know, because I've done it.
In short: Nobody interested in anti-pirating wants the licensing to be in a dedicated dll, since those are easy to locate, break, and replace. Licensing code should always be fully merged into a key component of the product you're protecting and as such be "invisible". That automatically means that you can have multiple copies of it that are not aware of each other and that are automatically uninstalled together with the product they protect.
Re:None at all (Score:3, Informative)
Requiring an internet connection. (Score:3, Informative)
One of the pieces of software required a connection to do its activation. No phone or snail mail supported. It was so backwards where we had a tech from the software company online and they didn't know how to activate the software w/o an internet connection. We had to wait for them to send us a patch disk that included the activation files.
Re:None at all (Score:1, Informative)
FlexLM is a joke. We used to have node locked licences for a number of compilers and other tools. To FlexLM, node locked meant tied to the hard disk volume ID, which was also present in the licence files in clear text.
The problem was that every so often, someone's computer would get replaced (upgrade/malfunction etc...) and after reinstall, none of the FlexLM locked tools would work. Understandable - FlexLM was 'working', but a major PITA as it would take a couple of days to get licences re-issued from the distributors. Some distributors would also only allow a licence to be reissued once a year, complicating the matter on a number of occasions. At one time, all systems in the company were upgraded/refreshed, meaning almost 400 licences would need re-issuing.
We got bored with re-licensing very quickly, so decided to use volumeid [microsoft.com] to change the HDD IDs to match licences. After a reboot, FlexLM knew no difference and we could get on with work.
The 'node locked' mode of FlexLM is so utterly retarded. Waste of time.
Re:None at all (Score:3, Informative)
Re:None at all-Money (Score:2, Informative)
They are all that. People aren't using them in the first place because of the 'MindShare' aspect that you mentioned.
The GP was right. I've now worked at two large corporations and one small one that all had site licenses to WinZip. They install them on all desktop systems automatically. Most large corporations have policies in place such that pre-installed software must be licensed. This is for audit reasons and so they can claim support if they need to.
I, of course, promptly uninstall it from my machines and replace it with 7-Zip. Last time I checked, Winzip still didn't handle several major file-types (like RAR).
Re:None at all (Score:1, Informative)
The solution? We tossed the dongles in a drawer and downloaded cracked versions of the programs. Everything worked fine. The EXTENSIVE copy protection on these programs accomplished NOTHING except making it tough for us to use the software we'd paid for.
Re:The only game to ever not be cracked (Score:2, Informative)
Many software titles from the late 80's and early 90's used this method of copy protection. With CD installations and later downloaded installations, this method was no longer feasable.
Re:Speaking as an IT Director (Score:3, Informative)