Slashdot Mirror
What's the Right Amount of Copy Protection?
WPIDalamar writes "I'm currently working on a piece of commercial software that will be available through a download and will use a license key to activate it. The software is aimed at helping people schedule projects and will be targeted mostly to corporate users. With the recent Windows Vista black screen of death, it got me thinking about what sort of measures I should go through to prevent unauthorized users from using the software. While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate? Is it acceptable for the software to phone home? If so, what data is appropriate to report on? The license key? Software version? What about a unique installation ID? Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key? Would a simple message stating the software may be pirated with instructions on how to purchase a valid license be sufficient?"
This may not be what you want to hear but any copy-protection will burden legitimate users. Pirates will remove the copy protection from your software and the unprotected version they create will be more usable than the version you offer.
It doesn't just hurt your customers, it hurts you too. The time you waste trying to create some copy-protection and losing the arms race with the pirates (which you will lose) is time you could have spent making your product better.
The way to beat the pirates is to provide a better service to your customers than they do. The commonly advocated business model is to provide support on the software to paying users - and since your target is business customers this makes a lot of sense.
Businesses, by the way, tend not to pirate on the scale of the private user. Piracy is a big risk to business because businesses have very deep pockets.
In short, the answer is to have no copy protection at all and trust your customers. Trusting the customer is hard but they'll appreciate it.
Simon
None.
First of all, you need to open up the source. Get those customer eyes working for you!
/.
Second, you don't have to charge for the software or limit the distribution of the software in any way. You wrote the software, so you have the most/best knowledge of it. You can make tons of money on service contracts.
--
All I need to know about life I learned on
Just like any kind of DRM. Dedicated individuals will find ways around it and likely have some fun in the process. Cracking copy protection is practically a game to a lot of people who will never even use the software. The only people who will be inconvenienced are the people willing to pay for the software.
None more black.
Set your phasers on "funky"!
Use a license key, make constant improvements to the product and each new version needs a valid key, disable disclosed keys in new versions.
To use your product a pirate would either have to settle for an old version, or constantly get a new hacked version and new hacked keys. It's enough to eventually get them to be legal.
Remember if you make your product hard to use with lots of negatives like phoning home, them you'll learn the lessons the Record companies are learning. Nobody is bigger than their customers.
I will not use closed source software that phones home. I'm sure others feel the same.
Prompting for a license key upon installation could be ok, since most users are used to that hassle anyway (though it's still a hassle).
"Phoning home" should never be done. Keep in mind that internet connection isn't flawless, sometimes it doesn't work for one reason or another, and would you really want to get a bunch of angry customers mailing/calling you when the software won't work/install because their internet connections went down for a while.
On top of that, if your main user base is business users, most of them will sit in a protected environment which probably won't let your program phone home even if it tries.
This is just an aside from the real problem with programs "phoning home", though. Integrity and privacy should not be taken ligthly.
A license key is enough to discourage the casual pirate (custom encryption and multiple variables helps, such as name + password instead of just password) while, from my experience, not being enough to discourage regular users. Entering a key once and not worrying about it ever again is normal enough, and not bothersome. Going beyond that is asking for some glitch to cause legit customers to be calling you up to ask what the hell just caused their copy of your software to invalidate, or why they can't install it on their new computer, etc. Most importantly, it will also encourage people to crack your protection, thus making the pirate version more appealing to the end user.
By reading this you acknowledge that you have read it.
If you want your software to phone home, are you going to provide a fully resiliant highly available infrastructure for it to phone home to? If not, what's going to happen to your customer base when they can't use the software they have legitimately bought?
Every piece of protection you add to your software burdens the legitimate end user. It tends not to burden the pirate, because he/she will have downloaded the version that someone else cracked for them ages ago.
Your software will either be good enough for people to pay for, or it wont. If it is, then people will buy it, you don't need protection for that, you just need to write a good piece of software, that people want.
You don't need to go this far: I spent the last 3 weeks on the road with my laptop: Matlab ceased to function as soon as the license key manager got out of touch of the license server. I hate that macromedia shit.
Non-Linux Penguins ?
Is it acceptable for the software to phone home?
As a member of a small corporate IT department, I can tell you that (except for Microsoft itself), software phoning home for anything other than updates means instant banning of your product.
If so, what data is appropriate to report on? The license key?
If you insist on going down that path, what information would really help you reduce piracy? Keep in mind that, merely during the initial evaluation of your software, the same license may get used a dozen times without any intended piracy... "Yup, works on XP. Yup, works on 2k... Oops, blows a gasket on 98... Doesn't seem to like server versions...".
Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key?
That gets tricky... IANAL, but only the big boys like Microsoft can get away with that BS. If you try it, you should probably prepare to get sued.
Now, you do have one chance to block it - At installation. Even I'll allow (grudgingly) most products a one-time online activation. If at that time you deny activation and give an EASY way to contact you to resolve the problem (you can expect them to lie, and should probably just give them a new code, but it might serve as a reminder to the users that they shouldn't make too many more copies), okay, fair game. After-the-fact, though? YOu'll just piss legitimate users off.
Easy. Make a it a crappy, buggy program so that it won't be worth pirating. Fool proof!
IF, and that's a big if. Unless you have alternate exposure (in other words, not online), most of your "users" will steal it. You can count on that. If they can use google, they can and will seek out the "free" (as in piss) version 100 to 1. It may well be true 99 of those 100 would not have bought it anyway, so consider that. Also, if you're only available for download/online, chances are slim you will see any real return on your investment. If you want to make a little extra money, you WILL do better at Mickey D's, with a lot less effort.
Some copy protection stops the casual pirate. The people who don't know much about computers and may email your app to friends.
But using dongle protection is pretty stupid, especially when in some cases it cripples performance (Steinberg's use of dongle copy protection on Cubase has been rumoured to do that).
I'm a fan of including some sort of unique identifier (serial number or some such, probably encrypted) embedded into the software so that if the software does get loose, you can at least trace the problem back to its source and potentially take appropriate action. In other words, you'll have more evidence that a specific someone committed copyright infringement than otherwise.
I've been waiting for code-wheels to make a comeback.
my sig's at the bottom of the page.
Have each copy personally delivered(*) to the client and you will find that they never pass on copies and will faithfully purchase every upgrade you make available.
(*) Personal Delivery service to be carried out by Marco and Guido who have their own, very smart uniforms (Gucci suits, dark glasses) and will also provide their own baseball bats. A personal message from you to the client will also be delivered with every copy of the software with a reassuringly soft, menacing undertone. Contact Marco and Guido DRM(**) Services on 555-NO-REFUSAL.
(**) DRM = Delivery with Real Menace
----------------------------------- My Other Sig Is Hilarious -----------------------------------
As you would have them do unto you.
:).
FWIW, I think license keys are fine. But phoning home is not a good idea.
If you can link a license key to a mailing address or email address then that's good (could be yahoo mail doesn't matter - it's a matter of getting some stats).
If you're planning to have future versions of your software then you might as well decide on how upgrades and patching is to be done - key upgrades, discounts etc
Companies usually don't apply cracks. At least not anymore in this climate of "we sue the pants off you if you crack our shit". But they care about productivity.
What I would do is this: Have your software, upon installation, create a keyfile. This file can be saved and, should a reinstall be necessary, be reapplied to the software. That way, you can requrest that your user enters a few key informations about himself upon installation, even a lot, because he will only do it a single time. This keyfile can then be sent to you. Inform the user that this will happen, so his license is personalized, and do not transmit any data beyond what you told the user. This way he can review what data is going to be sent to you.
This pretty much does it, in corporate environments. The company will certainly dread to see their corporate license appear anywhere else, because they'd be liable for it, so they will store that keyfile somewhere safe.
And that's pretty much it. I wouldn't require constant phoning home or similar. If people want to spread software, they will. Remember that most bosses don't know too much about computers. The existance of such a file that can link their license to them is often already more than enough to ensure they won't spread it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Companies tend to short-buy their software and install single copy on several computers, if they deal with small fry software providers. Since this is a program for corporate users, furthermore a program which assists coordination and cooperation, make it produce as much confusion as possible if there is duplicate identity (license key) in company. E.g. require user details to generate license key and have program output put stationary with that details (e.g. name, function, department) on each printout.
Who was it that said to always make sure to leave a spot in the fence where children could sneak through? P.T. Barnum, perhaps? The point is, people used to understand and accept that a certain amount of "losses" will occur, and that sometimes these "losses" are in fact good for profits, by driving more paying customers to the business. It's only recently that we've evolved the technology and capabilities to ensure that EVERY person gets charged for EXACTLY what they consume. As if we could even know that for sure...
Don't apply macro-laws (movement of fluids) to micro situations (individual molecules in a fluid). Focus on the macro violations-- widespread corporate use without a license-- but let the little people slip through the cracks. Those of us who install and forget, and never really get much use out of the program anyway, are very unlikely to buy the program in the first place.
Explaining to people how to pirate but appealing to their goodwill might go a little far, though. I would report only the serial numbers used in the registration, along with the IP address that contacts your server (not the IP address of the machine itself). The rest of the information is None Of Your Business (TM). Try to find a happy medium between accepting a couple copied serial numbers in the wild, and noticing that a large number of computers coming from similar IP addresses are using the same serial number.
Definitely do NOT disable the program if it cannot phone home. I *hated* that about Bioshock, when my crappy firewalled network made it almost impossible for me to activate the software. Since you're aiming at corporate networks, you're certain to have lots of people with this problem.
Good luck with it.
PS: What are the current laws on downloading a program and using a serial number to unlock it? We all know that EULAs have yet to be proven in court, with many cases existing that both support and reject EULAs. So is there a clear case where it's illegal to use a serial number to unlock freely given content?
www.eissq.com/BandP.html Ball and Plate System. Amuse your friends. Crush your enemies.
Any copy protection will affect legal users.
Short and simple, that's it, take it or leave it. If you want copy protection, you must understand that you cannot "hide" it from legal users.
As for the right amount... it all depends on the situation.
Since you are going for businesses which would have multiple installations; make it centralized. Make a small central "activation" server app that all installations contact at some interval and manage all registration from there (just use single multi-seat keys or something). Atleast this spares trouble for the end-user. Just count the number of currently active installations and give warnings to the users and/or server admins (make sure it works with common admin reporting tools). Most importantly; allow grace periods. i.e. Allow 10% more installations to be used for some short period or allow the product to be used 1 month more than licensed. Think of something that won't affect continuity of the companies buying your product assuming the make honest mistakes. Businesses generally want to be legal; help them, don't force them. Provide them with tools to make it easy for them to comply.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Be open about the phoning home. Noone likes a closed source software that phones home for no reason. Don't hassle customers, even the ones who install a copy that is known to be pirated. You can't really tell who's the legitimate customer and who is not.
If you discover that there is widespread piracy of your product, and you want to do something about it, then make the leap to hardware protection. Bear in mind that dongles are quite a hassle for the customer. But at least the hassle is effective. Other means of protection means a hassle for paying customers, and just a fun challenge for pirates.
Spot on - I know plenty of people who use PCs (usually laptops) in their music and/or art studios who never connect those machines to the internet... EVER! The muso types will often strip back everything on a PC leaving a bare OS + drivers + sampler/sequencer + ASIO drivers. It's all they need and they believe they get better performance and more security without it.
I also know, and have worked for, companies where information is so secret (mission critical biz stuff or military) that you have to use a provided laptop in a room with no windows that's shielded from radio wavs... paranoid, yes, but "phone home" software is simply not an option in that case. Also. no phones were allowed in that room so manual "phone home" wouldn't have been possible.
Also, some of us are so paranoid that we don't let anything in/out of our firewalls except our browser application. Mind you, I can still use the interweb and I've never been trojan/virused... except this damn cold I seem to have but I can't blame the internet for everything!
Time flies like an arrow. Fruit flies like a banana.
The key is to make the protection a slight annoyance/reminder to the user (but not enough that stops them using the software), but not worth the effort for a cracking group to spend time ripping it out and distributing it.
The best example I can think of is Windows Commander ( http://www.ghisler.com/ ), which is a program I both use and love. It has a nagware screen each time you start it up, but otherwise functions fully for free. I did actually buy it, as it's a great program, but I found that out by using it for a year or so - the protection didn't get in the way of that.
Of course, this is a balance in that windows commander only costs $30, if it was a piece of software that cost $300, it may have to be a lot stricter as there is more incentive for a user to never register it.
A lot of people have said it is unacceptable to phone home. However, I haven't seen too many explanations as to *why*. First, if it requires an internet connection to register, and you don't have a connection at the time, the software will fail to register and then you have the problem of software that will not function. Also, will it validate itself over and over or just the first time. And, what happens when the user inadvertently blocks communication through a software firewall? In that scenario, your software will be blamed for the problem even though the firewall is what prevents the communication.
Don't do nag screens. A lot of people despise nag screens and will not use software that implements them.
There's a lot of truth in the argument about pirating. There *will* be a lot of theft of your stuff, especially if the trial and "full-up" versions are the same. Think carefully before going this route. That said, if you do, consider using email registration, which ties a code to an address (but make sure you avoid anonymous addresses such as Yahoo, gmail and mailinator).
You *could* go with two distinct versions, but that also becomes a maintenance headache. Not an attractive choice, but it will give you the most control and will allow you to "fingerprint" every registered copy that goes out the door, especially if you have a unique identifier that can be traced to a specific user.
Good luck.
This sig is offered AS-IS, with no warranty express or implied. Risk of using this sig rests entirely with the user.
If it were a Photsohop plugin or the like, that market is more likely to just copy, but corporate types will just fill out a requisition form if they want it.
The only copy protection you need is something to detect you're inserting a disc/disk into the system, then have a black guy which raps with artificial intelligence to interact with the user.
Change is certain; progress is not obligatory.
You don't need any copy protection if you're after corporations. Why?
1. Corporations are terrified of the Business Software Alliance.
2. Corporate IT departments have an incentive to search the company for unlicenced software - it gives them something to do. Licence compliance is a nice, simple, easy-to-explain and wonderfully time-consuming activity. It provides a marvellous way for the IT department to justify its own existence and be seen to be busy bees.
So, just let them get on with it. All you have to do is issue nice licence documents that says "X copies of [your product] licenced to [company name] at [address]" followed by the product key. Then, the typical corporation will spend ages doing all the licence checking for you. Some won't be very good at it but do not worry, just ignore it. If they make mistakes with their licencing, the worst that can happen is they might get into trouble and you won't.
If you have any kind of marketing and sale infrastructure at all, you have nothing to worry about. No company in its right mind will allow software piracy on its premises, especially not for the benefit of the company. Don't bother with anything fancy; just give your prospective users an easy hoop to jump through. The more red tape and annoyance you add, the less likely you are to gain customers.
Caveat: I'm speaking of corporations in the USA here - I know nothing of how corporations in other countries approach software licensing, but I deal with it on a daily basis where I work. If I sound like I believe corporations are mostly about lawsuit avoidance when selecting software, then I'm coming through clearly. :-)
If you choose to go the fee-per-user route, corporate customers will expect the ability to easily manage their licenses conveniently from one or more central servers. The value you are adding to them is that they can easily prove that their copies are licensed by running a simple report, and that report is an affirmative defense against any claims of illegitimate use. It also gives management confidence that their employees are not making copies without their knowledge and exposing them to legal risk.
The best approach if you choose this route is to license an existing license manager - ask your primary customers which ones they use, and go with the most popular in your business sector. Of course, the license fee will come out of your profits, but that's the solution your customers will appreciate.
