More On Policing Shareware

RHW22 writes "Washington Post's Rob Pegoraro looks at shareware, focusing on the question of whether or not this industry can survive if people never actually cough up $$ for the product. He mentions Ambrosia Software, 'a developer of Macintosh games and utilities in Rochester, N.Y., could stop guessing after it revised its payment system last year. The new system aims to stop people from using pirated registration codes in two ways.' Read his column here." We mentioned this several weeks ago, with a link to Ambrosia's description of their system and what led to its adoption.

Most shareware these days isn't really shareware

[Tyler+Eaves]

IMHO, most stuff marketed as shareware is really demoware.

If it can't save - It's a demo
If it pops up excessive nag screens - It's a demo
If major functionality is locked - It's a demo

Some helpful links with reg code generation info?

[EMIce]

Ok, strange that slashdot posts something like this just as I am in the process of writing some copy protection (due in the morning!). I just read the Ambrosia Software story while searching google for some tips and techniques for writing copy protection. I am trying to avoid the very problems they had. All I hear is that the key is "use polynomials!," wherever I go. If you can't tell yet, I'm a complete newbie to this, I've been programming a while but haven't had to protect my applications before. So how about some helpful advice on how to write a decently secure registration system. Some links with mathematical explanations would be nice.

Right now I am just creating a 32-bit value from a random 32-bit number the application gives the user and a name. The name is hashed using something like (2^0 * char0 + 2^1 * char1 + ... + 2^N * charN), with a 31 char limit to keep the number 32 bits. I'm wondering if there are ways to check parts of such a hash without actually regenerating it, so that I don't give away the key generation algorithm in the software. I know it can't be bulletproof, I just need something that's not so simple it'll be breakable by a casual cracker.

Re:Most shareware these days isn't really sharewar

[Alizarin+Erythrosin]

It seems most "shareware" these days has forgot the true meaning of the word. True shareware just used to have a screen at the beginning that says (basically) "Hey, if you like this program, how about send some $$$ the developer's way for his troubles... and pass this on to a friend if you'd think they'd like it!" and let you go on your merry way... If you didn't want to send them money, then you didn't have to, unless the program expired after X days, or X uses and you wanted to continue using it.

One of my friends is the co-developer of Cover Your Tracks and I joked with him once that he made it to the "big time" when there were cracks published for his program's licensing code algorithm.

Re:Is troll your middle name?

[Night+Goat]

All I'm saying is that they shouldn't expect to be in the black if it's easy as running a Google search to find a way to circumvent their protection. I don't condone the practice of cracking software, I just think software designers should wise up instead of pitching a fit when their weakly protected software is pirated. Find a better way to convince people to pay you. Doom was the first shareware program I registered, because it was the first that gave me something that made it worth registering, besides a warm fuzzy feeling. And look at how well Id did, they became millionaires. They're savvy businessmen.

Re:What do these folks expect?

[amccall]

This is a good point.

Shareware authors, and everyone on the internet for that matter, need to ask "Why would I spend my money on this"? I'm sick of hearing websites complain that people don't register for what amounts to a few worthless extras. Would you register for that worthless trash? No? Don't complain.

A good example: If I didn't view the slashdot subscription as a tipjar, there is no way I would EVER consider paying for it. As a long time /.'er, I probabably will.

The shareware, software, or service I see being successful is that which has a service behind it.

Codeweaver's Crossover plugin is arguably worth the money. (As an above poster said, this really isn't shareware as much as it is a demo though.) Those that provide extras for registering - such as sending a CD. For the internet age, DigitalBlasphemy is a another excellent example. Providing an excellent freeware sample gallery, and then a relatively low annual fee for access to the full gallary and then discounts to artwork CD's/etc...

When providing something extra to those that pay, the honor system works. When treating your customers DECENTLY, the honor system works. But when you suspect your cutomers to be criminal from the start, and treat them like trash, you deserve what you get. Registration of shareware should be EASY - not something that requires a complete hardware identification of my machine, 3 CDKey's, all my personal information, and a blood sample. - And if they aren't having that many people register - they're probably asking too much or selling trash.

What the internet needs a little bit of old-style business sense. Something I see almost none of.

Re:Yawn... Copy Protection...

[pclminion]

When oh when will the software publishers learn? COPY PROTECTION DOESN'T WORK. IT D O E S N ' T WORK! So long as the 'puter can execute the code, I can:

Blithering idiocy (that doesn't impress me in the slightest) deleted

Translation: "Please stop using copy protection so I don't have to go to all this trouble."

That's like asking the attendant at the gas station "Please, can you do me a favor and allow me to rob you WITHOUT a gun this time?"

If you're going to be a thief, then you're going to be made to jump through hoops. Tough luck for you, you thieving loser.

I *TRIED* to buy shareware.. this is the problem..

[takochan]

This is an interesting debate.

I think shareware authors should be paid for their work. Shareware is cheap, shareware is great..

But...

In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...

1)Trumpet (a TCP IP stack from several years ago).
Buy the program, registration never shows up in m ail.. wait.. email back and forth..wait some more.. in meantime, trial expires, re-install wait somemore. Client I am billing hours for is getting unhappy.. Calling to Australia to get it sorted out was not fun either.

