Slashdot Mirror
More On Policing Shareware
RHW22 writes "Washington Post's Rob Pegoraro looks at shareware, focusing on the question of whether or not this industry can survive if people never actually cough up $$ for the product. He mentions Ambrosia Software, 'a developer of Macintosh games and utilities in Rochester, N.Y., could stop guessing after it revised its payment system last year. The new system aims to stop people from using pirated registration codes in two ways.' Read his column here." We mentioned this several weeks ago, with a link to Ambrosia's description of their system and what led to its adoption.
IMHO, most stuff marketed as shareware is really demoware.
If it can't save - It's a demo
If it pops up excessive nag screens - It's a demo
If major functionality is locked - It's a demo
TODO: Something witty here...
The way I see it, shareware authors shouldn't expect to turn a profit. They should just see being profitable as a nice perk. The majority of people out there won't pay for what they can get for free. If that involves running a serial number generator or a simple crack, then that's what people will do. The only reasonable way to get people to register is to do like Doom and offer a sample that can be expanded upon once the cash is coughed up. Most importantly, it can't be an unlock code, it must be an entirely different program. Of course that doesn't prevent people from giving their buddies copies of the registered version, but that's an unwinnable war.
This stuff is easy to defeat. If you wanted to pirate this stuff you would not try to do it with a shared registration code. That is just 5tup1d. It would be done in one of 2 ways:
:oP
1) A key generator: Create your own personalized registration key. This was my favorite way to pirate and it usually doesnt take the professionals long to create a keygen either.
2) A crack: completely disables the 'time checking' on the shareware by altering the binaries in some way
The piracy prevention methods outlined in the article won't have any effect on key generators or cracks.
P.S. This is such old stuff. I remember shareware companies keeping blacklists and time stamping keys in 1997. It did not slow me down at all
Why is this news?
Exactly. I have a couple of their old games (WHICH I PAID FOR) before they started with this SHIT. This is like Windows Product Activation but having to KEEP RE-REGISTERING for no reason. At least WPA only needs to be re-registered when you change your hardware.
Won't be buying anything else from them now.
STOP ME BEFORE I POST AGAIN!
it's been said earlier, but if you compare the ratio of sales of a product like CuteFTP to pirated / trial versions, it's ridiculous.
let's examine it in depth.
What are 94% of FTP client users doing? WAREZING
now that we know that, we can assume, that most people won't pay $35 or whatever.
So the solution would be to make it ultra cheap, say in the neighborhood of $5 a license. That would greatly expand the user base, and if they implemented payment via paypal as well as credit cards, people would be more likely to impulse buy.
$5 is nothing, i'll spend that impulsively. Even $10, after that, we move into the area where we stop caring about the company (think of how many sharware progs you use, (wellyou linux people dont')). If they were that cheap, i'd by each one that I use.
Photos.
Ok, strange that slashdot posts something like this just as I am in the process of writing some copy protection (due in the morning!). I just read the Ambrosia Software story while searching google for some tips and techniques for writing copy protection. I am trying to avoid the very problems they had. All I hear is that the key is "use polynomials!," wherever I go. If you can't tell yet, I'm a complete newbie to this, I've been programming a while but haven't had to protect my applications before. So how about some helpful advice on how to write a decently secure registration system. Some links with mathematical explanations would be nice.
... + 2^N * charN), with a 31 char limit to keep the number 32 bits. I'm wondering if there are ways to check parts of such a hash without actually regenerating it, so that I don't give away the key generation algorithm in the software. I know it can't be bulletproof, I just need something that's not so simple it'll be breakable by a casual cracker.
Right now I am just creating a 32-bit value from a random 32-bit number the application gives the user and a name. The name is hashed using something like (2^0 * char0 + 2^1 * char1 +
It seems most "shareware" these days has forgot the true meaning of the word. True shareware just used to have a screen at the beginning that says (basically) "Hey, if you like this program, how about send some $$$ the developer's way for his troubles... and pass this on to a friend if you'd think they'd like it!" and let you go on your merry way... If you didn't want to send them money, then you didn't have to, unless the program expired after X days, or X uses and you wanted to continue using it.
One of my friends is the co-developer of Cover Your Tracks and I joked with him once that he made it to the "big time" when there were cracks published for his program's licensing code algorithm.
There are only 10 kinds of people in this world... those who understand binary and those who don't
All I'm saying is that they shouldn't expect to be in the black if it's easy as running a Google search to find a way to circumvent their protection. I don't condone the practice of cracking software, I just think software designers should wise up instead of pitching a fit when their weakly protected software is pirated. Find a better way to convince people to pay you. Doom was the first shareware program I registered, because it was the first that gave me something that made it worth registering, besides a warm fuzzy feeling. And look at how well Id did, they became millionaires. They're savvy businessmen.