Alternately, you can offer a reasonable "site license" fee based on the number of users of your software that they believe they will have (*not* their employee total). At annual maintenance renewal time, each customer counts up how many people are actually using the software, and the renewal fee is based on that. This adds the burden to your customer of tracking installations, but also provides an affirmative defense ("we have a site license!"). Of course, you'll need to trust your customers more with this one, as a dishonest customer could "miscount" to save money. Legitimate corporations, though, would never intentionally game the system out of fear of legal repercussions.
In NO case should you pull a stupid stunt like phoning home. Where I work at least, we reject any candidate application that discloses spyware-type behavior in the license agreement (unlike home users, corporations have lawyers that read license agreements - and modify most of them). If an application phones home without disclosure, it's blacklisted at a minimum. A lawsuit in your direction is certainly a possibility as well.
The "correct" answer on /. is to open source the code and sell support services, of course. This may work quite well, too, although in some sectors corporations consider open source to be less desirable than commercial code because of the cost of verifying that you actually own the code you're licensing. Smart corporations audit the source code of open source applications before deploying them, and correct any illegitimate code inclusion (e.g., mixing code with incompatible licenses); it proves "due diligence" in the event of a lawsuit. They don't have this expense with closed source apps, because they can't - and that means they can't be accused of lack of due diligence for not examining the code. The law is just like that. :-(
The good news with the open source approach is that you're well-positioned competitively - once validated, the application can be deployed and used extensively, and then comes the "Who can we pay to support this?" opportunities. Code auditing can work in your favor here - once you're proven "clean", you'll be everywhere, diminishing the value add a competitor can offer.
Personally, I would open source the app and provide a detailed audit of all the code at the same location you host the source code; this proves the code is "clean" and safe to use, and provides optimal value from a corporate perspective. Offer custom services built around the free code, and that pays the bills (if you're good). ActiveState is one successful company that uses this approach (they wandered into the fee-per-user area with Komodo, but that's now moving toward open source as well - another indication that this may be the best approach in the long run).
Hope this helps, and good luck!
If your app requires an Internet connection or can die if it can't phone home, my experience has been that the user will often go out of his way to find a pirated version which doesn't have that annoyance. When it comes time to upgrade, the user then thinks, "Hmm, that pirated version worked pretty well last time. Do I really want to pay for an upgrade when I'm just going to be downloading the pirated version again?"
Does anyone remember it? Man it is the first a software fought back. I lost tons of creative works. Ah...2gigs of porn... then pufff...gone.
A few vital pointers: First of all, I'd recommend using a serial as the core method for authenticating your software. Preferrably a key somehow based on the name & e-mail address should be used, having your name on "the record" is a deterrence to casually releasing the key on the net. I do not know if you plan to offer a "trial/demo" functionality (something I'd recommend, as try-before-you-buy is always good) but if you do then I'd suggest an additional "hardware-fingerprint-hash", displayed when he installed the trial version, of maybe six letters that the user is asked to add in his activation e-mail. Make no issue out of it if he wants to re-activate the key using a different hash, only if there are over two or three dozend of activations from the same user you should raise a red flag and take a deeper look why he changes his PCs that often. As an additional defence against piracy be certain to monitor the "Serialz" websites and maintain a blacklist based on the serials that appear there (and to put the heat on the guy who purchased that serial). Release updates on a regular basis, and include the blacklist in them. Also, with each update, slightly alternate the way your program checks the serial against the username, and make sure "old" executional files are not compatible with the new updated version, so if they want to bypass the serial check, they at least have to do it over and over again with each update. I'd use a slightly sloppy way to check for serials, i.e. a way that allows slightly more serials than it should, to make it harder to create a keygen (and to create headaches for said keygen once the key is used for a newer version). Alternatively do only a partial check on the serial upon entry / program launch, and perform additional check if certain important functions are used. Throw an obscure error message if the initial check is passed but the laters checks are failed (usually sign that someone tried to crack the program, bypassed the initial check, but failed to crack the later checks). Recommend that the user contact the creator for a bug report, for the offside chance that a legitimate user manages to fudge up his serial "just right" to trip it. Once a keygen surfaces (that is a once, not a if) change the key-generation scheme in the next major revision, be sure to apologize for the inconvenience caused for your registered users (both in the update and e-mailing them) and send them new keys.
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
BUT. You should provide benefits for registration and you should let people know clearly that they are using unregistered software, and that you know.
Why is the right amount none? I don't believe that we were unique when (in a past life) on removing copy protection on our software, our sales grew by about 20%.
I think people want to test software before they pay for it, and copy protection stops them from using a try-before-you-buy approach. I think that most people who can afford the software and who think it's good value will pay for it whether or not there's copy protection. The others won't, but they may be an advert. I think it's more likely that companies will pay than private individuals, particularly if they are worried about sanctions posing a risk to their business.
So, include no active copy protection, but do include measures that let people know the status of the software very clearly. A nice bright - 'Unregistered software' on startup + a similar notice on screen + a similar notice on print outs + these notices should change so that they don't become background that is filtered out of consciousness + a help link to your registration page + a note in the help about why they should register the software [make a point of saying that it's not just their company that is breaking the deal, but them personally] + a record of the IP address on screen + a note to say that the software phones home to say it's being used, with a note of what it tells + a note about benefits of registration - e.g. registered software gets automatic update notices + whatever extra benefits you can think of that are only available to people who have registered. The point is to embarass people into paying if they are on the borderline, but not to annoy those who will pay.
If you are being clever, track the number of times a particular copy is used, and let the user know. And let them know that you know.
Also make provision for unregistered, old versions of the software to become free - i.e tone down the notes when they are 2 versions old, but replace with a sign that says 'Version 1 is now free for use provided it's not used with projects of more than 100 steps. Version 3 includes many useful features and is only $150.' Old versions become adverts: after all, you aren't selling them anymore, and if someone hasn't paid after 2 years, they aren't likely to start now.
You also have to make it ridiculously easy for people to register, and even more importantly, for people who have previously registered, who change their machine, or who lose their hard drive (or whatever) you have to make it incredibly easy for them to retrieve their registration.
Put *NO* barriers in front of people who want to pay you, or who have paid you. These are the people who need your love because a major portion of profit on commercial software comes from upgrades.
Hope that's useful.
Jeff
If you can guarantee internet access in most circumstances:
Provide value added web only services tied to a user account. These services could be embedded in your application, but be subscription or a 1 time fee. The base application you could give out for free, but depending on what services you provide on the user's online account they'll want to pay you the fee to have an account. No license keys! But you do then have to provide some web-based services, and if your site goes down, all your paid users lose their paid functionality.
If you can't guarantee internet access, or can't identify services that would work well attached to a web account, you could go the route of the "phone home" license key. tie the serial number to a simple e-mail address db, and track the number of computers on each key. The app doesn't immediately degrade if it can't get online, but if it does get online, it adds to the count using that key, beyond some arbitrary number, the system notifies you, and you can reissue the original user a key via their stored e-mail address, and then you can blacklist the old key (degrading any future machines and any old machines as they ping home). In this case truly determined people can block internet access from your program, or they can keep the computer offline or they can go through the effort of patching out the license key call and they'll still have a free copy of your software.
Really it's a question of how much effort it takes to get around things vs how much annoyance things become for the real users if something small goes wrong.
Gravity Sucks
Assuming that your program manages to differentiate itself from the 255 million other software programs that do that exact same thing, the answer to your question is none.
If the piracy community wants your software for free and considers it worth having, then they will have it. You can't do anything about it. Ask Apple or Sony or Microsoft about how much money they spend protecting their software from piracy. Ask the 16 year old kid from New Jersey how many episodes of Pokemon he had to miss to destroy that protection.
Is where I'm going with this making itself clear? You are already jumping into a small pond full of big fish, why waste your energy and resources attempting the impossible? Use an honor system, and hope that enough honest people use your product to justify your expenditures.
Use a serial number scheme and post a non functional "crack" on p2p networks.
"While I don't wish to burden legitimate users, I do want to prevent most piracy."
This will not happen. Cracks for very heavy-handed measures will be available to exactly the same people in exactly the same ways as a cracks for a simple serial-number check on installation, ergo a simple serial-check will get you 99.9% effectiveness of any other software system.
The only things I have seen that seem to work are the hardware usb-dongles; the earlier ones were cracked but the new versions seem to be quite safe. (but they cause a number of other issues and don't qualify as non-intrusive).
The only other real "strong" option seems to be hardware dongles. I hate them! I don't have a parallel port anymore, or a floppy disk drive, and I hate carrying extra crap around if I want to use stuff on my laptop.
The license key I entered was "unoriginal", and the software knew.
I believe it said something like: "You do not wish to pay me for this software huh? Well, fine. But please then donate some money to UNICEF."
And the software continued to work with that code.
I liked that. Some people can't afford to pay for each bit of software, but still need it. It shouldn't be made easy for those people, but it shouldn't be impossible either. One day they'll pay.
B.
Every experiment which ends in a big bang is a good experiment.
If you want to have an evaluation of your software, simply don't provide it with full functionality. If you allow a fully-functioning version of your program
by simply entering a code then it will look very tempting to reverse. Instead, compile a demo with the certain functions and data completely removed. Then, on your
site, have a downloadable full-version with no restrictions. If you feel that you need to protect your investment and your company is willing to invest the money it
would take to do so then you could look into binary watermarking.
Consider your potential customer:
You're writing project management software, so we're probably talking 150-200+ employees. Companies of this size are going to have some sort of security policy in this day and age, and potentially (depending on your market segments) may be on closed (meaning no or extremely limited external internet access) networks.
There's a good chance at the low end of your customer base that they will have some variety of managed software push in place where IT pushes down software and licenses to the workstation users, and it's almost a certainty at the high end of project management using companies (my primary contract fits into this category, and uses centrally managed software).
I'd therefore recommend a model that allows for central licensing, preferably with no need for IT management to install a license server (lower barrier to entry for your application) and does not need to phone home. I'd suggest a license key mechanism with an optional ability for volume licensees to share a single license database via a network connection.
Will it be hacked? Yep, naturally (but you sound like you're clued enough to have worked that out without my help) but you're trying to keep honest people honest here. Let's face it, do you really care if you have one or two users install it for free at home to hone their skills if you just sold 500 licenses to the multinational who employs them?
Large organizations have busy IT depts who appreciate it when software developers make their lives easier. Having an IT dept pushing your software over your competitors can only be perceived as a good thing, so take advantage of it! IT can put up very effective roadblocks if they perceive you as making their life more difficult and impeding things such as system imaging. The last thing you want to be is branded "incompatible with our environment" by your customer's IT dept.
Cheers,
Minupla
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
Define 'appropriate', and you will have your answer immediately.
If you want to maximize immediate profits at all costs, use the most powerful copy-protection you can - phoning home, disabling suspect keys even at the cost of inconveniencing paying users, etc. etc.
If you believe the project has long-term possibilities, then you need to start worrying about pissing people off. Don't phone home. Minimal product activation once at installation.
If you believe the product has world-domination possibilities (i.e., that every product manager or whatever in the world will use it) then remove all copy protection. People pirating your software are part of your market share. Also, consider opening the source in an appropriate manner.
And if you are asking about 'appropriate' as in ethics, then certainly open-source the app. Note that this does not mean abandoning copy-protection! GPL (even GPL3) apps can have copy protection... it is just possible to remove it. 90% of users won't care about removing it (or know how); 10% of them might. Not a big loss considering the advantages.
Turn to page 46, what is the first letter of the first word in the second paragraph? Bring back photocopying!
License management software. Very common.
Deleted
I can just see the grin on the editor's face as they noticed this one...
- Argentina
- Chile
- China
- Pakistan
just to name a few. Granted, number one outsourcing is India but by far is not the only one. for companies looking to outsource it the world is their oyster and us is the part that gets thrown away(the shell)Since you are talking about corporate software, I don't think any copy restriction measures are needed at all. In fact, make the full uncrippled version downloadable freely for personal/evaluation use. Of course charge $$$ for full licenses and "support". Companies need the ability to evaluate software before buying, do not want to be encumbered by crazy copy restrictions, and they almost alway will pay for the software because they always have to have "support".
Oracle lets you download much of their software for free for evaluation purposes. And they are doing ok.
This reminds be of back in the day when ID software made episode one of Doom 1 available as shareware. Where did giving this away get them? At one point, reportedly, Doom was installed on more computers than Microsoft windows! And enough of those people bough the full version that ID was laughing all the way to the bank.
They didn't learn anything though. I bought Doom III but haven't even played it because it requires the Cd to be in the drive at all times. Complete unusable crap. And I won't buy other games these days because of the stupid stuff game makers think they can get away. Games are supposed to be fun. When they root my system or inconvenience me with restrictions, they are not fun.
and there is no "right amount of copy protection". Its a waste of your time and money to even try and implement it. If someone wants your program bad enough and you have some form of copy protection, they WILL find a way around it. Any argument it is intended to deter the casual user, etc is complete and udder bullshit. So forget about it.
My karma is not a Chameleon.
data protection act would surely prevent this (holding information that you do not need/ is not relevant/ will not be updated)
As a veteran of the first copy protection wars, let me give you one simple insight that should guide you:
"Thieves don't buy"
Software thieves will not pay for your software, no matter how much you lock it up. If they can't get a cracked copy or code, 99.44% of them won't use it. It doesn't matter if they still live with their parents, or are the CEO of a big company; thieves don't buy.
Thus, you must tailor your strategy towards supporting your non-thief customers, while minimizing the parasitic cost of the thieves.
Consider doing this:
* Require registration for support, not for running the program. If they run an unregistered copy (ie: no serial number), give them full functionality but remind them how to pay on startup, gently. Perhaps do it only when you do the weekly update check, or whatever. Support is your major marginal cost, so you want to try and avoid giving support to the thieves.
* Phone home to check for updates, but continue to run no matter what. If the phone-home does detect a registration conflict, alert the user ("someone may have stolen your registration number") but continue to run.
* Explicitly disclose what your phone home does, and allow the user to disable it, or the registration check, if they so desire.
* Provide a way for your legit users to get logs of the phone-home information. Say their laptop gets stolen; the IP address logged on the phone-home could mean it gets recovered, you're a hero, and have a customer for life. But have strong data privacy rules about the information and how long it gets retained.
* If you have a product with low/no marginal costs, consider letting your users decide how much to pay you (works best with small ticket items). See http://tipping.selfpromotion.com/ for an essay I wrote on this some years back.
* Always remember to add the clause to your software license that makes Bill Gates promise to become your towel-boy.
The easier you make it for your honest users to pay you, and the more helpful you are to them, the more you will be paid.
"World Domination - a fun, family activity"
The problem with digital media; it's digital and can be reproduced and transferred easily. Non-standard CDROM formats are just as ill fated as the physically damaged floppy sectors of the early 90's. The spell books for entering RPG games were easily xeroxed or scanned, and anyone that can trace a program through softice, or ida, can circumvent dongles and just about anything else. Copy protection is a false sense of security that will cost you a lot of money. There are plenty of snake-oil salesmen out there to sell you neet whizz-bang hardware and software libraries that don't really work like they told you. I read something in a Louis Lamour book once that said "There's always a faster gun" and it's true. You can put all the copy protection you want on something, and there is always someone who can undo it. Don't you think windows, with it's infinite pool of money and software budgets, would have figured something out by now? A lot of people argue M$ hasn't because they want their product plastered all over; pirated or not. I think that's BS. It's a convenient answer for a problematic question.
boycott slashdot February 10th - 17th check out: altSlashdot.org
Never heard of it I see...
Short answer: nil
Long answer: none
1. Install keys are a pain, but we're all used to them now and we accept them. Very few users send the software back or refuse to upgrade just because of install keys.
