Slashdot Mirror
Symantec Adds Product Activation
maliabu writes "GlobeTechnology/CNET reports that Symantec has added an antipiracy technology to the new version of its main virus-zapping program, in the form of compulsory product activation. It is intended to protect consumers from widespread counterfeit copies of Symantec programs. The company estimates at least 3.6 million bogus copies of its programs are sold annually, causing headaches both for Symantec and unsuspecting buyers, who find out too late that the software isn't doing the job."
It is intended to protect consumers from widespread counterfeit copies of Symantec programs.
I don't believe it as a main cause.
Trolling using another account since 2005.
Um... this article is about Symantec, not Microsoft. Not to mention the only people who will be affected by a rise in the cost base are the people who relied on a pirated version of it.
while NO anti-piracy strategy is foolproof (we can only talk about rates of piracy, not absolute values), the fact of the matter is that product-activation can be done without sending the user's SSN and first-born through the lines.
Actually, I'm just pissed off that some asshole russians wrote "crack" programs (still widely available on all those cracks sites) to break the security of a previous version of some shareware i wrote (cost of shareware: $20 and for a very specialized audience). So, in a later version of my software, I included a type of product activation and wrote a code in such a way that the compiled stuff would be harder to figure out. 2.5 yeas later - still no crack out fot the software that I can find anywhere, plus I am secure in the knowledge that my reg codes are doing a lot less walking.
Fair is fair.
And like most methods of protection, I wouldn't be surprised if Symantec's product activiation was cracked pretty quickly indeed. I suspect Symantec would be better off spending the money they spend on developing/buying this technology adding to the fund they use to pursue and close down the spammers who try and sell pirated copies of Norton AV, System Works et al.
How would product activation protect users? Piracy prevention only protects symantec.
Because Symantec's product relies on regular updates of virus definitions from Symantec. I assume - tho' I have not checked - that Symantec requires some form of authentication for this, after all, they sell subscriptions and that's what pays for the database to be kept up to date. Counterfeit copies of the product will be unable to access these updates, lulling users into a false sense of security. Everyone loses - Symantec lose because they don't get the money, the user loses because they paid for a counterfeit. The only one who benefits is the pirate.
If you're going to inconvenience your legit users in order to reduce illegal copying, just tell it like it is. Protecting the consumer against illegal copying would just require signing the software, no mandatory activation.
Just sign the installer. Heck, a list of valid MD5 sums published on the Symantec website would do the job. All legit copies are identical, so verifiying that the user has a unique key is overkill if you just want to verify that it's the right program. Unmodified software should tell the user when it can't sync the virus signature database. Ergo, no activation for that purpose.
The thing is, in newer versions they do not include "innoculation". Innoculation used to simply take a fingerprint (CRC32) of your executables/libraries, and could be set up to refuse to run unknown, or, more importantly, changed executables. This is great because even if you're behind in virus signature updates, your virusscanner will still detect new and unknown virusses as long as they don't compromise the virusscanner engine itself; such virusses (as well as engine updates) are far and wide between, unlike signature updates.
Recent version do NOT check binaries' integrity using any sort of fingerprinting, be it crc32, md5, sha1 or whatever, thus forcing you to rely on the yearly subscription of virus signature updates. That's not because innoculation was broken or even not user-friendly enough (it was off by default), that's was a pure 100% unadulterated marketing decision!
Interestingly, the free-for-personal use personal firewall product I'm using DOES use checksums to check whether binaries that may have specific permissions (to access the internet or open ports) have changed!
SCO employee? Check out the bounty
The company estimates at least 3.6 million bogus copies of its programs are sold annually, causing headaches both for Symantec and unsuspecting buyers, who find out too late that the software isn't doing the job.
Well, when the customer tries to register the (bogus) product he probably bought it already. So it's too late as well, isn't it?
Knowing what an anti-virus program (or indeed any program) does, and access to it's source code is not the same as being able to get around it.
Any potential exploits might be noticed by virus writers. However, they may also be noticed and patched by users or developers of the software.
...is their PRICING. When our school went to purchase a new license for Exchange it cost as much as the Exchange server license plus Windows 2003 license plus 200 CALs. And that's ACADEMIC pricing. Unbelievable.
They think they're God because they are a gold partner with Microsoft. Well, basically, I told them what they could do with themselves and went with Sophos instead who offered much more (an entire SITE license) for only half that price.