Unless you subscribed to a magazine that was really grainy black and white, that listed about 10,000 program descriptions... you put a check by the ones you liked.. than filled out a small form and paid about $1 for each 5.25 media floppy to have it mailed to your house to operate on your Pc Jr... You don't know crap about shareware ;)
The internet defeats the purpose of shareware. Back in the day shareware was distributed by one person sharing his collection of shareware floppies with another friend. If someone liked the program, they could mail a check to the author.
The only limitation ever put on shareware back then was like... a game that had maybe 1 episode. You could mail money to the author and get 10 extra episodes.
What you never heard of a bbs or something?
Yes, I remember looking at those magazine ads and trying to understand what kind of fool would pay a dollar a diskette for shareware and freeware applications that I was downloading (at 300 baud at first, then at 1200 baud) for free from BBSes.
That was after I got a DOS machine, of course. I was online BBSing for awhile first with a CP/M machine, and I don't recall seeing ads selling diskettes of CP/M software, though I am sure they were out there.
I remember how cool it was the first time I connected at 1200 baud. woo hoo.
This is true. And for every decent usable linux software there are probably over 10 usable windows shareware programs, and they are just as free (as in beer) unless you want to register them.
I am tired of the really awful stuff out there for Linux. 'Finish it yourself' isn't going to bring in people to Linux except for a select few who enjoy programming. People want to pay for software that's useful. I know I do. I've registered about 20 things in the last several years, from TextPad (a truly great editor) to GetRight.
Blithering idiocy (that doesn't impress me in the slightest) deleted
Translation: "Please stop using copy protection so I don't have to go to all this trouble."
That's like asking the attendant at the gas station "Please, can you do me a favor and allow me to rob you WITHOUT a gun this time?"
If you're going to be a thief, then you're going to be made to jump through hoops. Tough luck for you, you thieving loser.
This is an interesting debate.
/dev/null..
..
I think shareware authors should be paid for their work. Shareware is cheap, shareware is great..
But...
In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...
1)Trumpet (a TCP IP stack from several years ago).
Buy the program, registration never shows up in m ail.. wait.. email back and forth..wait some more.. in meantime, trial expires, re-install wait somemore. Client I am billing hours for is getting unhappy.. Calling to Australia to get it sorted out was not fun either.
2)DFX (an sound effects addin for winamp)
Liked it, and tried to buy a copy with their VISA card purchase screen... then.. nothing happens.. no registration comes.. nothing..wait days... nothing happens, no reply, no program... nothing.. I write email to them.. nothing happens..no reply..
Finally I *CALLED* the company, to ask them what is going on. They said that my visa transaction was rejected (but they never bothered to inform me of this, even though they collected my email address (just to send me spam I guess?). When I asked the sales rep at DFX what is wrong, they told me that my destination address and billing address were different, (I am an expat overseas) so.. transaction just gets automatically rejected, bin'ed.. period. No mail, no reply, no followup, nothing.. rejects just goes to
They didn't email me when the Visa was rejected (or ask where I live.. or anything), nor did they even bother to reply my original emails.
The answer the DFX rep gave me on the phone to all this was... "well, it is just a $15 program, so we can't spend too much effort (ie any!) to deal with things that might come up".
3)NJstar
It is a great program. But they wanted me to send checks to Australia or something in AUS dollars.. gee.. how to I do that.. the bank will charge me $50 in processing fees (after waiting in 3 lines at 20 minutes a pop because no one would know how to draw up a foreign denominated check), for a $25 program..
Those are my stories..
..and people wonder why they don't register their shareware...?!.
...because it is too complicated
to pay for it, thats why.. fix that, and then
I am ready to buy lots of great stuff.. but
right now it is just too much hassle I discovered,
so I just stay away from it..
I frequently downloads share-/demoware and I have a practice of always cracking the software before I even run it.
This is not because I'm a cheap lousy bastard, I'am but it is not becaus of that.
I want to give the program a fair trial and get the most out of it before I decide if its good or not. If I cant find a crack I won't even bother, I just find another program.
Then I face another problem, if I like the program I'm to lazy to get around paying for it.
Windows Commander is such a program. I've been using it for years and it is well worth the $20,
but I'm a lazy bastard...
Here are my tips:
Popups, banners and other anoying things, are just that: anoying. This will lower the score on the program.
Crippeling of the porgram won't even let me test it.
Skip all those. Just give me some friendly reminders in a few descreet places.
Paying should be a one click thing.
Windows has this Add/Remove program feature, how about extending this to Add/Remove/Pay.