2. Phone home activation is a bigger pain. It gives you some control but can cause headaches for the customers IT dept. It can also make cracked versions more appealing, and makes non-internet connected computers impossible to activate. In general though, it is acceptable if its a once only affair. However, regular phone-home checks are more than enough to sway the purchasing decision against your product.
3. Locally installed license servers can be a pain, but they offer both you and the end user complete control over whats going on. They do represent an initial setup hurdle, but after that they offer considerable flexibility in that the end user can install your software on all the computers on their system and then there is a limit applied on how many clients can run at any one time. Your customer can then buy a small number of licenses and upgrade to more if necessary. Obviously this still needs the customer to have a decent internal network, but not necessarily internet connected, which is an issue in some places.
4. Hardware dongles are just a menace and a guaranteed way to drive your customers away.
At the end of the day i think you need to evaluate how important your software is to your customer. If its critical, and they have no alternative, then you have the option of going the Microsoft route and pissing them off as much as you like cos they need you more than you need them. This may come back to bite you in the arse.
If your software has little or no value to the home user (i.e. they have no use for or it or wouldn't pay for it anyway) then you can probably get away with just a license key activation cos business customers tend to be a little more honest by nature. This also makes your product appealing to small companies cos they can buy one license (so they feel honest) and use it on 3 or 4 computers. This *is* technically "stealing", but you've still sold one more copy than you might have done.
If you really want to have total control, and you think your customers will accept it, then the license server is a good choice. Your sales people should be able to dress it up as a convenient way for the IT staff to manage their licenses and if some sort of phone home is needed then only one hole needs to be drilled through the firewall. In future revisions you could also expand its role into an update server or something.
It is possible to do some mix and match. For instance, Intel distribute the free versions of their C++ and Fortran compilers with both a phone home activation code AND a license key file. I find this to be quite convenient (though admittedly it doesn't stop the software being replicated across several machines). You could for instance sell single or double licenses to small companies (in the expectation that they will use it on more than one or two computers) and sell license servers to larger companies (who might be more strict about license accounting). This sort of flexibility (not adopting a one size fits all approach) would reduce the chances alienating whole segments of potential customers.
So in summary, you are selling a product and that product has to be acceptable to your potential customers. If its not, they won't buy. Consider your target market and implement your controls accordingly. And if you can afford it, don't be afraid to offer flexibility in the licensing systems.
A while back I wrote an app that was key activated. The key had two components. The first was the name of the person that it was sold to (from the credit card) and the other was a hash of that name, the version number, etc. The user needed to enter both in order for it to work. (And the two needed to match, of course.) My thinking was that using the name in plain text would make it personal and encourage the user to not give it away while still allowing them to do what they thought was reasonable (running on both a laptop and desktop, for example). Basically, a gentle reminder to help honest people stay honest. The dishonest people are just going to hack your binaries anyway.
Devon
Yeah that's what I said buddy! I mean if you are going to protect your software by phoning home, requiring online activation or disabling license keys, you might are well go all the way and completely screw over those pesky paying customers! That'll learn 'em! Muhahaha! :-/
I've heard a Camorra Hit Team is quite effective. Have the software phone home the IP, track down it's position with Google Maps and some IP-to-map service and fork off some of your revenue to pay the mob to take the licence offender out. Your local Camorra Joint might even offer a subsciption which could come you cheaper if there's a lot of rippers distributing you software. ...
Maybe you want to try it yourself. The Steyr AUG Sniper Rifles are good for this sort of job, but you can resort to a bomb under the carhood if target is active only outside workhours (which hackers and crackers often are). Good Luck.
Jokes aside: Honesty, Fair Pricing, Good Service, Licence Key Generated from licencee name, no phoning home, Website to refetch the key if the customer looses it/can't find it/is to lazy to look for it. As a rule of thumb you can say it should be easier to refetch the key from the web/email than to open the drawer and rumage out the booklet where the licence key is written down. If you follow these simple rules it's likely you'll have the lowest possible piracy ratio.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
I have no idea how, when I hit Ctrl-V, "Seattle City Light" came up as the subject of this post, but:
Your corporate customers will, on the whole, pay for your software.
You're wasting your time coding vs. the miscreants, why are people so perpetually clueless about this?
I beg to differ. Your time is a finite resource; it does not scale. You take a successful grass-roots open source project and the only hope in Hell you have in making money is attracting some investors, hopefully enough in the first round or two to build up that support business, if it exists. Niche home application? No big support contracts for you.
Until then, you're going to be holding down a day job, a family, and supporting your project at night, goading your users for PayPal donations to pay for new features.
Thankfully, most of the great open source projects were never created with "tons of money" in mind, or they would've been jettisoned a long time ago.
If the personal information was just used to generate a hash sum then you wouldn't need to worry about data protection, but I'm still not convinced that the solution is a good one.
Most people are going to be reasonably honest but a little bit lazy. They'll copy it without really thinking about it so you need to prevent this behaviour. Very few people are going to go to extreme lengths to hack your copy protection out, and there's no stopping those that are so you'll just have to tolerate this.
I'd suggest going for a simple registration key system. Installation produces a random number and this is used to generate a key for the specific installation. Don't require the software to phone home. Way too much hassle dealing with use-cases (what do you do with unreliable network connections? Can you be sure your servers will always be available? What if your company is firewalled or your IP address changes?).
A much better question is, how can we maximize the rewards to our paying customers for providing us with the income we need to pursue our chosen path of software development?
The answers are:
You know the people who will insist on paying you when you mom their lawn, carry groceries, etc.? Those are the socialized, economically stable majority. They'll pay for good stuff as long as you price it sensibly and shovel value at them like it is going out of style (it actually seems to be in some cases, so use that instead of being part of it.) There is simply no need to go to war with everyone else - be a leg up instead of an obstacle to overcome.
I've done extremely well using this approach, as have my loyal employees. The only thing I would raise a flag about is you actually have to have something worthwhile; if you hand customers (and non-customers) bloated, cpu-hogging bugware, no amount of good will can counter the negative effects of the software itself.
I've fallen off your lawn, and I can't get up.
What type of software is it?
... or about $8M in license fees. That's a bunch of mortgage payments, if you ask me.
Who are the typical users?
How much money is charged for this software, if any?
How widespread is the user community that will really get any value from it?
Ok, if you have the latest - gee wiz movie collection manager, a simple license key, if any protection is used at all, should suffice.
If you have the next Oracle DBMS system - who doesn't have any license protection BTW - then perhaps a network-based license server should be employed. Be careful about expecting the software to be able to "check in" with your license server. That shouldn't work inside most corporate environments.
And finally, I'd wait until piracy actually becomes an issue before adding license key overhead.
For example, I worked in a small company writing client server software to help manage parts and supplier selection for engineers based on price and the capabilities of each component. We didn't have any license management or protection for a few years. Most companies that bought our product really wanted a license server to help them ensure they were completely legal and following the terms of our agreements. They really did. Then there was a company in Japan that was different. They had purchased 50 licenses, but had installed the software on over 5,000 computers. Our license was by concurrent user, so this could be completely legal. I implemented a commercial network license manager and we deployed it with a major release. Included in that deployment were usage graphs that anyone could use AND we included the manuals for the key server in whatever language the software was included. All license-based error messages were carefully crafted to explain exactly what the issue was and we deployed redundant, voting license servers. Only this Japanese company had any issues with the license servers - and only they actually tested our software for Y2K compliance out of 200 customers (isn't that scary!!!!). I know because changing the date drastically on a computer system was considered an attack against the license key servers and it would stop issuing keys.
Anyway, it seemed most than 3x the licensed users were using our product
>> I'm currently working on a piece of commercial software that will be available through a download and will use a license key to activate it. The last thing anybody needs during a busy project is a scheduler that can't be reinstalled because the email with the license key has been lost or the activation part of the software craps up. >> The software is aimed at helping people schedule projects and will be targeted mostly to corporate users. Don't make assumptions about who might use your software in what setting. Your customer may be a project engineer or construction manager who uses your software in the field on a laptop and can't get to a useable internet connection or call IT support staff when the license activation craps up. >> With the recent Windows Vista black screen of death, it got me thinking about what sort of measures I should go through to prevent unauthorized users from using the software. Microsoft is the last company you should emulate if you want good long-term relations with the end-user. Their reputation as a company has gone down the toilet with the "activate me", "gotta check if I'm genuine" nonsense they are piling into their software. >> How much copy protection is appropriate? Is it acceptable for the software to phone home? If so, what data is appropriate to report on? Would you use a project management software that transmits unknown quantities of data over the web on a serious project? A lot of people wouldn't.
I mean, really.
When you ask this sort of question on Slashdot, do you honestly expect to receive any answer other than "none at all"?
Editor Emeritus and Senior Writer, TeleRead.org
IBM flat out removed license keys from some of their software. It was used by big businesses, everyone that needed it had a key already, and it made it easier for people to setup labs and learn the software so they would want to use it. Of course, their software is big enough and visible enough that the risk of someone reporting a pirate install is too high for most. And they make sure to get paid well for support. In the end, they simply looked at their customer and realized that stopping pirates does more harm to their business than good.
When you get into the personal market, that model changes. But since you are targeting businesses, the most I would do is call home from time to time to let you know where your software is being used, but not to disable it. Then you just use places with an unusually large number of machines reporting back as an opportunity for a sales call to help them get in compliance. Tie the call home in with an update notification service, and most businesses won't have a problem with the connection.
Remember also if your targeting business and a client deployment is required, many will want this to be feasible automatically, and that means no manual activation (e.g. using a licence server which handles site licences, or just using trust).
In many corporations requiring individual serials or activation per client will get your product bad marks in the evaluation.
Try NetBSD... safe,straightforward,useful.
If you plan on using the "pay me after I release the software" business model, the solution is simple. Write quality software, that is abundantly useful, and provide shit all no service to unlicensed users. If people really need your software and need help they'll pay for it.
That being said, a simple one-time CD key entry combined with online activation is probably enough to stop most casual pirates. Doesn't have to WGA style, just a simple one-time "is this key taken" check.
Tom
Someday, I'll have a real sig.
just run it as a web service. no software to install, no worries about piracy.
Remember that it isn't important how many pirated copies it's out there. It's just your sales that count.
Selling 40,000 with 1,000,000 pirated copies is better than selling 35,000 with 1,000 pirated.
Make copy protection as simple as possible. Make it also as easy as possible to administrate for your customer base (as have been pointed out above).
For a nice date: Call strftime(3C)!
which reads "please do not copy this software/movie/music"
d
all language nazi's will burne in heil!
So, by way of example, I wrote an un-copy-protected software package and released it as "guiltware" - I asked them to click on the paypal link and make a donation to MDA through me. 5 years on, I know people are still using it because I get help requests.
But not one person ever, ever, ever clicked the link.
Clear, Dark Skies
You can do something like the big scientific programs do. You have a flexLM license server running on a server (the computer the software is installed on), for 100 concurrent users for example. A business can have as many installs as they like, but only use 100 copies a the same time. You can "lease" a license for a while if you like (laptop) if the server is configured to allow that. This is beneficial for the business because they never need more licenses then that are used (for example, shifts with different computers), but never exceed them (legal problems!).
I am not as knowledgeable as most replies here but I can tell you which software I bought and which I didn't. Maybe it'll give some insights.
===
1. Fraps. Bought.
Copy protection: reg key
Tried the trial version many years ago, cool to record your games, not much games needed recording, and youtube wasn't out. Forgot about it. Later when youtube hits the web, there're some stuff I wanna post up. Insta thought of fraps. Googled it, wow this guy's still at it! I can easily crack it, but bought it instead because it's "worth" it and the dude is still working hard on it. Lifetime upgrade, smooth running program. Would I've bought it if it was $3449 usd? Probably not. Even if fraps didn't require a reg key, I would donate to it. Why? It does what it says it does, and it does it in a quick, smooth, no BS way.
2. Steam. Bought.
Copy protection: online registration (MMO account style), clean, works instantly after format, no backups necessary
When I felt like playing CS again, it installs steam by default. Thought nothing of it. Later when HL2 came out, pirated, played first map, blew me away. I emailed dev and asked if they will earn more money if I buy it off steam or the box. The answer is "same". But I skip the publisher anyway and bought off steam while I already had a copy in my hdd. The game was so good I didn't mind the $50 to show props. Again, smooth running, works as advertised. Doesn't cost $4k.
3. Famous photo editing software. Pirated.
Copy protection: activation key
Can't afford, but need to use. New version every year (not sure, maybe 2 years). With newer version files non-importable back to older version without losing some data. Cannot afford every new version upgrade price. Would I pay for it if it were the same price of a PC game? Definately. Would I pay for it if it were the same price range as some less reputable photo software? Yes. Would I pay for Winning Eleven 8, 9, 10, 10 Evolution every year just cuz the jerseys changed? No.
4. Famous OS. Pirated.
Copy protection: activation key
Can afford, however doesn't always do as advertised. Requires tremendous attention and work to make it work smoothly. Makes me nervous when people need to use my computer as little voice says they will screw it up and it'll cost you another 3 hours of my finite life. Not sure if I will get MORE support by paying for it. Worst, not sure if MORE support will make this experience "better".
===
I guess what I am trying to show is, and my general direction towards CP is that the the best CP is no CP. Instead, make something that is truly fun, good, happy, addictive, smooth, sexy, that people want to pay for it. Your software might not be at the Ferrari level, but at least make it so that people feel like pirating a Mercedes is teh ghey. Pirating a Hyundai is less so, you agree? It doesn't have to be cheap, look at Smart car. Nice, cute. But if you see a pirated Volkswagen beetle, you'd immediately think it's ghey. Pirating ipod? Ew. Pirating a famous memory makers' mp3 player? Sure.
I generally agree with the fraps direction. Pay once, use it for life. Lifetime upgrade, lifetime URL to download the upgraded version, quick, fast, and malware free. Pirate it? you gotto search for the seeds every single time, read comments, and virus scan it every time buddy.
Think bigger. Look at the size of their company and just sell them a bulk site license. Don't bother counting the licenses on a per machine basis. Likely at most a fixed percentage of the people would be using it. Renew the license once a year or whenever and charge based on size of the company.
The answer is, as for any good questions: depends.
A few rules what not to do:
A) "Phoning home required" and "online registration required" means "won't use this".
B) Crippling unregistered versions is a bad idea for business software - they need to spend more on IT support.
C) Time-limiting your software is a no-go - the limit will be exceeded in the middle of an important meeting/negotiation, and your software will be eradicated in two days.
D) No matter what you add, pirates can remove it, but legitimate users will suffer.
E) Never take your client's data as ransom - you will lose your customers if you do (in this particular case, a read-only access for unregistered clients could be acceptable).
A few rules what to do:
A) Printing nice license certificates will get you more money from typical business users.
B) "Phoning home for updates if accepted by user" and "online updates are available only for registered instances, offline updates are available only for registered cusmtomers" is OK - they feel they get support.
C) Giving volume licenses will save some headache for Business and for you (if they need 7 license, they will likely to buy a 10-pack for a price of 8 licenses).
D) Offer site licenses based on the size of the company, if they ask you about the price/discount - that way, your software has a chance to become "the internal standard".
D) Unique ID is a good idea, as long as it is visible to the user and the software is working even if not capable to phone home (a red "unregistered" label is a good reminder for legitimate users).
E) If you add time-locked registration codes, you should make it possible to load multiple codes and continue if at least one of them is valid.
F) Consider building customised instances for them - like embedding a background image of "Licensed to company X, for 10 seats".