In light of this new info (concerning product activation), I'm that much gladder we didn't go with them this time around. Too bad, I rather liked Norton on Exchange 2000. But, there comes a time when you realize that paying more for the anti-virus software than for what the anti-virus software is running on simply doesn't make sense.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
If Symantec were to recover a decent percentage of the currently pirated copies, this would generate more revenue to cover overhead and profit growth.
There then is an argument that this could lower the price that Symantec needs to (and does) charge the legitimate users.
I'm a big Linux enthusiast, but also fully support closed source and charging if that's what software companies need to do to make money. Without this, they wouldn't be in business so it's naturally their right.
Hunger is the best sauce.
So who do you blame for that? Sounds more like a Dell problem, in that apparently they're loading crippleware and time expired software on their systems and offering it as a feature.
I agree, grisoft, its free, and if you do want the pay version, its only what 33 bucks?
I think in the long run, the big boys are going to lose out to the little guys that offer free products or products with a very reasonable cost.
Ofcourse big business' needs the write off, time will tell but atleast we have options.
We have seen that living things are too improbable and too beautifully "designed" to have come into existence by chance.
NetInfo connection failed for server 127.0.0.1/local
We bought Symantec licenses for our Windows workstations last year, and despite keeping everything up to date, several PCs got infected (silly people clicking on attachments, mainly). We switched to Grisoft's AVG. Free, simple, and very good.
This move by Symantec is an attempt to bolster revenue, and it will fail. They should (a) improve the quality of their product and (b) provide a free version for home users. If they do not do both of these, they will simply drop into obscurity, and this copy-protection move will speed-up their demise.
Ceci n'est pas une signature
You missed the point of product activation. It's a sure bet that 99.9% of the pirated copies being sold are bit-for-bit identical to the original. Ergo, any MD5 sums would match anyway, convincing the poor sap who purchased the pirated version that he/she was okay. Software doesn't have to be modified to be pirated.
By contrast, product activation seeks to ensure that users register their copy with the manufacturer, and that only one copy is in use at any time. This (sort of) effectively prevents selling duplicates of a CD, and (if properly managed) prevents selling duplicates of a registration number too.
--Brandon / Split Infinity Music
There is no authentication required to get the updated virus definitions. All thats required is an anonymous ftp session to pull them down. If you use the Norton application to attempt to pull them down after your subscription expires it will tell you that it cannot apply them till you renew.
...work well and are worth the money is pcAnywhere and Ghost. The antivirus stuff stinks. It's bloated and slow. Updates come out too infrequently. In Q3/4 or 2003 all antivirus products should have at minimum daily scheduled updates, maybe even twice or four times a day. Then on top of that, the "emergency" updates.
I run a network of about 500 desktops and 30 servers, mostly Windows stuff. Recently I had to re-evaluate antivirus vendors due to my old one becoming too crappy and expensive at the same time. Norton's enterprise suite was one that I evaluated. We set up a test lab with 10 brand new Dell Dimension 2350 desktop PC's loaded from the factory with standard installs of W2K Pro and one brand new PowerEdge server running W2K Server . The trialware version of Norton on each desktop machine was uninstalled. We installed the Norton enterprise stuff onto the server and then attempted to do a "push" install to the workstations. This process seemed to run ok, and reported no errors, but the client-side stuff never would start up after the install, as if it didn't install at all. There were folders full of Norton stuff appeared, but it would not start or run. No error messages were given and nothing appeared in the event logs either. It just simply didn't work. Norton support expected me to sit down and debug their software for them. Since this was an evaluation of their product I told them they flunked. This "evaluation" spoke volumes about what I perceived to expect from the quality of their software should I choose to go with their product. I didn't. I then tried Trend's corporate product on these very same machines and the install process was stone simple. Plopped the cdrom in the drive, ran setup and clicked thru the defaults and it all installed and just simply worked correctly the first time. The client "push" install was so simple and straightforward that we were amazed. It even uninstalled the failed Norton stuff automatically for us. That blew us away. The Trend suite cost about $1500 more for 500 user licenses, but it's been well worth that just in installation labor savings alone. I have the central server set to check for updates every hour too and that's very nice. We haven't had a single virus get thru to harm our network since, in the past few months we installed Trend. I highly recommend their product.
>>It's a sure bet that 99.9% of the pirated copies being sold
... including the likelihood that it really isn't protecting their PC," Mr. Smith said.
>>are bit-for-bit identical to the original.
>If that's the case, then those users wouldn't be having problems.
Well, I'd like to see some statistics here about "problems". If you read the GlobeTechnology article, it has exactly two quotes about this:
1) "The company estimates at least 3.6-million bogus copies of its programs are sold annually, causing headaches both for Symantec and unsuspecting buyers, who find out too late that the software isn't doing the job."
