Slashdot Mirror
Symantec Adds Product Activation
maliabu writes "GlobeTechnology/CNET reports that Symantec has added an antipiracy technology to the new version of its main virus-zapping program, in the form of compulsory product activation. It is intended to protect consumers from widespread counterfeit copies of Symantec programs. The company estimates at least 3.6 million bogus copies of its programs are sold annually, causing headaches both for Symantec and unsuspecting buyers, who find out too late that the software isn't doing the job."
It is intended to protect consumers from widespread counterfeit copies of Symantec programs.
I don't believe it as a main cause.
Trolling using another account since 2005.
while NO anti-piracy strategy is foolproof (we can only talk about rates of piracy, not absolute values), the fact of the matter is that product-activation can be done without sending the user's SSN and first-born through the lines.
Actually, I'm just pissed off that some asshole russians wrote "crack" programs (still widely available on all those cracks sites) to break the security of a previous version of some shareware i wrote (cost of shareware: $20 and for a very specialized audience). So, in a later version of my software, I included a type of product activation and wrote a code in such a way that the compiled stuff would be harder to figure out. 2.5 yeas later - still no crack out fot the software that I can find anywhere, plus I am secure in the knowledge that my reg codes are doing a lot less walking.
Fair is fair.
And like most methods of protection, I wouldn't be surprised if Symantec's product activiation was cracked pretty quickly indeed. I suspect Symantec would be better off spending the money they spend on developing/buying this technology adding to the fund they use to pursue and close down the spammers who try and sell pirated copies of Norton AV, System Works et al.
How would product activation protect users? Piracy prevention only protects symantec.
Because Symantec's product relies on regular updates of virus definitions from Symantec. I assume - tho' I have not checked - that Symantec requires some form of authentication for this, after all, they sell subscriptions and that's what pays for the database to be kept up to date. Counterfeit copies of the product will be unable to access these updates, lulling users into a false sense of security. Everyone loses - Symantec lose because they don't get the money, the user loses because they paid for a counterfeit. The only one who benefits is the pirate.
If you're going to inconvenience your legit users in order to reduce illegal copying, just tell it like it is. Protecting the consumer against illegal copying would just require signing the software, no mandatory activation.
Just sign the installer. Heck, a list of valid MD5 sums published on the Symantec website would do the job. All legit copies are identical, so verifiying that the user has a unique key is overkill if you just want to verify that it's the right program. Unmodified software should tell the user when it can't sync the virus signature database. Ergo, no activation for that purpose.
The thing is, in newer versions they do not include "innoculation". Innoculation used to simply take a fingerprint (CRC32) of your executables/libraries, and could be set up to refuse to run unknown, or, more importantly, changed executables. This is great because even if you're behind in virus signature updates, your virusscanner will still detect new and unknown virusses as long as they don't compromise the virusscanner engine itself; such virusses (as well as engine updates) are far and wide between, unlike signature updates.
Recent version do NOT check binaries' integrity using any sort of fingerprinting, be it crc32, md5, sha1 or whatever, thus forcing you to rely on the yearly subscription of virus signature updates. That's not because innoculation was broken or even not user-friendly enough (it was off by default), that's was a pure 100% unadulterated marketing decision!
Interestingly, the free-for-personal use personal firewall product I'm using DOES use checksums to check whether binaries that may have specific permissions (to access the internet or open ports) have changed!
SCO employee? Check out the bounty
The company estimates at least 3.6 million bogus copies of its programs are sold annually, causing headaches both for Symantec and unsuspecting buyers, who find out too late that the software isn't doing the job.
Well, when the customer tries to register the (bogus) product he probably bought it already. So it's too late as well, isn't it?
Knowing what an anti-virus program (or indeed any program) does, and access to it's source code is not the same as being able to get around it.
Any potential exploits might be noticed by virus writers. However, they may also be noticed and patched by users or developers of the software.
...is their PRICING. When our school went to purchase a new license for Exchange it cost as much as the Exchange server license plus Windows 2003 license plus 200 CALs. And that's ACADEMIC pricing. Unbelievable.
They think they're God because they are a gold partner with Microsoft. Well, basically, I told them what they could do with themselves and went with Sophos instead who offered much more (an entire SITE license) for only half that price.
In light of this new info (concerning product activation), I'm that much gladder we didn't go with them this time around. Too bad, I rather liked Norton on Exchange 2000. But, there comes a time when you realize that paying more for the anti-virus software than for what the anti-virus software is running on simply doesn't make sense.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
If Symantec were to recover a decent percentage of the currently pirated copies, this would generate more revenue to cover overhead and profit growth.
There then is an argument that this could lower the price that Symantec needs to (and does) charge the legitimate users.
I'm a big Linux enthusiast, but also fully support closed source and charging if that's what software companies need to do to make money. Without this, they wouldn't be in business so it's naturally their right.
Hunger is the best sauce.
We bought Symantec licenses for our Windows workstations last year, and despite keeping everything up to date, several PCs got infected (silly people clicking on attachments, mainly). We switched to Grisoft's AVG. Free, simple, and very good.
This move by Symantec is an attempt to bolster revenue, and it will fail. They should (a) improve the quality of their product and (b) provide a free version for home users. If they do not do both of these, they will simply drop into obscurity, and this copy-protection move will speed-up their demise.
Ceci n'est pas une signature
You missed the point of product activation. It's a sure bet that 99.9% of the pirated copies being sold are bit-for-bit identical to the original. Ergo, any MD5 sums would match anyway, convincing the poor sap who purchased the pirated version that he/she was okay. Software doesn't have to be modified to be pirated.
By contrast, product activation seeks to ensure that users register their copy with the manufacturer, and that only one copy is in use at any time. This (sort of) effectively prevents selling duplicates of a CD, and (if properly managed) prevents selling duplicates of a registration number too.
--Brandon / Split Infinity Music
It's the same problem that XP has. One big reason I won't buy or use XP is due to the activation (and re-activation)issues. As a legal buyer I should not have to pay for the actions of others. If they want to protect themselves from piracy let them do it on their own time. Their piracy is their problem, not mine. I can see that they want to make it my problem. That is unacceptable. Luckily there are other options for antivirus software just as there are for operating systems. They are free to force their customers to jump through all kinds of hoops for no good reason. I am free not to buy (or recommend) their products.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.