G) Offer them absolutely copy-protection free versions for double-price.
H) An automated version check in the background (no serial, just checks an txt file via http) will give you some info if you have access to the web server logs and will be considered as a feature.
People who would pirate your software will do so anyway. Rather than being deterred by copy protection, they will simply be annoyed that your software doesn't allow them to pirate it without a fight.
People who buy your software will also be annoyed if your copy protection gets in their way in the slightest.
Copy protection seems to be lose-lose. If only people in general were honorable enough not to pirate software...
-:sigma.SB
WARN
THERE IS ANOTHER SYSTEM
Game companies will have one legit copy of 3DS Max. And twenty copies of a japanese-sourced cracked version.
Then whinge when people crack their SecurROM protection on their games...
Thanks for all the comments everyone. I've been reading through them and have some ideas. Here's a scheme I had been considered that might address some of the concerns brought up.
1) Upon purchase, user gets a license key.
2) When installing, the software generates a random (somewhat) unique installation id
3) The license key is checked locally, with no net connection required.
3) Upon app startup, if there's an internet connection, the software phones home with the software version, the license key, and the installation ID
The phone-home also gives a version-check to let the user know about any updates.
4) We log the license key and installation ID
Someday, we do some data analysis and find any license keys with a large number (maybe 5, maybe dozens, not sure) of installation ID's. The data analysis should look for interwoven log records of installation ID, because the user might have uninstalled it on one machine, and installed it on another. Then a person (not automated process) would get a report and be able to investigate and flag certain keys as compromised.
What happens next?
Do we cause the software to stop functioning? (I don't like that)
Do we cause the web service-portion to stop functioning? (I don't like that either)
Do we pop up a window saying, "SOFTWARE PIRACY DETECTED!! YOU ARE GOING TO JAIL IF YOU DON'T STOP!"
Do we pop up a window saying, "Hey, this might be pirated. Go to http://xxxxx/ to purchase additional copies"
Maybe the software does nothing, and we deal with it through customer support. A friendly email to the original purchase agent?
I guess the goal is make honest people stay honest. As many have pointed out, it will be impossible to prevent someone who REALLY wants to pirate the software.
This the the Relevant Section of the NFO Mentioned by the parent
--
H2O does it again.........!!!
Although everybody thought that Syncrosoft and Steinberg had found the
ultimate protection, we prove otherwise.
We admit that it's getting harder and harder to do and this one may
possibly be the last one we do.
Due to the complex nature of the protection we thought of approaching
it from another direction.
The Emulation is now done on driver-level, which means that the Emu
essentially mimics a dongle, look in the License Control Center to
view the applications the Emu supports. By writing the Emu at driver
-level we probably went beyond cracking an application. The amount of
effort invested in this project is staggering , estimated at over 1500
manhours during cracking, developing & testing, and probably will
never be done again.
We hope u enjoy this release and the motto "if u use it alot then buy
it!" applies
PS1
Note to protection coders :
Unbelievable way you transform an application. We estimate that
between 30% & 40% of the application are wrapped in the script
protection. Protection is one thing but this surely effects an
application performance. You probably could get a performance gain of
50% without the protection!!
Think about this : Once broken, the protection is , what ????
"I reject your reality, and substitute my own" - Adam Savage
The goal of most copy protection is to prevent "casual copying" - where you can just drop it on your flash drive and shuttle it home and pop it on your machine.
The use of license codes to prevent CC has never been terribly effective, but it's on the "too easy" side of the fence, so most people don't mind. It doesn't take it quite as far as it maybe should, but doesn't take it too far, so it's tolerated.
When we start talking about license codes you get that are tied to your business name (where the Name and License fields have to agree with each other to install, and then they plaster the name on the opening banner when the software is launched) is where we start questioning the invasive nature of the software.
At the far end of the scale is the online activations. These have been addressed in this thread but most of them missed the most important point. The software will be installable (or in extreme cases, usable) only as long as the author is around. If the author's business closes and a year later your HD crashes and you pull out your restore disk, you cannot 'activate' it anymore because the activation server is down. We have not actually seen this problem come up too much yet which really surprises me, but it will happen. Actually, most of the "honorable" authors have released a crack that strips off some or all license requirements after they go out of business. I've seen several other software that many years after release, the final software update the software offered removed things like requirements for the CD to be in the drive to play the game, etc. Even though most authors seem to be good this way, it's in no way required and I really loathe buying software that requires activation for this reason. It pisses me off to think that if a business in California closes it could render a piece of software that I depend on useless, after I have paid for it.
Some companies are notorious for having viscious systems Quark comes immediately to mind. DP is another. I spent almost four hours assisting a customer last year trying to get DP reinstalled following a HD crash because he'd owned it since version 1, and had purchased upgrades all the way up to something like version 4.5. So we had to dig up his FLOPPIES, find a floppy drive, and install version 1 on a different machine (that could run the version of OS that v1.0 would run on!) Then upgrade to version 2. Then crobar it onto a newer machine in a usable state. (it wouldn't run but it was enough for the upgrader to accept it) Then upgrade to version 3. Then 3.5. Then 4. Then 4.5. Had to find the upgrade codes and software for each and every one of them. (we could not find one set of older media and I had to go find a copy elsewhere) Frankly I'm amazed we pulled it off, I was almost certain we were not going to find everything we needed. But he did keep all his goodies well-organized which is the only reason he wasn't left to buy another full version of DP.
This perfectly illustrates why software should not be aggressively protected. For any nazi software developers reading this, take note. If you make an upgrader, make it be able to accept the typed in serial number of the previous version as an alternative to detecting the previous installation on the HD. And if they put the previous number in and it's an upgrade, for gods sake don't ask for the next older sn. We don't always keep those things back to the 80's. I've deal with thiat both ways in the past, one of them we had to dig up four sets of SNs to get something installed, but at least we didn't have to hunt for ancient media. Another stopped at one upgrade level and just assumed you had all the prior licenses.
Problem is they already have your money at that point, and there's no motivation to make REinstsallation painless. Some of them I think could really care less.
I work for the Department of Redundancy Department.
I am in exactly the same position actually :)
:)
But WinRaR is something I use very sporadically, twice a year perhaps. Windows Commander is something I use every day. Ironically, I don't use WinRaR so often as Windows Commander has really great built-in rar handling
I wouldn't expect to pay, or HAVE to pay, for software I use once in a blue moon, but for something that you use regularly and often, nagware is often enough to get you to pay.
The best method I've really seen is at the company I used to work for, Maxon Computer, they make cinema 4d. The only stuff you can really protect against is casual opportunistic pirating. Ie a company that buys a copy and puts it on several machines at once instead of buying several licences; which by the way is extremely common amongst smaller 10 man studios. C4D uses a serial number, this is very little burden for you or the customer. The serial is not tied to the hardware in any way; its freely moveable and installable on any machines you like. The check is simple, it checks the network to see if someone else with the same serial is already running the software, if so then it just doesn't load, that's it. Yes, you can in theory start yanking out network cables before you load it and so forth but this isnt really an option for most, crawling under the desk, losing shared network drives of media etc several times a day. Just make a personally identifiable serial number to scare some away from giving it out and add a network check to stop people casually spreading it around the office. If someone wants to copy your software for free, they will do it, no protection will save you, just accept this and don't burden your paying customers with annoying crap. - Dongles cost money, you'll have driver/os issues, they'll break, they'll get fried and corrupted, they take up slots, they get stolen, they are truly crap IMHO. - Tying your serials to NICs is a hassle and you will be forever sending new serials every time someone upgrades their computer, you don't want to set yourself up for this eternal headache - Online checks, lets not even go there.
"how can my licensing mechanism best help legitimate customers track their licenses"
Yes, because legitimate users have nothing better to do than track their licenses. They thrill to the thought. They bought the software to save time, but it comes with the "long tail" of now needing better help to track this new software. Thank goodness you were right there to help them with that new license tracking task you've given them.
Just be honest. Say "you need a way to remind otherwise legitimate, fair people that they have to pay for every copy they use without pissing them off".
There. Doesn't it feel better to be honest and not resort to stupid marketing doublespeak?
Though it is hard to accept, pirates are better than us; they have to concentrate on a very small piece of code, while you are investing all your business on a lot of functionalities.
Invest in the quality of your software and of your support services; if the software is good, pirates will play your game: your software will go round and round, and you will save a lot of money in advertising.
You could also prevent piracy: just adopt a non-commercial free licence, so that you will push on the user responsibility; the more people uses your software, the more you save money in training and support, and more companies will feel confident with your product.
But, when a user calls for support, you can ask an installation code provided by the installed software, so that you can link the license to the customer. Then you can get money for problem solving, for a prompt response time for bug correction and patch and upgrade distribution, etc.
And you can always change your mind about DRM in the future: please remember that for a company the bigger cost is not to adopt a new software , but to switch from an existing to a new one: start as soon as possible to get new users, and do it before your competitors do.
Andy
Another feature: make a reasonably functioning copy available for 'educational' use (depends on what it is if you can use this). This means people can use it at home, play with it and get familiar with it. Any commercial use requires a license.
In that context I like the previous idea as well (although there are security risks associated with uncontrolled data sharing between machines - it's an open question if a decent Windows firewall will let you!), because it would allow you to offer an 'as a book' license which is IMHO the fairest license possible. It means a copy is only ever used by one person, like a book, even though installed on multiple systems (desktop, laptop and PC at home). The 'as a book' idea came (AFAIK) from Borland in the days of 'Turbo' (Turbo Pascal, Turbo C et al).
Insert
Customers should feel that they are not paying the price for pirated copies in the wild. They should have a vested interest in keeping an encryption key safe. If you sell your software for $30, they might not have that, sell it for $900, and they might think they are paying the price for pirated copies, and will think your copy protection is mute as well (unless you sell speciality software). Sell somewhere in between, and use a key infrastructure where the key is tied to a customer's account.
... would be to make it cheap enough that I just don't care about stealing it.
Other than that, everyone is used to having to put in keys, and having it check for authenticity before updates is plenty of incentive to have a legit copy.
-T
If you are thinking of having your software deployed in a corporate environment - think again! A lot of places use tools like Windows SMS, AD Windows Group Policy and the system used in the undergrad labs in college here - Novell Zenworks. With all of these, an application that installs in a simple way (using a properly made MSI or NSIS installer) is a breeze for the admins. Once you add things like license checking then you're in trouble. Any host-based license checking isn't going to cut it and end-users should not have to 'activate' it.
Also many businesses don't allow direct access to Port 80 (or any internet port) from workstations that don't need it, and many do not still routinely give WWW access through something like a proxy. Having to make special rules for your specific software isn't going to endear you much to sysadmins. Often too, desktop support is a different branch of IT to things like proxy and networks - more prevelant in big companies.
One very well sold example of commercial software is a jukebox app called Touchtone. The author distributes the limited version freely and you buy a license file to use it. The license file has your name and an activation key encoded, so that if you spread it it's clear who you are. If you buy for multiple machines, same file does them all. No phoning home, and great support, so I bought his software. Do like that and you will do well.
I have lost more "licensed" software due to stupid "registration" type crap. It's annoying. What does it do?
Simple, it makes me not care about pirating the software.
My dear friend,your delusion that ANY amount of copy protection is enough.
Let's review a little history.
As long as I can remember serialz get cracked and even key gens.
Dongles get bypassed.
Nag screens get bypassed or if nonintrusive enough,ignored.
Some crackers do it just to do it.
everything gets cracked.
The thing you have going on most for you is that your software is so boring and undesirable to all but a targeted userbase,that no one cares.
Some users WILL crack it,most won't.Whats your worry really?
Consider OSS and just support and modify for cash.Maybe charge for the help file.If its good maybe a big corporation will pay for a private version.The cream will rise.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Simply watermark your applications before they are sent out - this will not prevent large-scale piracy, but let your customers know that the applications that they recieve are watermarked. That will scare off most of the possible pirates. Also, you could create unique keys easely from the MD5 of the watermarked program + the username.
Alternatively, send out patches through the customers mail, and not through the program itself - and maybe, you could even go as far as making them work *only* with the watermarked applications that your customer already has received.
use a serial number.
keep an eye on the usual places for leaked keys and disable them when you have verified they are leaked and disable in next version.
This also gives you a good reference for who to support and who not to support.
and honestly, if you can't keep up with a key you probably shouldn't be using computers. Why do people get to whine about a key on software when they willingly accept them for cars and houses? oh, wait, that's right, it's OK when it's protecting THEIR property.
but definitely stay away from phoning home and any kind of asshatery.
Really, really bad marketing.
So how do i get the creepy feeling that this guy isn't entirely honest, but actually an elicense marketing stooge?
The install is painless (it installs a license control service that in many years of using I've never had any sort of issue with), and it stops a LOT of piracy.
Err, yes. I have original software too, but somehow the companies failed to send me regular, detailed newsletters about the LOTS of piracy they stopped with their particiular brand of DRM.
It IS possible to "unwrap" the executable, but of all the Elicense protected software I've used, I've only ever seen one game cracked. (Ironically it is the most obscure of the ones I own.)
Yeah, shure, I too make regular searches on the web for cracked versions of the originals i own, especially when the DRM is soooo good that i dont't want a no-cd crack.
And by the way, what are the multiple(!) games that haven't been cracked? I would really like to buy them, if only for rarity value. After all, in the whole history of mankind they are likley to be the only pieces of software ever that weren't cracked....
I am vehemently opposed to DRM, copy protection, call it what you will, but I find Elicense extremely inoffensive due to it's ease of use.
Yeah, i'm opposed to DRM but happy to install extra software on my computer that monitors me. But i am vehemently against everything else DRM-related, trust me.
DRM should not impact legitimate consumers, and this one is the only one I've come across that has never caused me any sort of negative experience.
Software where you have to enter a code ONCE is really a pain in the ass, believe me. But elicense is soooo easy to use, i have to mention it five times. Please buy our product.
DRM-Companies, i beg you, if you let your marketing division run loose on slashdot, at least stop them from taking drugs. Thanks!
As many have previously posted, none sounds about right.
I absolutely detest copy protection systems because I feel that all the do is screw me over. I was serriously considering returning Bioshock because of their hairbrain activation debacle that they decided to keep secret until forced to tell people about, there is _no_ info on the box or in the manual about the activation restrictions for that title.
Anyways, what I'm allways thinking is "what if this fails? Then I'm screwed!". I was considering Vista before I heard of this black screen lockout but what if that subrotuine or what ever it is that handles that part of the system fails on my genuine copy? I dont want to run software like that!
Copy protection systems also seem dead set on mucking things up in the system they run on. I recently downloaded process explorer from microsoft to see what all those anonymous svchost processes was up to on my machine, guess what? Anything requiring SecuROM (like Bioshock) will _not run_ if you have run procExpl. The only way around it is to reboot.
Long ranty thing this post. As others have said, trust your customers and spend your time and money on making the software so good that they will want to give you money for it.
If your target is buisness users, this sort of "phone-home product activation" scheme is going to cause you and your customers a lot of grief. The install might be "painless" on someone's home computer (assuming the someone isn't ethically opposed to product activation), but it won't be in a corporate environment, where your product may have to traverse a proxy server (or even an authenticating proxy server) to reach the internet.
One of my first assignments was to configure a database for a product demonstration. I had to do it outside of my home country and the software/customer could not provide a connection to the internet to the server.
One of the pieces of software required a connection to do its activation. No phone or snail mail supported. It was so backwards where we had a tech from the software company online and they didn't know how to activate the software w/o an internet connection. We had to wait for them to send us a patch disk that included the activation files.
