Homegrown protector system, bad idea?

[SFSxOI]

how about a system that requires :

1. Have to have an internet connection for the program to operate. An internet connection is required for continued use - must be connected to start up the software.
2. Have an 'install serial number' that only allows install.
3. Then the user emails for an 'operating serial number' and verifys they are the person/entity that purchased the software.
4. when the 'operating serial number' is entered on line 'activation' will be required. The software will also periodically 're-activate' in the background. Then the two serial #'s will be related to the machine GUID. If the machine ever changes or the OS system is re-installed, the user will be required to verify they are the original purchaser of the software and start all over again at #1.

The game anti-cheat software PunkBuster uses the GUID thing to ban users from on-line multiplay. It would be very effective if the game software did not also have single play capability for which the code can be exploited to get around PunkBuster sometimes (because the code is dual use in both single play and multiplay). Do the same thing except only have 'on-line' use code.

All you'd have to do basically is maintain an online server for verifying the machine GUID's. Check the GUID during the periodic 're-activation' and if it has not changed the software continues to operate. If it has changed the software will not operate.

Anything can be cracked but if you make it as difficult as possible by controlling all the operation to begin with, maybe you stand a chance.

[Kale]

One thing to always keep in mind with systems like these, is that you may be turning genuine customers away with their intrusive complexities.

I have a few tools that i have vowed never to buy anything again from the software makers or simply cracked them because the anti-piracy measures were just too annoying or intrusive to my PC. Something to think about when making such a system.

P.S. Most apps will be cracked anyway, even with good protection. Having said that. the best way is probably embeding something into the exe to make unique executables, i think Ricardo does something like this, IIRC. Have a search on the boards...

Famous Link:
http://inner-smile.com/nocrack.phtml

[utopiomania]

Strange! I just stumbled over this checking out a protector (PC-Guard)

- Each customer receives unique copy of our software.

- Software will be licensed to the person or company specified in "Registration name" field.
This information is embedded into full featured version and can not be changed later.

SFSxOI, it will probably work well for online games where you stay connected to the net anyway,
but could quickly prove to be a nuicance to others.?

I tried to install a second copy of a program on my laptop short while ago, and didn't like it
much when it started to bitch about internet access, so I dropped it.

[dracflamloc]

The problem with all copy protection schemes are a) they turn off legit users, and b) because computers by definition are predictable, the code can ALWAYS be cracked. Thats just how it is. No matter what. Do yourself a favor, spend the time you're using up on protection on something useful instead like adding a great feature. If you're only selling to a select few people, then rebuild a customized version for each client. That way if it DOES get leaked you can press legal charges, and probably make more money from the legal suit than you ever would have from your software.

[dracflamloc]

Just another idea if you're dead set on this... and as i said before it can be cracked like anything else... Have the user enter thier name and a serial number you generate by adding up the ascii sum of thier names characters and performing an calculation on it. When thier program starts up have it send thier name and the number to your server. The server then does the calculation on thier name and makes sure the number they send the server is the same as what is calculated.

[Trond]

@Trond, is this what PureBasic does with our personal accounts? It seems ok, but a bit risky if the
program gets copied around like thefool said.

My scheme would produce unique binaries like the ones techjunkie describes. If I stamp them with the
users name/email and some user copies it around, he gets spammed!

How about this: You have a database with correct usernames and passwords. You log every download with time and ip, and use an automatic program to check for suspectibly frequent downloads. Every time a user requests a download a copy is created especially for him and is branded with a unique customer number together with a the current date and time. This is all transparent to the user. As soon as the file transfer is complete or after a timeout, the file is deleted.

If you're really really cool you can actually implement the branding feature directly in the webserver without requiring an additional copy of the file.

[thefool]

Good idea, trond. Have some such of warning system when the same user gets accesed too frequently from different ip's.

this wont stop spreading of the whole exe, but it will stop spreading of the link.

[Trond]

And when the exe is spread you know exactly who did it!

[thefool]

Yeah thats an even better thing

some of them probably gets a bit scared when they get an email..

[techjunkie]

And when the exe is spread you know exactly who did it!

and then what? Sue him / her for plenty of bucks?

Better if the executable stop working if you moved it to another computer OR do as Collectors.com. If you buy for example Game Collector you can use it without Game Collectors own site, but if you wanna use the good stuff you have to register at their site. Then you can log the IP-adresses when they access, if it access from 10 different IP-adresses within a week, turn off the account and send a friendly email to the user.

[netmaestro]

I like the transparent branding idea. The users don't even know it exists as it doesn't try to enforce anything. It's just an invisible fingerprint. Then if a version of your program turns up on p2p sites you can download it and know which of your customers shared it with the rest of the world.

[techjunkie]

I like the transparent branding idea. The users don't even know it exists as it doesn't try to enforce anything. It's just an invisible fingerprint. Then if a version of your program turns up on p2p sites you can download it and know which of your customers shared it with the rest of the world.

and then? what do you do? I'm really intrerested in an answer. Do you sue the customer or what? The damage has allready occured...

[netmaestro]

You can take steps to alter your future relationship with the customer. For example if someone is a customer in good standing and you find them breaking the license agreement like that, you can revoke their license and they lose future download privileges. It's not exactly restitution but it's more than you had if you didn't know who was responsible, right?

[thefool]

its definently more. you can charge the user, even. At least in some countries.

You got the evidence. Break the forum account, deny support, never more updates etc etc.

@techjunkie: if you gotta access the server everytime you start the program, it wouldnt be a problem for people with a dynamic ip to get more than 10 different ip addresses a week
however if you just do it for downloading the proggie, 10 downloads a week would be quite weird too :/

[techjunkie]

@techjunkie: if you gotta access the server everytime you start the program, it wouldnt be a problem for people with a dynamic ip to get more than 10 different ip addresses a week
however if you just do it for downloading the proggie, 10 downloads a week would be quite weird too :/

I don't know how it is in other countries, but in Sweden the lease time of a dynamic ip is very long. I suppose it is to keep the logs down and to keep track of people sharing files, but ok - let us say 10 accesses with different ip adresses in 5 hours? Sounds that ok?