2)DFX (an sound effects addin for winamp)
Liked it, and tried to buy a copy with their VISA card purchase screen... then.. nothing happens.. no registration comes.. nothing..wait days... nothing happens, no reply, no program... nothing.. I write email to them.. nothing happens..no reply..

Finally I *CALLED* the company, to ask them what is going on. They said that my visa transaction was rejected (but they never bothered to inform me of this, even though they collected my email address (just to send me spam I guess?). When I asked the sales rep at DFX what is wrong, they told me that my destination address and billing address were different, (I am an expat overseas) so.. transaction just gets automatically rejected, bin'ed.. period. No mail, no reply, no followup, nothing.. rejects just goes to /dev/null..

They didn't email me when the Visa was rejected (or ask where I live.. or anything), nor did they even bother to reply my original emails.
The answer the DFX rep gave me on the phone to all this was... "well, it is just a $15 program, so we can't spend too much effort (ie any!) to deal with things that might come up".

3)NJstar
It is a great program. But they wanted me to send checks to Australia or something in AUS dollars.. gee.. how to I do that.. the bank will charge me $50 in processing fees (after waiting in 3 lines at 20 minutes a pop because no one would know how to draw up a foreign denominated check), for a $25 program..

Those are my stories..

..and people wonder why they don't register their shareware...?!. ..

...because it is too complicated
to pay for it, thats why.. fix that, and then
I am ready to buy lots of great stuff.. but
right now it is just too much hassle I discovered,
so I just stay away from it..

Re:Some helpful links with reg code generation inf

[captaineo]

There is a variant of this system that would be virtually impossible to crack... Intel & AMD would have to embed a private key in the CPU core. When buying software, you would present the public key that corresponds to your CPU. The software vendor would check this against a list of valid keys published by Intel (to prevent people from making their own key pairs), encrypt the software using your public key, and then send it to you. Your CPU would decrypt the code as it executes using the private key embedded in it. The binary would not work on any other CPU.

A hardware-based system like this is many orders of magnitude more secure than a software-based system, because the software remains encrypted all the way up to the CPU. The only way to break it would be to find one of the embedded private keys ($$$ equipment)... Or to convince a software vendor to encrypt with a made-up key that you know both public & private parts of...

BTW, this is also the basic framework for audio/video copy-prevention systems. (CSS works like this, except there are only a handful of private keys, and the CSS encryption algorithm is flawed)

Price as a Barrier to Entry

[awol]

There are many people who will use "cracked" software (take cracked to mean made available by means other than as the author intended). And yes many of those people will try and use the channels of "legitimate" users to get upgrades, new keys, whatever.

What is important is that most of these people will not pay for the software if it is made inaccessible to them. This is the reason why the software industry has been pretty soft on places like China. If they force compliance they will just lose users because the people in question find the price (whatever it's level) a barrier to entry.

Look at a given game. You like it, you install it and you find the "crack" to make it forever playable. Play it lots and then find that the software stops working, you are miffed, (since no new crack can be found) but because its just a game, you move on to the next crackable game, or better yet an 80% as good freeware version. This _is_ the way a lot of software consumers work. A specific piece of software is worth nothing to them whilst "accessable" alternatives exist.

So there are two alternatives. Make all variants inaccessible (and oh how the media industry is burning cash to do that) or change the pricing model so that until you have a viable paying user base the software does not exist.

Oh and in case you didn't notice, Free Software falls into the latter category (really. It does).

Re:The only effective way

[Reziac]

Getright has other things going for it, too:

It's probably the best-designed shareware I've seen in my almost 9 years of computing. You can really feel like you got your money's worth.

And registration really does kill off the adware component.

I've seen altogether too much shareware that is either ill-behaved junk, some species of spy/adware that doesn't turn off gracefully when registered, or is overpriced for what it does, to the point where now I very rarely download shareware at all. Free alternatives aside, sometimes a much better commercial product costs less!

Re:Then you never really own the software!

[Sloppy]

What happens when Ambrosia goes out of business and the software code expires? Your product that you PAID FOR stops working.

I think either you or I have misinterpreted how Ambrosia's system works.

My reading of Welch's explanation is that if Ambrosia goes out of business, your key file will still work. It's just that if you lose it (e.g. hose your system and don't have a backup), you won't be able to make a new file from your old numeric registration code (assuming Ambrosia is out of business).

So really all you have to fear is: you have a catastophic data loss and Ambrosia goes out of business. Only then do you face the situation of losing the game you paid for. That is bad. But it doesn't sound any worse than old-fashioned commercial software, where if you lose your distribution media and all backups, you're equally screwed.

Re:I *TRIED* to buy shareware.. this is the proble

[llywrch]

> In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...

Shareware for Palm OS devices have a nice solution for this: they have agreements with various online sites to take payment for them, & apparently have ways to accept foreign currencies. (For an example of this see http://www.tealpoint.com/register.htm.)

Is there an equivalent service for Windows & Mac customers?

Geoff