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
I haven't read the other comments, but I'm sure most of them are saying the same thing. The answer to your question is none whatever.
targeted mostly to corporate users.
These are normally users with budgets for software and policies in place that say they should pay for it.
While I don't wish to burden legitimate users
Any copy protection burdens legitimate users. In fact, the #1 reason I switched to Linux was to avoid entering the God Damned Product Key (TM) when reinstalling Windows.
I do want to prevent most piracy
You can't. Like someone else has said, making bits not copyable is like making water not wet. I would not want to buy software from anyone ignorant enough about computers that they would not know this. Even if you finally decided to do without copy protection, I would still not use your product, let alone buy it, because your post convinces me you know little about computers and computing.
Is it acceptable for the software to phone home?
NO NO NO NO NO NEVER ARE YOU FUCKING RETARDED????? JESUS H. CHRIST I WOULD NEVER USE ANY OF YOUR SOFTWARE, EVEN IF YOU GPLED IT!!!! WHAT THE FUCK IS WRONG WITH YOU?????
You are going to have casual "piracy". There will be folks who use your software without paying for it. If you can't deal with that, go into another line of work.
-mcgrew
The legitimate user - or someone who practices what people call "casual piracy", and some people see as fair use - are the only ones to be nagged. Real pirates will crack the key authorization process and disable the phone home "feature". BTW, while you had the sense to allow for phoning home only if there is a internet conn, I don't like my software (I bought it, remember?) using my resources without adding value to me. This process only helps the seller, not the costumer.
So, only the costumer may see the pop-up screens or get that phone call - right in the middle of a very important project or meeting, smells good. The people who will use a crack never get to be annoyed with it. Perhaps someone who bought a one machine license and installed it in two or three may be caught - and you loose a costumer forever, provided he has any options.
If you don't want people to pirate your software, add some value to your product that the pirates can't. I know it sounds like PHB speak, and it is, but providing you actually do it instead of using it as a buzzword, it works. Give them a liberal license, let them install it on a fair number of machines, and be opened to negotiate discount licenses. Provide a decent support. Release a demo that gives good functionality to spread the word about your product, and encourage its sharing. Don't treat your costumer as thieves, and most of them will be happy to work with you. You will always loose some copies to piracy. If you do it right, most of them wouldn't buy them anyways so the fraction of actual sales you loose is very small.
Where is that guy who'd die defending what I had to say when I need him?
Where do you work? A Deli? 1996?
You run cracked software on a workplace PC here in 21st Century Corporate America, you'll be lucky to get away with a strictly worded warning. Get caught again and your employment will be terminated for sure.
On the other hand, install some nice new DRM-free software in the corporate workplace and wave it around enough and it will get copied and brought home by hundreds of non-paying users.
The answer to the man's question lay in just exactly how good and unique his software is. If he's created the new spreadsheet-like paradigm for which their is no competition, he can attach a big ball and chain to the floppy and Corporate America will still make him rich (God Bless the USA!). If it's "Yet Another [fill in the blank]" for which there are better marketed (e.g., MS) or free open-source versions of, then he'll need a friendlier DRM scheme, or folks will just go with what they know/what costs less.
If it was really useful software I'd urge the company to buy it.
If there was any way it could be made to stop working, I would not.
The companies now who are your target market actually have strict rules in place that do not allow cracked software.
I would recommend making it possible for it to be copied from one computer to another, and not to check on how many copies are installed. Allow the corporate IT dept. to automatically install it on new computers that get started up (sell them a separate autoinstall tool if you really want, so they can keep track of which machines have it - but don't base any kind of charge on that number).
Once you sell it, you sold it to that company.
This is because license management is a royal pain and it seems unlikely that a company will buy from you more than once. Also, it becomes more useful the more people are using it. So companies using more of it will be more enthusiastic about it and tell people about it. You can feature those companies on your website with recommendations perhaps (if they say okay).
If you wish to make a lot of money selling seats, then consider a site license that will be a lot cheaper than the ordinary version if they have a large number of users. But do not even think about sneaking something onto their network. In fact don't do it even if you tell them about it.
Why not rely on honesty. No company will make this a part of their infrastructure if they may suddenly not be able to add a new employee, or have it stop working. Just figure on the general size and sell them it once. This is the model best suited to a scheduling app which is what yours sounds like. No sane company would base their scheduling on cracked software.
If you want later maybe you can add things that will let companies that work together schedule together. That kind of a bridge also is a one shot thing, deploy it on one of the companies and it will work.
Make it easy for them to keep on deploying. It costs you nothing for an extra seat to be made at the same company, but it will be a big merit if they can tell people in house that deployment is unlimited and they can back things up, virtualize, or do whatever they want. At the moment you have no clients. I recommend you make it easy to get it used and don't be greedy. The Internet equivalent of per-seat dongles only makes sense on expensive engineering software. What you need is the opposite model, make it easy for success stories to grow, build value-added products and an online community site, and get it so popular that it is regularly featured in magazines and word of mouth. If you have a good product and eliminate the barriers to it I expect you'll do well.
Second, have you decided how you intend to licence the product? Per seat or per company? There is a fairly high risk of intra-company copying, but you should decide whether you wish to stop this or consider it marketing.
In short, there is no one answer. Thinking there is is not thinking at all.
I just recently ran across a problem with a shareware program I was evaluating. This may help you determine whether or not to use this particular method.
First, some brief back story. I set up my laptop with 3 user accounts, one for me, one for my wife, and an administrator account. I had my privs set to power user, and hers set to non admin. She kept trying to open the system clock for the calendar functionality - and was getting denied. She finally came to me in disgust and said fix it. I was lazy, made her a power user, and went on with my day instead of doing the right fix.
About two weeks ago I installed CMud, which has a 31 day trial period. Two days ago, I noticed that the system clock time was changed, inappropriately, to January 17th 2008 or something like that. I changed it back, and now can no longer open the program because the system clock has been updated during the evalution period. No work around available - I can't just decide I liked the software and purchase it even. This last part boggles the mind - if I liked the software enough to try and bypass the copy protection, wouldn't you still want me to be able to purchase the software?
The answer: Uninstall CMud + go back to zmud. (zmud is good enough for me, once upon a time it was so good that I bought two copies of it - one for me, one for a friend).
Your sig(k) has been stolen. There is a puff of smoke!
I agree completely. There is no reason to waste time and effort on copy protection. Just require a license key, and, if it is shareware, disable or nag after the trial period. The point of any "protection" should be to remind the user to pay, not to force him to do so. Look at games - there is not a single one out there that isn't cracked. Not one. Bioshock, with its phone-home activation? Cracked in three weeks. Half-life with steam? Cracked in a month or so. Search for any game, and there is a crack available. All the games I have installed on my machine are cracked, even though I own them legitimately, because I don't want to swap CDs all the time. Trust me, there is nothing you can invent that a pirate can't crack, so just don't bother and concentrate on improving your software.
I have to agree. You will probably find that the majority of your support incidents will be related to your software copy protection scheme. I have been involved in projects using hardware and software based licensing systems for over 20 years. I can never recommend using software based copy protection - it is too easy to break for those determined and too much of a headache for legitimate users.
Unfortunately, your distribution model prevents the use of hardware based protection. You would find the failure rate of these systems to be at least an order of magnitude lower than software systems (maybe 2 orders of magnitude lower).
I think your only option is to release your software as nagware. If it isn't licensed, then hit the user with delayign splash screens on launch, file saves and exit - with a nice link to your web site to buy a legit copy.
Ok, well, look at your range:
At the most draconian end, you could use USB dongles, and phoning home to servers on a periodic basis (both of which can be circumvented).
At the most liberal end, you can leave the software open and charge a nice low price.
I personally would reccomend a low price which makes the software appear easily attainable, combined with a small, very light copy protection if you abesolutely must have it. No matter what you do there will be pirated copies. Accept it, smile, and ask for seconds.
The real solution lies in why people pirate software - most people can't justify paying lots of money for something they can't even hold. So if you make your software as accessible as possible, theoretically you should see a boom of usage.
Or you could skip the copy protection alltogether, make it free (as in free beer) software and then just make money off of advertising.
*shrug*
Here's the deal: If the software is used in the means of production of my creative work, I will not tolerate YOUR cryptographic control in that process unless I have all keys.
I can accept something like a license key, where I am responsible for keeping the key and keeping the installation media. If I lose one of those, and cannot use the software in the future (e.g., long after you are dead, perhaps even on emulated hardware), that was my responsibility.
However, I cannot use dongles, challenge/response, online or telephone or snail mail activation, or anything else that serves to disable the software.
This is particularly true of any music production software. If there's a mechanism to disable the software as some sort of license protection scheme, I can't use it. I can't use it, partly because of my position on copyright (putting your cryptographic controls in the path of my own creative work abridges MY copyright!), and I can't use it because I'm risk averse (I can't perform with a software instrument that has a USB dongle, I can't record with software that decides it needs to call home, and I can't really use anything that does not allow me, with no communication with anyone else required, to put together a spare host and re-install hardware on a moment's notice.)
Maybe I'm the only person in the world that wouldn't buy your software because of your copy protection scheme, and maybe I'm not.
But I urge you to consider whether you are putting your interests ahead of your customers' (e.g., elevating the need to protect your copyright to the level that it abridges theirs), and to walk a mile in your customers' shoes and consider how your position will be regarded by them.
My reaction to some copy protection schemes is to be fundamentally insulted, and to be entirely unable to enter into any kind of relationship because the company has asked me to surrender my rights and treated the whole thing as though it were reasonable. My position has nothing to do with the right to make copies of software, and everything to do with the right to use the software as the means of production to produce my own creative work and to reproduce it in the future.
Here's an idea: If you *must* use a dongle, make the dongle something that's (1) eminently useful, and (2) essential to the operation. Most dongles are just there to disable the software; that's their only function.
My suggestion is to just distribute a license key, and provide a trial version that works well enough that it's worthless to crack. You'll see keygens and cracks out there anyway, no matter what. Think of it as feedback metrics on the penetration of your product into the mindshare. If you make your copy protection scheme too good, the cracks will be buggy, and will serve as bad advertising, ruining your reputation.
-fb Everything not expressly forbidden is now mandatory.
No matter what you do, no matter how hard you work on it, if your software is decent, it WILL get cracked. There is nothing you can do about this.
That said, some simple kind of system to "keep the honest guys honest" is needed, because without that, you'll sell no more than one copy to most businesses.
It's a MAJOR catch-22, and we spend a great deal of time dealing with "licensing" issues. In fact, most of our support problems are due to people who either can't read, see, or type, or apparently can't hear if you end up trying to help them over the phone.
I've implemented several licensing systems over the years, from simple serial-number based stuff to more advanced floating-license systems using rlm (Reprise Software) on our high-end products, to magical "activation" stuff using Nalpeiron. All of them cost money somewhere (don't forget about your development time). If you're going to be in a corporate environment a floating system like rlm would probably be worth it, and it's not that expensive.
Another thing you might want to look into is a product called Themida (Windows only). It's a software anti-crack "wrapper" and you can do simple licensing with it. We have one piece of software we wrapped with it that is the only software I have worked on that has yet to be cracked.
Licensing is a HUGE rats-nest, simultaneously something you HAVE to do (unless you want to just give your software away) and SHOULD NOT do as it's a huge waste of time. Probably the part of commercial software development that is shortening my life the most.
A manufacturer can apply whatever amount of copy protection he wants. He just should not be able to form illegal cartels, like RIAA to force those copy protection rules in 99% of the market.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Eventually, that's what I did with it; it's hosted on Sourceforge because I didn't want to see it die, but I'm hardly motivated to update it, am I?
Clear, Dark Skies
For unlicensed users, just put a big nag screen with a delay (5s or 10s). For licensed users, do not put any copy protection but gives them a different registration key for each user. This key shall clearly contain their name. Tell them that they are responsible if their key is divulgated to internet. There is no burden for legitimate users, this should frighten illegal users and it is really trivial to implement.
In my experience, about one in thousand downloads will result in a payment, whether the code is Free or restricted. That means that either 999 people found they don't really need the program, or they found a patch for the protection system. So, copy protection simply doesn't work in practise and is only a nuisance for the legitimate users.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Make the program so difficult to use that the user needs to purchase a maintenance agreement in order to get help running it. You should also consider making training classes available (for a substantial fee, of course). This will provide additional revenue streams. Finally, you need to mount a FUD campaign against your competition pointing out all the bad things in their product (make some up if you have to).
This is the only copy protection that will work. Any other solution will be cracked in days (if not hours) by pirates, leaving only your legitimate customers to suffer through the protection scheme. Copy protection doesn't work. It didn't work 25 years ago and it doesn't work today. Note well that, when Microsoft's Genuine Advantage servers went down, the pirates were the only ones *not* inconvenienced.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
"And if it was even slightly more restrictive than that, what do you think people would do?"
What they're doing presently.
"Buy it, or opt for one of the better (free of charge, free software) alternatives (7zip for example?)"
Well if they were all that then people would be using them instead of Winzip in the first place?
"The WinZip authors know that by having this free to use version, people will download their version which gives them free advertising and keeps up their market share."
Market share is useless if no one's paying you for it. I think you ment mind share.
"This means that when someone decides to spend money, they most likely will go with WinZip."
Spending money on a free version? Perish the thought.
"It's the same way Microsoft works. They know a lot of the pirates, if stopped completely from using windows for free would not buy it. They would use something else."
Different dynamics there. I doubt the OP is a monopoly.
---
Heh. My captcha is "uncaught".
I do not mind some copy protection. While it can be broken, and pirates will crack your software no matter what you do, I must agree with earlier posts that say that this will probably be a limited amount of your audience. I think the key thing is while I do not care if people profit from their software, you should think about not making the price so high that it invites piracy. This can be difficult if the software is highly specialized to a small corner of the market.
I hate the idea of phoning home and e;icenses, which once again, can be cracked. In this case you are punishing legit customers. And, OMG, what if you do not have an always on internet connection? I have seen these, these are absolutely annoying, the software pops up every few minutes, demanding to phone home, and you have to dial in. OMG, that is SO annoying. And the elicense thing is flawed too. We actually had this problem had an issue with someone who looks like they stole our serial number (or some hacker used a keygen or something), and so we just bought licenses for this software two days ago, and we cannot install a single product becuase its saying the code is already in use. We are having all kinds of problems with their tech support, where they have tried calling us thieves and everything else.
Oh, and what happens if you have a harddrive crash, and have to reinstall the software, and did not get to check in your old elicense before you lost all data on your harddrive?
No, phoning home and elicenses are evil. Do not use them, you only end up punishing legit customers and not hurting the piraters at all
You should definitly have something that would make it more irritating for pirates, but no to any degree where legit users get into any more hassle.
:D
One idea could be something like (if access to internet is available)
- User installs software and enters his license-key that was issued to him, and only him.
- Software updates are done from within the software and uses the license-key to validate that he is allowed to download any updates.
- If 2 machines registers then disable them both from receiving updates and display some message about this.
One way to check for this could be to check if any other machine tries to fetch an update without their id has been validated.
- For security i would recommend you to use some proven encryption for generating the keys to get away from people writing their own key-gens
- For software updates to customers without network access to their production-systems have a page that requires registration and a valid registration-key.
If a web-page would be available then you could have an automatic key-reset function for companies also where they will be required to write a valid response to
the reset. (this should NEVER happen if they did not do anything out of the ordinary)
And always keep in mind, keep things in the clear and trust the customers.. Maybe even have a good documentation on how the license-check works so they know what do to.