2)"What consumers don't understand is that while those units may appear to be legitimate, there are a number of risks associated with pirated software
What does "doing the job" mean?
It appears to me, based on background knowledge of the basics of antivirus software (namely, that the definitions must be kept updated to make the software useful) and the rather limited quotes above, that not enough detail is given in this story to assume that any users are having problems with the delivered pirated product. I would bet that most consumers install it, and it runs just fine and does exactly what Symantec advertises - right up until they try to update the definitions or purchase an upgrade.
The real headache for any big software company is not raw sales. Those happen just because it's good software. But the money goes out in tech support. I firmly believe that the real problem Symantec is trying to handle here is to reduce their tech support costs, dealing with unsuspecting dupes who bought pirated copies, and are furious that they cannot get it to update as they expected.
This argument looks suspiciously like a SMOKE SCREEN for Symantec, trying to make the USER'S problems sound worse than reality. Now, I agree that piracy is a real problem. Hey, I write and sell my own software, and I have the same questions and concerns. But the chances that some pirates out there are mangling copies of NAV and selling versions which don't work are pretty small, when it's far easier to sell a mere duplicate copy.
So as I see it, the entire issue about "protecting the consumer" here is NOT about protecting them from broken software, but rather protecting their ability to keep that software up to date. And it naturally has the side benefit for Symantect that more users will actually PAY for the software.
--Brandon / Split Infinity Music
I think that you fundamentally misunderstand why people dislike the "razor + razor blades" model. Razor + razor blades is an example of a modular design. This is normally considered to be a good thing.
Where the model is typically abused is the desire to apply cross subsidies between different modules. HP applies dramatic discounts to printers and attempts to make this money back by charging premiums on toner cartridges.
This inevitably triggers ugly battles with consumers. Vendors attempt to use proprietary interfaces to protect their revenue streams. Consumers look to third party suppliers.
For what its worth, I did some research on thsi subject last semester. From what I was able to determine, cross subsidies were a net loss for companies. Any financial gains that the companies hoped to generate were consumed by additional R+D/legal expenses to protect the interface. More critically, the desire to protect a cash cow significantly hurt the flexibility of the company. Polaroid became completely trapped by the need to protect the revenue stream from its film business that it was unable to adapt to digital photography.
As other people have pointed out, there are a number of different components to a comprehensive AV solution. The AV engine is certainly one important component, but "content" in the form of definition files and the speed/security with which this content is made available are equally important.
Ideally, companies should charge separately for both components.
Intuit learned their lesson by putting product activation in their 2002 version of Turbotax. Thousands of people returned the software (myself being one of them) and let Intuit know about it (again I did), A few months later I get a nice letter telling me that next year they will not be using activation and to please come back to Intuit.
I won't be.. I'll use Taxcut Pro again.. Cheaper and I found to do the job just as well.
When companies use the theoretical losses from piracy (how completely ignorant to assume that every pirated copy would translate to a purchased copy) they can be reactive. When their customers go elsewhere the loss of dollars quickly becomes real.
Symantec products are crap and for years I've been swaying anyone with a computer away from them. Maybe they should have taken some of the money they spent on product activation and spent it on creating a better product. If they were smart they would give the program away for FREE and just charge for the virus defs.
Karma means nothing to me, so suck it...
It's the same problem that XP has. One big reason I won't buy or use XP is due to the activation (and re-activation)issues. As a legal buyer I should not have to pay for the actions of others. If they want to protect themselves from piracy let them do it on their own time. Their piracy is their problem, not mine. I can see that they want to make it my problem. That is unacceptable. Luckily there are other options for antivirus software just as there are for operating systems. They are free to force their customers to jump through all kinds of hoops for no good reason. I am free not to buy (or recommend) their products.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
There are actually quite a few reasons.
1) This is quite similar to WinXP as it is a harbinger of "leased" software; When I buy or suggest that others buy software, it is under the assumption that they are getting a product which will then be the property of the purchaser; If it doesn't allow you to move it from machine to machine as upgrade cycles or repairs require, you are not the owner of the product.
2) Some activities don't use corporate licenses, and aren't connected to the Internet, and never will be for security purposes. They can't use this software easily.
3) It's spyware by my definition. Spyware, and SPAM, are Evil.
4) the corporate version will be pirated just as fast as the retail version; pirates will scoff at the non-cracked or non-corporate version. So what is the purpose of product activation? Spyware. Unless they are going to drag peter out of retirement to actually make this crack-proof, of course.
Why, yes, I AM a Pagan Libertarian.