I just fire upp that app, check the programs I like to pay for and click apply. The rest is automatic.
The only copyprotection needed is that the program refuses to install without this kind of payment handling app.
As copyprotections will be cracked anyway, it's enough with one app handling the protection.
Come to think about it, that would be a killer app to write, a copyprotection/paymeny handler.
Time to fire upp those C skills.
-
There is a variant of this system that would be virtually impossible to crack... Intel & AMD would have to embed a private key in the CPU core. When buying software, you would present the public key that corresponds to your CPU. The software vendor would check this against a list of valid keys published by Intel (to prevent people from making their own key pairs), encrypt the software using your public key, and then send it to you. Your CPU would decrypt the code as it executes using the private key embedded in it. The binary would not work on any other CPU.
A hardware-based system like this is many orders of magnitude more secure than a software-based system, because the software remains encrypted all the way up to the CPU. The only way to break it would be to find one of the embedded private keys ($$$ equipment)... Or to convince a software vendor to encrypt with a made-up key that you know both public & private parts of...
BTW, this is also the basic framework for audio/video copy-prevention systems. (CSS works like this, except there are only a handful of private keys, and the CSS encryption algorithm is flawed)
I would venture a guess that your experiences have been atypical. I'm pretty sure that Ambrosia has done what they can to ensure that people will have an easy path to registration.
I've only registered two shareware programs, both times it was a snap.
Since I started using Linux there isn't much that I want to do that isn't solved by Free/Open Source software. But, when I was doing the Windows thing I found a few shareware proggys that I liked and I registered them when they became programs that I relied on. However, I never would have mailed in a check -- if I wouldn't have been able to pay online I wouldn't have registered.
Now that there are several easy ways for merchants to collect money online (Yahoo!, PayPal -- even though PayPal seems a little sleezy these days...) there should be no reason why it should be difficult.
There are many people who will use "cracked" software (take cracked to mean made available by means other than as the author intended). And yes many of those people will try and use the channels of "legitimate" users to get upgrades, new keys, whatever.
What is important is that most of these people will not pay for the software if it is made inaccessible to them. This is the reason why the software industry has been pretty soft on places like China. If they force compliance they will just lose users because the people in question find the price (whatever it's level) a barrier to entry.
Look at a given game. You like it, you install it and you find the "crack" to make it forever playable. Play it lots and then find that the software stops working, you are miffed, (since no new crack can be found) but because its just a game, you move on to the next crackable game, or better yet an 80% as good freeware version. This _is_ the way a lot of software consumers work. A specific piece of software is worth nothing to them whilst "accessable" alternatives exist.
So there are two alternatives. Make all variants inaccessible (and oh how the media industry is burning cash to do that) or change the pricing model so that until you have a viable paying user base the software does not exist.
Oh and in case you didn't notice, Free Software falls into the latter category (really. It does).
"The first thing to do when you find yourself in a hole is stop digging."
Way Way back, I used to run a small two line BBS running VBBS, mostly for carrying fido...and a whack of door games like BRE,LORD,The Pit etc. All of which including the bbs system was shareware, and all of which I registered without hassal, some via phone with a cc and others with a money order, the service was always great and shortly after I would recive my validation codes. Mind you this was 1990ish, perhaps the levels of service have gone way down, or the shareware vendors are so unused to people paying for stuff these days that they lack the skills to process a order.
Getright has other things going for it, too:
It's probably the best-designed shareware I've seen in my almost 9 years of computing. You can really feel like you got your money's worth.
And registration really does kill off the adware component.
I've seen altogether too much shareware that is either ill-behaved junk, some species of spy/adware that doesn't turn off gracefully when registered, or is overpriced for what it does, to the point where now I very rarely download shareware at all. Free alternatives aside, sometimes a much better commercial product costs less!
~REZ~ #43301. Who'd fake being me anyway?
I think either you or I have misinterpreted how Ambrosia's system works.
My reading of Welch's explanation is that if Ambrosia goes out of business, your key file will still work. It's just that if you lose it (e.g. hose your system and don't have a backup), you won't be able to make a new file from your old numeric registration code (assuming Ambrosia is out of business).
So really all you have to fear is: you have a catastophic data loss and Ambrosia goes out of business. Only then do you face the situation of losing the game you paid for. That is bad. But it doesn't sound any worse than old-fashioned commercial software, where if you lose your distribution media and all backups, you're equally screwed.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
> In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...
Shareware for Palm OS devices have a nice solution for this: they have agreements with various online sites to take payment for them, & apparently have ways to accept foreign currencies. (For an example of this see http://www.tealpoint.com/register.htm.)
Is there an equivalent service for Windows & Mac customers?
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p