And you will never get rid of 'pirates' since they will just crack the software from contacting the update server, and disable the key-check. Better will be to keep the paying customers happy and the pirates unhappy by not allowing them to get updates.
I have seen a quite cool copyright-protection that works quite well if done correctly. It was some type of external binary blob that the application itself loaded/reloaded to many different checks on anything from checksums to the date on the system.. And it would have been next to impossible to get around this since it was so intertwined into the rest of the code and all it required was to update the 'binary-blob' once every month..
Quite secure, and don't create any big load on the customer.. But i would suggest not to use anything less than 6 months between the blobs, and those should be delivered via the automatic-software updates.
And yes, I'm a anonymous coward for this post since i don't want to get hated for putting these ideas out there..
The best way is to provide software maintenance to your users and have them log in to a web page to download it.
To download new versions etc. they will have to pay you annually and don't have to explicitly decide on whether an upgrade is worth the money. You then might as well skip the entire license activation thing.
As a system administrator I tend to like the idea to be able to provide people with the newest versions of software without the entire license hassle.
New versions tend to fix a lot of problems, so I'm not keen on supporting old software. Also I do not support any unlicensed software, so the barrier is very high for people to use it.
When software vendors make it easy for me to support their software for my users I will be more than happy to sign the bill when it arrives. On the other hand if the software we already payed for inflicts a lot of license pain on me, I will actively encourage the user to stop using it or switch to an alternative of a different vendor.
If you insist on using some kind of activation thing, just issue a license file and tell the user where to put it.
BTW, always make it possible for users to pay for your software by -paper invoice- / bank transfer. Very few employees have access to the company credit card!
Just do this:
1. Register the name, company and address and other info (IP, MAC? etc0
2. Display this licensee information every time the program boots up.
3. Write a standard EULA that allows use on 1 CPU
If someone wants to pirate the SW, they will just have to live with the Owners name and company. You will get no corporate piracy. Only limited individual distribution.
don't cut it off www.mgmbill.org
"See, that's because you are unreasonable. Most people will gladly pay a fair price for a good product"
Wow! A website full of unreasonable products.
"It's when we have to pay exorbitant prices for buggy products that we get upset and go to your competitor. "
Except they're having the same problem.
"And when you throw in "get treated like a thief", that just about guarantees that we'll rush to your competitor."
Yeah, sure. Much like Saddams "human shields". You're not being treated "like a thief". It's just that the thieves will not stand up and take it "like a thief".
"I would also like a pizza delivered by a dozen naked supermodels (if only to make my neighbor green with envy), but I'd expect to pay quite a lot for that service."
Until it becomes available on Pirate Bay. Then all bets are off.
I have a big problem with Software that requires that you 'phone home' to install/activate it, etc. The problem is that, unless the software *is* an online service, I should be able to install and use it even if, for example, *you* have gone out of business. The problem with 'phone home' activation server technology is it leaves your customer's up a creek if the activation server is not available. Maybe it's a temporary outage due to a natural disaster, like earthquake, hurricane, or fires. Maybe it's a power-grid failure (blackouts/brownouts) that takes your data center off the net. Maybe somebody cuts your data center's data-line, taking it off the Internet.
Maybe the customer is trying to use your software somewhere where they can't get Internet access, like a military user in Afghanistan or Iraq, or somewhere in Africa (yes, I know there are plenty of places in Africa that *do* have internet connectivity, but there are also plenty that don't), or even just somewhere extremely remote and rural in North America.
Activation schemes that require both the customer and your company to be online at the time of installation means you could leave some people now, or in the future, unable to install the software they legitimately purchased.
So what's the lesson here? That the majority are selfish and would rather do something that would benefit themselves over doing something that would benefit others? Conflicts with too many people's self-image.The sad thing is that otherwise intelligent people don't realize you can't build a society upon a purely selfish population, and that's were humanities headed. Half selfish? Sure. Completely altruistic? Definitely. But a population were the predators outnumber the prey soon goes extinct.
Contact a competent IP Law attorney with experience protecting software. He will instruct you about how much protection is enough to enforce the appropriate copyright law. For example, in the U.S., you need DRM to be safe. Asking /. is like asking a virgin what's it like not being a virgin.
What those who want activist courts fear is rule by the people.
"The answers are:
* Provide them with a software key that is uniquely theirs so they have the means to protect their investment in us, not so we can attack them.
Apple does this and they took some slash-heat for it.
* Never, ever disable, restrict, or otherwise cripple a customer's product.
Except for demos.
* Provide a means so they can legitimately share our software so as to spread the word.
Or provide a link to our homepage and we do all the work.
* Price software reasonably; if the market is large, price low. If small, price higher.
There's that word. "Reasonably" should be an athlete considering all the twist and turns it's put through.
* Be valuable: Provide strong functionality. Remain valuable: Fix it, improve it, be helpful.
Well that's a given.
* If someone wants a key and can't pay for it or wants to look before they leap, just give them one. Really. Doesn't hurt a thing. People who won't or can't pay aren't going to anyway. Better they use our stuff than our competitor's; better to make them happy than annoy them; better to see to it there's no value to an underground trade, because hacked software presents a security risk to us all.
It's called a demo. It was created to address this very issue.
* Last, but not least, don't burden our customers with "agreements" or "licenses." We wrote stuff, they paid for it. Done deal. Now it's up to us to add value to the product so they'll continue to boost our positions by using our support; spreading the word, the demo, the results.
"
We're talking about business software. The very idea runs on agreements.
I didn't pay them because I had to, I paid them because I wanted them to succeed! Their products were helping me succeed, and I wanted them to continue to provide value to me, so they needed to stay in business. Paying for value received is enlightened self-interest.
Unfortunately, in the case of Red Hat, their "Enterprise 5" version has increased the registration nuisance level so much that I will probably jump ship to something that doesn't make me generate giant code number bullshit. It's a waste of my time and I won't pay people to waste my time. I'll probably go to Centos for compatibility reasons, but if I can find a vendor that works like Red Hat used to, I'll happily pay them.
Hurm? The US has some law against telling me that you're company X, using my product with license key Y?
Ok, time to move to another country.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Define your terms. Put numbers on them.
How many paying users are you willing to inconvenience, and how severely? How much do you want to discourage pirates?
Here is the blunt reality: Whatever you think you are doing to pirates will happen to legitimate, paid, users. It will. You cannot prevent this. No amount of trying to avoid it will make it not happen. It won't happen to every user, but it will happen to some.
So, first off: Pick something that will not piss people off too much when it happens to them.
I recommend polite nagware. A key component of your strategy should be letting users get the functionality they paid for until you have time to fix the problem with your copy protection; nagware resolves this.
You cannot prevent people from copying software if they really want to; what you can do is encourage them not to want to. Treating your customers like thieves won't work; treating your pirates like customers might.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
I think that pragmatically speaking it is acceptable for your product to phone home with only information that is relevant to your product (the license key and installation ID). You can then compare that to your database, and include a mode to lock functionality if a certain signal is received on the client. I see this is acceptable means of protecting your investment and hard work. I also think you should be up front with this in your license.
"Software and other 'virtual' items have *zero marginal cost of production* (unlike your clothing store example). If someone (again, who would not have bought your product anyway) 'steals' your software, you lose nothing. Zip. Nada. I'm not sure why this is so hard for people to get their heads around, but it's true."
Oh Lord! Even when you provide a clue in your own post, you miss the truth. Let me refresh your memory "It's like this - if you make something you have the cost to develop the product, then the cost to copy that product.". Marginal cost doesn't address the first cost. The selling of copies does however aka mass manufacturing aka distributing a large cost over many items equaling a low cost item per a person (sheesh! I can't believe I'm explaining economics). Also your "marginal cost" doesn't address entertainment on a physical media.
Asking the slashdot community for advice on copy protection is like asking the KKK for advice on racial harmony.
There are legitimate reasons to copy software ( use it at different machines, at different places, making backups etc.. ). If you allow that then it will be trivial for people to copy the software without permission, and if you don't allow it then you have restricted your users from doing something they normally would expect to be able to. The only way to get around this would be to have someone or something constantly monitor what users do with their software, and that would be a gross violation of privacy. Thus if you plan to respect your user's privacy you won't be able to have an effective copy prevention scheme. It really does boil down to that.
Solution? Rather than trying to make life hard for people who doesn't want to pay, add in some form of service or other cookie to advantage those who does, thus providing an incentive to go legit. If you're making a game, consider making it on-line multi player and charge people for using your servers. If you are making development software for business, include support or other goodies in the contract. Accept reality and adapt your business model.
We sell commercial software. It requires a license key.
However, our software ships with source, so it would be trivial for anyone to disable the license-key check. Basically, the purpose of the license key is to remind honest customers when it's time to renew maintenance/support.
We recognize that anyone determined to rip us off will rip us off, and we're not about to make our honest customers' lives more difficult because of a few crooks.
Phoning home if it's not prominently disclosed up front is completely unethical. So is remotely disabling software (and that might even be illegal in some circumstances.)
Lots of good comments here already, but what the heck - always room for a few more. I was a shareware vendor for many years, and now I run a small software company offering commercial products. I've dealt with this issue for a long time, so I can offer a few observations. The first thing I would say is "do what your customers expect". In some markets, people expect to have to enter a serial number, but nothing more. In other markets, people expect to use a hardware dongle with the software. If you find out what others are doing and do the same, you won't violate your customers' expectations. They will perceive you as a responsible, professional vendor, while accepting a modest amount of inconvenience. Most new software vendors tend to err on the side of too much copy protection, because they over-estimate the value of their work and they get really pissed-off at the thought of people stealing it. You should be so lucky! Cut whatever you had in mind in half, and do what must to deal with piracy later if you are fortunate enough to have your software widely copied and used. Most business and professional software users are pretty responsible about paying for the software they use. A very modest speed bump that lets them notice if they are using a non-legitimate copy is generally sufficient. In every successful company I have ever worked at, there's a clear policy that all commercial software in use must be properly licensed and paid for. Not that there isn't some unofficial copying going on, but it has to stay below the level that comes to anyone's official attention. My company is very careful to protect the value of its commercial products, but never in a way that gets beyond customer expectations. In various markets we use registration codes, timeouts, permanent personal registration of software copies, and even hardware dongles. All have their value, but it's never worth losing customers over this issue. Any legitimate customer complaints, and we would back right off and offer an acceptable alternative. That's business. Personal software is another matter. As a shareware author I always made sure that my trial versions remained useful even if never registered, and I always encouraged users to ask their support questions even if they weren't registered. Based on the support questions and the number of downloads versus paid registrations, I would estimate about a 10:1 ratio between users and paying customers. Did that make me unhappy? Not at all! Most of those unpaid users would never pay for the software anyway, but by using it they are spreading the word and helping me test and improve the product. Plus I don't mind doing a little bit to improve the world for free as long as I'm getting an adequate return on my personal time investment.
Pleasse note that all you have done with Elicense is that instead of having to unwrap the program, you simply have to impersonate Elicense. Done and done. Look up DAMN Elicense Proxy - Sometimes called DAMN Eproxy. All it does is tells your computer to use a local proxy that "automagically" was able to provide the proper E-License authorization. Auth servers somewhere around 192.168.1.1,hmm?
The crack is just as painless as the "install" was.
Therefore, man in the middle attack wins when you cannot have things 100% secure on both ends. Also, DAMN Eproxy/etc has been around since the days of the CRT programs that used it, which no longer do.
I think this is a good compromise - we can't go over our licensed limit but we can wipe/reinstall/move the client software around as much as we need. The software has enough value to us that we'd never consider trying to work around the restrictions by doing something like accessing the SQL database directly - too much of a PITA. We add more employees, we add more licenses. Easy.
Give each installed copy a registration number and deny updates with a message about "Your copy has a registration problem. See your system administrator or vendor for assistance." Also provide a "update attempt history" button which shows a log of date/time/ip addresses which have attempted updates. Let them know you're watching. Otherwise leave it fully functional with whatever updates have already been installed.
Nothing you can do will stop folks from pirating your software if that is their intention. A mild message like the above will help keep the honest people honest without causing nasty headaches.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I work for a company that sells -very- expensive software. As in 6 figures/year in licensing fees for a single installation. We use a license key that is generated as part of the build process. When customers install, they are required to contact us for a valid license key, which is then hidden in the libraries. This works well, and is reasonably non-intrusive. It does not prevent the customer from making copies, though I have an enhancement request it to hash the key with a CPU ID to require use of the install disk and re-request of a license key on an install. I asked for this, because I caught a customer installing the software on multiple machines in violation of the license.
In three years, I have NEVER had a customer even squeak about this process. However, we provide very high touch support, in sharp contrast to many companies out there.
I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
When I pay for music and cannot put it on the device of my choice it is to much. When there is a scheme that requires your company (which may go out of business) to activate it is to much When I must insert the CD/DVD to use it despite having plenty of harddrive space it is to much When it is easier for a pirate to use than me a paying customer it is to much
You've come to /., so of course you expect to hear this, but the less, the better. Whatever you write can be pirated if someone puts forth the effort. Since your target group is corporate users, you aren't likely to run into too much piracy. In the event that a corporation is going to pirate your software, there's really not much you can do to to prevent that.
For this reason, provide enough copy protection to enforce your license without trying to prevent intentional piracy (a futile effort). Do not let it regularly phone home and do not require a license daemon (Elicense or what have you). You do nothing but hurt legitimate users that way. Flag everyone when it looks like something has gone down (so that there can't be "accidental" piracy), but don't affect the day-to-day working of your software.
I don't know how many customers you'd lose with overly-annoying licensing—I really haven't been around enough to know. I do know I've seen nasty stuff with invasive license managers and have told the IT department here about software with more reasonable licenses. I do know that I've installed inferior software on my workstation because I was tired of periodic license SNAFUs. I do know that on the company machine I admin, there is some fairly old, expensive software I still use for the sole reason that the license is a piece of paper sitting in the filing cabinet.
Personally, I think zero is the proper amount of copy-protection.
A good cracked copy will have all of your stuff removed or disabled. In other words, it will be more convenient for the user. Is that the message you want to give? That copying your software gives you a better experience than buying it?
If that's an option, you should look for a solution in the opposite direction: Added value for the honest customer. Add a quick-reference sheet into the package. Free support (at least for a limited time). A good, printed manual. Stuff that makes a bought copy worth more than a cracked copy.
Assorted stuff I do sometimes: Lemuria.org
In the practical sense, the point of copy protection is to keep the honest users honest. Those properly motivated will certainly find a way around it. What you probably want is to find the sweet spot between no copy protection and pointless or too strict copy protection.
This will probably vary depending on the popularity of your software and other business concerns. For example if Winzip was to enforce their copy protection, users would just flock to WinRar or other competing applications (some freeware) who don't enforce as strictly. In Windows' case a full internet activation suite is suitable because of how big a target they are for piracy.
For small markets/developers, you'll probably only need an enforced activation key. You move into a question of diminishing returns - how much coding time vs. money you make from more complying users.
work on employee PCs it definitely won't work on servers that need to be able to reboot by themselves (and if the nag screen does not halt booting of the program than you have not accomplished anything as in many cases no-one will see it). In the same way you *MAY* get away with phone home software on a PC, but it definitely would not work on a server - especially one that may not have any direct internet access.
I would agree with previous posters that a one time installation code would be acceptable, and even perhaps one that expires over time (though that would certainly be annoying) as long as the process to upgrade is easily scriptable.
For employee PCs you might be able to get away with a call-in-on-boot type scheme as long as it uses standard protocols like http or ftp. But I would certainly understand people balking at this sort of thing.
It depends on where your software is intended to be installed.
Put together a cost/benefit analysis. How much money do pirate copies of your software cost you? Spending more than that developing a solution just isn't good business.
The tricky part of course is estimating how much piracy costs your business. You have to have some idea of how many pirate copies exist (and pirates aren't known for reporting these figures), but more than that you have to know what percentage of those users would buy your software if pirating it were not an option (again, difficult numbers to do more than guess at). Because really the mere existence of these copies costs you nothing (unless they provide access to a service for which you maintain servers, bandwidth, etc.).
It's a little bit apples to oranges, but one industry example that's interesting to look at is the restaurant industry. The old dine-and-dash definitely costs the restaurant money: they consume food which has a measurable cost in purchasing and labor for preparation. At the low end, fast-food restaurants avoid this cost by requiring the consumer to pay before receiving their food. Above that level, however, restaurants seem to rely mainly on the honour system.
At the end of the day, I personally would recommend a less is better approach because I'd estimate the kind of people who pirate your software aren't the same kind of people who buy your software. Remember that your software doesn't exist to enforce morality or punish the guilty. It exists to make money for you. You don't profit by reducing the number of pirate copies. You profit by increasing the number of legitimate copies. If the approach you take to increasing legitimate copies also increases pirate copies, keep in mind that that doesn't cost you money. If the approach you take to reducing pirate copies costs you money and ends up reducing legitimate copies, that's a lose-lose.
How about selling site licenses instead.
1. Any form of breakable anti-copy, anti-crack protection will add value to any cracked version that is eventually released. This means that even your paying customers would be well advised to actually use the potentially faster and more efficient software that lacks the protection.
2. It is not easy to determine how effective the protection will be before release into the wild. A dongle is usually presumed to be the most effective form, however the major inconvenience of such a tool will strongly encourage hackers to work on an emulation or a cracked binary, if necessary as a long term project. Requiring callback activation is another form that is so intrusive that again you are strongly encouraging it to be cracked eventually. Also the cost of such systems can be prohibitive depending on the cost per unit.
3. Some software desperately needs a form of virtually unbreakable protection in order to be viable. Complex (PC) computer games with long dev cycles are one example. Many of these games simply cannot recoup their costs at the current pricing model of $30-$60 per unit (especially with modern levels of P2P distribution), but at $100 to $200 per copy could do so without problem. Most development has simply stopped on such games in favor of simpler or more mainstream oriented games (pretty Doom clones mostly). And console development is favored by such a market since such games are both cheaper (with short dev cycles) and often have more difficult copy protection features that often require the use of a hardware mod in order to 'pirate'.
I would happily pay $200 for the release of an Arx Fatalis 2 for instance. Or a sequel-in-spirit to Planescape:Torment or an Ultima Underworld III. I realize that not everyone is willing to pay that much for such games, but consider that cutting edge graphics cards are getting around $600 per unit, whose only purpose is (generally) to play games and which will be obsolete within 1-2 years, and consider that at such high prices you could afford to lose half your customers and still make twice as much back on your investment. Although dongles do add quite a bit of cost per unit sold. It is possible that with this additional cost, plus all the additional dev costs involved in such sophisticated copy/crack protection, game developers would again not be able to recoup their costs. And even after all of this there is still no guarantee that it wouldn't be broken. Just look at Cubase to see an example of how far crackers can be willing to go at times.
Perhaps with something extremely intrusive like server or telephone activation combined with individually customized USB dongles along with random word challenges from the beautifully illustrated 300+ page leather-bound (ahem) user manual at install time. Perhaps the software would require a so called "secure computer" with a TPM on the motherboard and a TPM enabled OS in order to run. Although god knows how you could prevent the binary from being cracked to just leave out the TPM checks. Selling a long binary number for a price does not seem like it's going to get any easier.
I dislike copy protection and will nearly always download and use the cracked versions even if I have bought the legit one in order to keep the original copies in good condition (still shrink wrapped) and for the ease of use and often speed of the cracked version. However what I am talking about here is a type of software that is on its way to extinction as an indirect result of the lack of sufficiently robust anti-crack/anti-copy systems. Actually, even in the case of a $199 computer game, preventing the distribution of cracked versions is even more important than copy protection per se. Anyone who buys a $200 game is going to want to be able to back it up without worries. P2P is the primary threat to such a business model these days, not the possible sharing of copies with friends.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
You have it somewhat easy since the product isn't "fun" or targeted to home users or one man businesses. You'll have less problems with unlicensed copies in the first place.
If you must have some sort of protection, a simple word to the wise should be enough. That is, an activation key to be entered one time. If the key is missing or incorrect, simply open a dialog with a place to enter the key and a phone number (preferably toll-free) to report problems or get assistance. The program should operate normally even if the user clicks cancel. The key could be as simple as an RSA encryption of the MAC address. If you key it to MAC, the dialog should display the MAC so your support people will be able to generate the correct key.
That will be enough. Corporations are risk averse when it comes to license violations. If they cheat, they will know that any disgruntled employee might call that toll-free number to report the problem.
If your copy protection is much more bothersome than that, it will either be cracked by admins tired of getting support tickets on it or it'll get a bad reputation and a competing product will be used instead.
The advantages is an easy to maintain license agreement and if people start having problems, the network admin can investigate who's using the program and leaving it running unneccessarily. If it's an unauthorized employee, they can then deal with the issue internally while not having the threat of activation or other issues. It also ensures that they will purchase upgraded license without having to scream about use.
As part of this seat base license, sell something like a 25 seat license with that as the soft license but don't be afraid of setting a hard license check of 30. This allows for the system issues (lockups/crash/dead) while ensuring that if the company finds the product to be useful, they will be willing to purchase an upgraded license at a reasonable cost.
The main thing is to ensure that you have a useful product and that any business has an easy time managing said useful product without issues.
Mod me up/Mod me down: I wont frown as I've no crown
There are two groups of people out there today: those that will pay for your software and those that will not. There are some fence-sitters that might pay or might not depending on who gets to them first.
The people that are going to pay may try to cheat you a little on the number of machines it is installed on. This needs to be guarded against as the difference between selling 10 units or 10,000 units is quite a bit. You will find this sort of thing pretty common, even with companies that officially decry any use of pirated software. They may think they aren't really doing anything wrong until you tell them and/or make it difficult.
The people that aren't going to pay are not going to pay you no matter what you do. They will find some way of getting the software for free. Obviously, you would like to prevent that. It is probably a waste of time. They have far more resources than you do and they aren't going to give up, ever. Hope for legitimate customers that pay.
The fence sitters are difficult to identify. If your software ends up on the "OEM Software Sales" web sites this eases everone's mind - it isn't stealing when you pay for it. This would be something to avoid at all costs because it makes the fence sitter's mind up for them. If you have any kind of customer outreach you need to make it clear that the only real source for the software is to buy it from you. Buy. Not steal. I don't believe in any community there are more than 10-15% of "fence sitters". The rest fall into the two groups described above.
The comments about making the software too difficult to use without support and training is pretty funny. The people doing that aren't doing themselves, their customers, or anyone involved with software a favor. They give the whole software development community a black eye.
i have no idea about the us but i imagine they have similar laws. i study computing in britain and we are taught about the data protection act, which includes forbidding companies to keep personal records about anyone unless they have a specific reason to; for example a garage wouldnt need to know how many children you have, and so has no right to keep that information about you.
just the company name and the key would not be so bad but you (or whoever the original poster was) said key information about himself, implying personal details
Use this. --- Bloodthirsty License Agreement --- This is where the bloodthirsty license agreement is supposed to go, explaining that Interactive Easyflow is a copyrighted package licensed for use by a single person, and sternly warning you not to pirate copies of it and explaining, in detail, the gory consequences if you do. We know that you are an honest person, and are not going to go around pirating copies of Interactive Easyflow; this is just as well with us since we worked hard to perfect it and selling copies of it is our only method of making anything out of all the hard work. If, on the other hand, you are one of those few people who do go around pirating copies of software you probably aren't going to pay much attention to a license agreement, bloodthirsty or not. Just keep your doors locked and look out for the HavenTree attack shark.
With that attitude, I hope I'm not using your software. As weird as you may think this is, whether or not your software can outlive your company is a major concern when big businesses buy software. (Fortune 100 company here.) Maybe you're used to dealing with nickel-and-dime outfits, and if that's who you want your customers to be, then more power to you. Thanks, buh-bye.
Boy are you naive! Because as it is, if your software is remotely popular, pirates will crack any licensing scheme you come up with, you'll still have "10x less" sales (I'd love to see your evidence for anything remotely close to that), you'll be selling the software for the same amount of money as you do now (unless you want your competitors to undercut you in a major kind of way), and the ONLY thing you will have accomplished is that you will have spent a ton of money on a useless licensing scheme, ticked off your customers, and kept from selling software to people who care about these things.
Of course, that sounds like your goal, so congratulations, you're probably meeting it with spectacular success...
'How much copy protection is appropriate?'
Digital Watermarking with sufficient warnings and notification. Preferably something visible that identifies the owner of the software. Depending on the function of the software, you might even have it check for other copies on the local network to make sure they have unique footprints and complain if they don't (I wouldn't have it deactivate though).
Any key code, registration, activation scheme is obtrusive to the users. Watermarking is not obtrusive to a genuine user, especially if it displaying their own information. That same user isn't going to let someone else have the software in that case either.
The pirates will remove the marking, just as they would remove any other scheme you setup. You don't want to get into a battle with the pirates anyway, its a serious waste of time and resources that could be spent making new products or improving this one. It doesn't matter if a billion people pirate the software as they are a billion that wouldn't have purchased the software. If they wouldn't have purchased the software or its unlikely they would have then they are free advertising. Because the pirate copies won't have marking (pirates do the minimum to remove the protection, they won't bother with faking marking to replace it; they will probably replace the user info with a warez distributor logo) they will be easy to distinguish from legitimate copies and businesses will want no part of them.
Key information as in "enough information to identify you as you". In case of a company, that would most likely be company name and some UID number (tax number or whatever). In case of a person, most likely name and address. I don't care how many kids you have or how much you earn a month. Appearantly enough to buy my software, that's all I care about. :)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Have them enter their reg info on your website and get their license key, where you insert the users info encrypted into the software via the key such that it identifies the legal owner on startup. That can discourage legal owners from letting copies get out, without hampering the actual software operation. While pirates can patch it out, and it may be possible to register with bogus info, this is a pretty easy thing to do and does not impair users as the code does not otherwise restrict the usage of the product.
Users who do not have web access can get a license code over the phone which will input the same info--- it is often done with a combination of a license key and name information which are tied together so the license info they have will only work if they enter their name correctly into the products licensing screen. For example, the license code can contain a CRC of the customer info for example-- the customer calls in wanting to turn on the software, you have them fill out the reg info in the product itself and give you the key that *it* generates based on the entry of their name info. You then input that key to your system, validate their info and give them a license key that only works on the system that has the user info entered as they did.
I think you get the general idea. Check the web for similar schemes and fine tune it to your product, but this is probably the best way to discourage the use of casual illegal copies. The crack will likely end up being to patch the startup screen to say "Licensed to TheCrackCrew" which will advertise that it's a cracked copy on startup...
Whatever you go for, say a serial number, make it absolutely integral to the function of the program - don't bolt it on at the end. That way if something circumvents it, it's still broken. Perhaps make some controls on the main window manifest through a mathematical equasion on the serial. After that I shouldn't have to say this, but - make absolutely certain it works reliably.
I hate programs that phone home, but if you just activate it online - no - if you just REPORT its activation online so you can keep tabs on it, I would not mind OS version, IP address, program version, and a timestamp. That way the program will not break if it cannot get a license from an online source, but if lots of people start using the same serial, you will know and can trace it back to the first user with some degree of success.
The modern move (Securom, Adobe, Windows) to requiring online registration to work, and in some cases using up a finite number of activations is totally wrong. Secure, yes. Good for the user? I think most of the time it just blows up for legitamite users. True pirates will find a way around it if they want it badly enough, and it's important of course not to catch the valid users in the crossfire in the war on piracy.
Then again, also consider what you're protecting and how much effort is required. I've seen programs with nice elaborate systems that are small $20 shareware apps that probably didn't warrant that kind of defense or rather the time and effort to implement it.
Just some opinion and food for thought for you...
Copy protection (DRM by another name) doesn't "prevent most piracy".
What you want is not a software application, but a website. Run the service on your own systems, that way you can retain control over it, instead of your users. It works for countless applications.
Web services effectively end runs the freedoms advocated by the Free Software movement, and effectively eliminates the piracy problem without resorting to proprietary licensing or futile DRM or copy protection. That's why every business that still operates by resorting to user lock-in is moving to it.
I might sound a bit bitter and hostile here, but them's the facts as I see them. I also don't know if it's feasible to make your particular application a web app, but them's the breaks.
It's more expensive for you, but customize each copy, and embed a check-sum so that it won't work if the user's name is altered.
...", so they'll know that if they share it, the id of the sharer is included.
This means that if someone's copy is copied, then the copy contains that customer's id.
At start-up time, flash a brief dialog that includes the phrase "This copy licensed to
You also need to include in you contract that you have the right to cancel all further services without additional payment if the copyright is violated. (Phrase it better. IANAL.)
This exposes the customer to threat of copyright violation suit if their copy is distributed over the net. OTOH, you've got to generate each copy separately. For best security, each copy should be separately compiled, with the name and check-sum included in the main body of the code (under mild encryption, rot17 might be good enough, or rot17 & byteswap).
N.B.: This doesn't interfere with copying. It shouldn't impinge on any legal use. And it allows multiple backups. It's more trouble for YOU. (That's fair. You're the one being "paranoid".)
FWIW, I'd also be sure to include a copyright notice, and a brief statement that distribution of copies to others is prohibited. This isn't legally necessary, but it seems to be what you are after, so it would be kind to tell people how you want them to act.
I think we've pushed this "anyone can grow up to be president" thing too far.
I write software for teachers and schools on a very small scale. When I sell a copy I put the buyer's name or school name in an encrypted file with the software. The user is free to install on as many computers as he likes, but his name will appear on all printouts. This is very unobtrusive for the legitimate user. It is not perfect. I watched a vice principal white out the name of another school on all the mark printouts he posted in his classroom for a whole year. I occasionally get a call from a teacher who asks innocently how to get rid of the name of another teacher on her printouts.
For corporate customers that buy a single user license you'd want to audit them for upgrades. That is, if they want to upgrade, they need to prove to you the have the correct number of licenses. Corps tend to buy one license and use it everywhere. Aside from that, just the simple "here's my order number, give me an activation code" type of online thing would be most appropriate ihmo.
Bottom line, if hackers can just create a key generator, or even just leak a key, then your application wont sell.
If an end user can just type in a key from the internet, they will, and they know that they are safe. If they have to download a crack, i.e. an executable from someone who is already engaged in illegal hacking activity, then they will think twice before installing it on their system at work. They would be criminally liable for any loss of business to their company. Don't worry about a black screen of death: Any penalties you could implement will be removed by hackers, while chances are the hackers will deliver the real penalties for the lucky user.
Once that decision is made, it doesn't matter what protection you use. They are all utterly defenseless against hackers. As long as the protection cannot be circumvented within a few hours by a typical end users, its good enough. For example, if its just a matter of dumping the jar file, looking at the output, and writing a new "licensing class", then it probably wont get purchased by many java programmers unless its less than $50.
OTOH, your customer may force the choice upon you. One major American automotive manufacturer requires that all licensed software uses FlexLM. We have no choice to support it.
How about skipping the phone-home-to-install and going with 'authentication for updates' scheme?
Require a CD Key like most do for installs. Anything more than that becomes a headache for both the owner and the seller. it highly depends on your target audience and you have to consider that SOME piracy is a good thing. Call it advertizing and you break even. If your product is so good that 500,000 people will steal it then want updates and bug fixes...then you can add a big chunk of those as new sales.
Giving things away is not always the same as giving away profits.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
I'll just speak from personal experience here, without bringing in any of my philosophical views on DRM and copy protection.
I'm a programmer for a large software company, mostly working on various versions of a well-known encyclopedia. Piracy has been a concern of various manager-types off and on over the years. I've personally worked on three different copy protection schemes for the encyclopedia, and have experience with a fourth, a timed trial system. Each of those schemes has caused headaches for legitimate users - some did not validate correctly with certain drives, some did not work with certain systems, some simply did not work for no reason I could figure out. One, using a well-known copy protection library, failed so often that I had to write a special "unlock" program at the last minute, to be shipped on the CDs with the encyclopedia, so that our product support folks could just tell people "run this program from the CD".
At the same time, I saw no evidence that any of this did more than slightly annoy [i]real[/i] software pirates. I recall seeing a cracked version appear literally the day that our encyclopedia came out in stores.
In the end, after all of this, I'm convinced that the most effective copy protection we ever did was to simply print "Please do not make illegal copies of this disc" on our CDs.
I think the first few posters had the right idea. If you spend your time making the product fantastic instead of worrying about your mediocre product being copied, it will sell. Look at Bethesda's Oblivion. It was a fantastic product and they obviously spent a lot of time making it. What they didn't do was copy protect the PC version. You can make a straight DVD copy of the disk and it will play just as well as the original without having to use any fancy software to break the copy protection. Bethesda still sold millions and I actually own copies for both PC and PS3. As they said, spend your time making it a killer product and they will be happy to pay.
If Paypal is the only option to pay, then I'm one of them people you'll never get any money from, even if we are willing to pay.
I've donated to completely free (as in speech) programs before. One particular one had a Paypal button. I finally figured, hey, what the heck, let's try Paypal. Their web site said we could make credit card payments without setting up an actual Paypal account. I tried that. Didn't work (the web page looked broken --maybe they needed to run Javascript applets from five different domains or something). I finally contacted the author and said, "Hey, look, I want to give you money. Give me an address to mail the cheque to."
So Paypal without account didn't work, and there's no way I'm going to actually set up a Paypal account. Give them some PO Box to mail a cheque to.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
Snarky comments aside; here is your fundamental problem: There is no way to detect the legal status of a software licensing contract using software. It is not a property of the system you or programming on.
Things like WGA and license key systems are an attempt to add a property to the system that represents the legal status of the user and then try to keep that flag in sync with reality.
The only practical way we know of to keep this flag in sync with the actual users contract status is to force the user himself to keep it in sync. Usually this means manually copying a key from paper to the system when installing, re-installing, upgrading or moving the software.
There really is no hope.
Don't waste your time on it.
oh wait, i thought of a way to do it!
Just write software that nobody wants!
You believe your customers are thieves. I suggest you treat them accordingly.
Project management software? Who the heck wants project management software at home? Your target, as you say, is large-ish companies. Maybe it's different in the US (the news suggests it is), but here in NZ companies big enough to need project management software tend to have developed ethics, and will buy the software they need. They trade on their reputation, and doing illegal things tends to tarnish reputations. Don't worry about controlling, or even checking, them. Do every damn thing you can to make it easy for them, they're the ones paying you the big bucks. If you have a good product with no pain, they'll pay for it.
So do a tiered approach - small numbers of copies get individual license keys. Large customers, wanting large numbers of licenses, get "site licenses", ie no controls. It works for a lot of "corporate" software I've come across. It even worked for Microsoft - they didn't get as big as they are on the back of the mess that is Vista's activation scheme; they got big on Windows and the key code you have to enter in, along with "corporate licenses" which just install without any of that nonsense. A big IT department rolling out 327 PCs doesn't want to muck about with individual license keys, they just want it to work.
Sure, eventually a site license will leak out and become generally available. But by then you'll have upgraded your software and the old version will be out of date. Sure, there'll be cracks and bypasses and whatever, some people will be using your software without paying for it. Just figure it into the price and ignore it - it works for retail shops.
For your peace of mind, sure, implement some sort of count-up if you feel you have to, but DON'T rely on it working, DON'T disable or alter the bahaviour of your software in any way if it fails. If you piss off the big companies, you're losing your big payers. Best thing is probably ask them to count how many users they have whenever they upgrade, and sell them that many licenses. Chances are you'll have a 1-10, 10-100, 100-1000 style pricing scheme anyway, so going from 327 users to 402 users won't make any difference anyway.
Now if you were writing a game, something for the home market... *grin*
Try a different business model. Perhaps you can sell services or a server-based function?
No, I will not work for your startup
The only game that I have EVER found to not be copyable (and I have tried every method) is the old mac game called Transylvania http://en.wikipedia.org/wiki/Transylvania_(computer_game) We owned the game but as it was on a floppy disk I always wanted to make backups. Every copy I made with various copy methods (which seemed to be a successful copy) would allow you to play the game. However when you kicked the stump, (which you had to do,) you got trapped underground with no way out. I have no idea what scheme they used but it was damn good.
I absolutely refuse to use it - make it FlexLM and I'm finding a new package, even if it costs me twice the package cost in training.
Is it just my observation, or are there way too many stupid people in the world?
Really you are better off putting as little effort into it as possible. You will NOT beat the real pirates, it is too easy.
However, one thing to look at is being compensated when your license / copyright is violated. If you put some (meaning minimal) protection in, it provides enough ammo for the lawyers to do something about. Most commercial organizations have some sort of IP lawyer that will work out if infringements are worth chasing down pretty quickly.
Another important note, it should NEVER be the developers decision to put in copy protection. If the code is for your personal use, grow up, open source it. If the code is for commercial use, it is a business decision, not a technical decision, weather it is worthwhile to track down license violations
If your target audience is business customers, the simple answer here is none. And to rebut some of the other comments to the contrary, here's why: Businesses care about being legal It has been proven, time and time again, that it is cheaper for a business to have licenses for all software they use than the risk of not. Many of the major software companies recognize this, and also recognize that maintenance of a licensing system is both technically bad and bad for business. To back up this with evidence, look at software companies that don't put technical protection measures in place for business software: - Oracle - Computer Associates - Microsoft (This is a special case. Business customers get one key that always works, and that is only there because they sell the software in other markets). Now, here's what you do to help keep people honest and take care of your bottom line: - Make sure that your program installs and uninstalls itself correctly (I don't care what platforms you use), and make sure that your platform knows about it. There are lots of software solutions out there that let companies track what software is installed. If you make yourself visible to those solutions, then the IT department at that company will thank you, even if not vocally. - Occasionally look at how big some of your customers are, and periodically ask a couple of them to do software audits for you. You, of course, need to make sure that the right to ask for such an audit is in your EULA. - If a customer doesn't have enough licenses, ask them to settle up with you. Give them a discount, something to make settling up a relatively inexpensive operation. - If a customer refuses to settle up, hire a lawyer. Remember, at the end of the day, it is up to your customers to abide by your licensing terms. If they don't, they are breaking the law. That means little to a guy at home who isn't aware of the issues, but businesses of any meaningful size do care. Also, to go to some other comments noted here, make sure your software is the best. If businesses are stealing it, it's more than likely because there isn't enough value in the software for them to pay for it.
None? Is that not even an option?
There's also a review of the book (non-free)
If your product phones home, I will download a crack. Doesn't matter if it is at work where I paid for it or for my home copy that I use 5 times a year. I won't be inconvenienced by copy protection. If it gets in my way I go around it. I bought Half Life 2 and yet played the cracked version. Next time I won't bother buying it, I won't go through that crap again with them.
You must get lots of practice missing points. I'd tell you what you must be, but I'd get modded down.
I don't like entering activation codes and I do not allow software to call in. This kind of behavior is a large part of why I'm converting my work place to open source. It's time consuming to have to deal with these issues on a daily basis and when you have dozens of workstations spread out through several locations and each runs several applications that use these techniques you do end up dealing with it on a frequent basis. Being limited by the number of seat licenses we have is also a concern. Our expensive enterprise software just cut the number of licenses we had in half during the last upgrade because of a change in the publishers policy - a fact they didn't tell us until after we made the upgrade. So now we're developing our own front-end that will let multiple users share a license since they won't need to stay logged in when they aren't directly using the server.
If you use copy protection schemes then most likely I won't use your software which means I won't buy your software. The best copy protection is to offer excellent service and manuals. That gives me a reason to give you money on an on-going basis.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I wrote a small app for a niche market and sold it with an activation key. To activate, you entered the order number, customer number, number of seats sold, and the key (which was a relatively simple hash of the first three). You could install as many copies as you wanted. The software broadcasted its licence over the local LAN as the payload of a custom layer-2 packet and listened on the LAN for that same packet type. If the number of distinct MAC addresses with the same licence exceeded the number of seats sold, you got a dunning message when you started and exited the program as well as when you tried to open or save file.
The code to do this was trivial on the Sun pizza-boxes it ran on. It was damn near impossible to implement on a Windows box due to the variances in the dozens of primitive IP stacks of the time, which is why I never ported the app to a Gatesian OS.
The license check was unobtrusive, used nearly no bandwidth, and didn't pose a risk to security or privacy since it neither phoned home (an idea that was really quite infeasable since widespread access to the internet wasn't in vogue at the time). It let the IT admins manage their licencing their own way, and if they wanted to invest the time to crack the hashing algorithm, well those were the sorts of folks who wouldn't pay anyway.
I would suggest just barely enough copy protection so that someone just giving a copy to their million best friends won't work.
I don't suggest trying to get in an arms race with the pirates. However, I have seen lots of shareware and commercial software used FAR beyond the liscence terms, by a mixture of clueless users and people who will find a way to not to pay if they dont have to. So, in due fairness to you, I can't advise you to have NO copy protection.
Personally, I don't see any easy way to do it; If you have to give the user the key, and they have the software, then you have trouble stopping them from giving both to all their friends. But you were asking for how much, rather than how-to, so I'll leave you with the above opinion.
I know this is not an easy message to take to the business people but "Change your business model"
If your model is based on selling someone a particular sequence of 1's and 0's (aka: software), you're as dead as the record industry.
No matter what you do, at some point that sequence is copyable.
You can make it up in enterprise level customer support, consulting, maintenance, backend storage, features not possible on the client. Things that cannot be copied.
I think the reason the old SW model is *so* attractive is that it's *so* easy. Write a program, sell copies at negligible cost, offer effectively no support with a license that says the software doesn't even have to work and you have fat margins.
Like all fat margin markets, their time passes. SW has passed.
A nice model is to release a "light" version for free (or minimal cost), a "pro" version for more, with support for more and a simple serial number tied to an online password that allows the person access to support/updates.
Price the SW reasonably and pick a good feature set for it and the market works fine. Free markets actually move to remove fat from the system. People tend to forget that.
People who will steal in that situation were never going to buy it anyway. Spending all your time addressing the edge case is foolish.
Here's what I'd do..
Each person who buys the program downloads a *customized* download. It has their name, company name and address EMBEDDED in the program. No serial #'s, etc.. just a download that will install cleanly; but, with the contact info of the purchaser nicely embedded in the program. Look, no piracy.
vBulletin does something similar with their product BTW...
A CD-key. And a big blank rectangle on the disc where your customers can write it down with a Sharpie if they choose.
(Don't print "Write your CD key in this space!" though or you'll be responsible a lot of clueless users' scratched discs.)
Decent pricing. Obvious sticker-rape breeds piracy out of spite.
That's it.
No. Matter. What. D.R.M. You. Use. There. WILL. Be. A. Crack.
Pirates who want it will get your software. PERIOD.
Customers will get your software after they have paid you for it. Don't abuse them. Please.
Oh, one more thing! Please think about the font you'll use for your CD-Key as well. Codes like 0O1l2Z5S are rough on squint-eyed people like myself.
It is imperative that the business understand security so they can make educated decisions and know how to measure it to determine if security is meeting their needs. After all, this is their product that they make money from and they should know their options and how to measure the success of those decisions. Otherwise, they are making a decision in a vacuum and that wastes money. There should be business value associated with every feature in an app because there is cost associated to implementing the feature.
...is NONE. I've been involved with PC's since the days of the Commodore PET and the Apple ][. Everything that came with copy protection was cracked easily. And it still is. My advice is to address the REASON for the piracy in the first place:
* High pricing
Price the product fairly and people will buy it. Give volume discounts for 5+ copies and people will pay for it.
Make it EASY to download and pay for. No bullshit license codes to enter. Sell me a license code if you want, but don't make me key it into the software before using it.
And I absolutely won't use software that forces me to "activate", "authenticate", or futz around with license daemons or hardware keys...
Just trust the users and take care of them. Forget about the piracy - you can't stop it anyway, so the only thing you can compete on is customer service. Those who are licensed, get customer service. Those that don't, can self-support.
That's the long and the short of it...
Look at MySQL's model. They license under GPL. They *trust* you to pay up when
use use their product significantly.
Saves everyone a giant headache.
Well, very nicely, thank you.
Don't bother coming here.
That is, if it bothers you.
We're doing just great without you.
Thanks.
Thanks fyngyrz for the excellent post whcih is now printed and taped to my wall. :)
To add something where little addition is necessary. There are those few apps that perform some trivial yet necessary role in the office. They often get copied past the number of licenses not so much to save money as to expedient things. The combination of a limited number of uses unless a key is entered combined with a reasonable price to purchase a new key, seems to be the most successful.
If the price is low enough people will buy a new key rather then ask for the original to be re-sent. The price of a new key simply has to be more attractive then the hassle of finding the receipt from the original purchase. IMHO anything less then $100 fits that category for most businesses, and less the $50 for most individuals.
Do you have a name for your product? How about a marketing strategy? Superbowl ad?
If your software calls home it will not be in any company with professional Systems Administrators.
The moment I notice your product is calling home I would uninstall it and demand a refund.
Look, you can screw the little guy that can't use Google (how many of those are left?) but with companies that are serious about security, any unknown shenanigans going on in the background, no matter the reason, will be met with firm rejection and may mean you losing business.
In other words, as an IT person administering hundreds of computers: please, don't even try.
IANAL but write like a drunk one.
You cannot stop software piracy, but you can add enough barriers to deter casual piracy as well as make it time consuming to maintain cracks for your titles. The first step is choosing a licensing system. You can do it yourself or acquire it, but make sure what ever system you deploy it contains a tamper proof license format. Without it, the first cracker to reverse engineer your software will create a key generator that any non-tech savy person can use to obtain your software illegally. Tamper proofing can be achieved via a system using digital signature of the license file. The next thing you will need is software protection technology, its purpose is to deter reverse engineering and tampering of your binaries. Without this the cracker would simply create a patch for any licensing/activation scheme you come up with by bypassing functions in assembly code. Some software protection solutions having been intrusive (i.e., Sony, Microsoft SSP), but there are others out there in the market that don't break customer environments.
Provide the software as a web service, subsidise it with adsense and have a subscriber model. It works for Google, people can't pirate Google, can they? ;)
"I hope you like Guinness, Sir. I find it a refreshing substitute for, er... food." Col. Jack O'Neil, SG-1
Standard agreement with us for high-value software from a vendor is that they place source code, manuals, etc into legal escrow. We have an agreement that if they go bust then we get the code - then we at least have a fighting chance of either fixing it ourselves or paying an external specialist to support it from that point onwards. This is really common...