Page 2 of 2

PostPosted: Tue Aug 21, 2012 1:08 pm
by dpayer
dec wrote:Hello,

If you like, remember that npUtil have an action in order to generate GUID's.


Sounds like it would be useful David.

What do you think of the idea to 'hide' info in this area of the registry that is not easy find. Do you see any potential conflicts? After all, the system does not read these values unless it is specifically requested to do so by another application, does it?

David P.

PostPosted: Tue Aug 21, 2012 3:05 pm
by Gaev
Guys:

Interesting discussion ... but if you have the NeoBookDBPro plugin ...

1) deliver a 'password protected' and 'encrypted' Access (.mdb) file with your Application

2) save all sorts of dates within it

3) for added protection, deliver your Application with some fields pre-populated (e.g. date of delivery ... so your program can check if end user has messed around with his computer's date)

4) for even more protection, save user's essential data and config/parameters in the same file ... so any attempt to replace it causes loss of data/benefit for user


Registries are so 1999 ... :P

PostPosted: Tue Aug 21, 2012 4:12 pm
by dec
dpayer wrote:
dec wrote:Hello,

If you like, remember that npUtil have an action in order to generate GUID's.


Sounds like it would be useful David.

What do you think of the idea to 'hide' info in this area of the registry that is not easy find. Do you see any potential conflicts? After all, the system does not read these values unless it is specifically requested to do so by another application, does it?

David P.


I think here the imagination need to be first. Of course you can use certain techniques like to save the date into the registry. I thinking now in save the data in various registry keys, in various places. But remember that out there exists programs that monitorize the registry for changes.

In my opinion this is a lost battle. So for this reason I think that you need to worry about your real customers and not with people that never pay for your work, maybe because don't want or whatever other reason. The problem with GUID (if any) is that you need to generate one.... since every one is unique... so you need to save this GUID... on the registry?

P.S. Gaev point us to another possible solution... :)

PostPosted: Tue Aug 21, 2012 5:17 pm
by Gaev
Whatever solution you come up with ...

1) dec makes a very important point ... not being able to stop the really determined pirate is not 'lost revenue' ... because such a person would not purchase your product in any case

2) just like the 80/20 rule of life ... if it takes X time/effort to stop 90% of the people ... it will take 2X or more to stop the next 9% ... and 10X to stop the next 0.9 %

3) don't make your anti-piracy so complex that legitimate users are falsely prevented from using your product

4) a lot of people will break into your product just for the bragging rights ... very few people who really benefit from your Application (unless it is some game) will risk using it if there is no support for it.

PostPosted: Wed Aug 22, 2012 12:24 am
by Alex
Hi,

That's true, if I spend lot of time to make a big security to stop users that don't have revenue to buy it, it doesn't make sense. The problem is, if they crack the software and put the crack on the Internet, a user with revenue can download it for free and use it. It will be easy and more faster to download the crack as to buy it.

And for the GUID code, I think that I have to store it in my code. I just hope no one has make the same.

Thanks


Alex

PostPosted: Wed Aug 22, 2012 7:33 am
by dpayer
Gaev wrote:Whatever solution you come up with ...

1) dec makes a very important point ... not being able to stop the really determined pirate is not 'lost revenue' ... because such a person would not purchase your product in any case

2) just like the 80/20 rule of life ... if it takes X time/effort to stop 90% of the people ... it will take 2X or more to stop the next 9% ... and 10X to stop the next 0.9 %

3) don't make your anti-piracy so complex that legitimate users are falsely prevented from using your product

4) a lot of people will break into your product just for the bragging rights ... very few people who really benefit from your Application (unless it is some game) will risk using it if there is no support for it.


All very good things to consider. I agree that 100% security is not feasible as there are determined people out there who want bragging rights.

I do think it important to have a system that will not simply allow someone to use a trial period continuously by saving data created with an app and then uninstalling the app and reinstalling it, thereby giving a new 30 day period. It should not be that simple to use a program continuosly.

David P

PostPosted: Wed Aug 22, 2012 8:09 am
by dec
Hello,

dpayer wrote:I do think it important to have a system that will not simply allow someone to use a trial period continuously by saving data created with an app and then uninstalling the app and reinstalling it, thereby giving a new 30 day period. It should not be that simple to use a program continuosly.

David P


In my opinion the 30 days can pursuit not only to disallow users to use the program for more time. Can be useful, for example, to maintain the program updated and to introduce new things on it. Supose that I use a 30 days trial version and then, if cannot do anyother thing, format the system and reinstall from scratch. How you can defend againts this?

On the other hand, you can consume lots of resources, efforts and work in order to, for example, prepare a complex system to "activate" your software using internet. But even this system can be cracked, just think on Microsoft Windows, Adobe and other big software corporation: all their programs are cracked, not for a trial period, but completly cracked, even if the program use some kind of "activation".

In conclusion, with a bit of imagination, you can make your system 30 days trial for "normal" users. But take care with the Gaev notes: really is needed to worry about users who never want to pay for your work? And dedicate lots of work and efforts to this users is not a contradiction? But now I think that my poor english and my "abstract" ideas don't help very much on this thread. Maybe we can found a "absolute effective" way to make a 30 days trial system...

PostPosted: Thu Aug 23, 2012 10:07 am
by CN_Iceman
Just for information...

Normally, I used to create a registry key with the data necessary to monitor the number of hits to the program and two or three hidden registry keys with names that had no resemblance to the program and also included the data necessary to control the uses of my program. Of course all the data is encrypted.

Now I use the GUID's generated by npUtil plugin from dec. Highly recommended.

Greetings.

PostPosted: Fri Aug 24, 2012 1:15 pm
by pfisterhamj
Hello,

My favourite:
to make a 30-day trial Version some software companies create special trial keys. This means that the starting date is encoded with the username into the serial number.
When you check the serial number you also get the date the serial number was created and then you can simply check the days remaining.

Another option is to work with a crypted license file. You can use dynamic keys (depending on the end users system) e.g. HD serial number or so, so encrypt is. This make it possible to save the date back and count the days or starts. If you use dynamic data that is calculated on the end-users system your publications don't have string references hard-coded and that makes it harder to attack.

NeoBook DBPro is a very good plugin but I think to work with an access database for license checking and tracking is a little bit too much.
If a database solution shoud be created then I will tend to sqlite because it's very small and portable (and I have a plugin :))

PostPosted: Fri Aug 24, 2012 2:09 pm
by dpayer
CN_Iceman wrote:Just for information...

Normally, I used to create a registry key with the data necessary to monitor the number of hits to the program and two or three hidden registry keys with names that had no resemblance to the program and also included the data necessary to control the uses of my program. Of course all the data is encrypted.

Now I use the GUID's generated by npUtil plugin from dec. Highly recommended.

Greetings.


Which section of the registry do you use?

David P

PostPosted: Fri Aug 24, 2012 2:17 pm
by CN_Iceman
HKEY_CURRENT_USER\Software

Greetings.

PostPosted: Mon Aug 27, 2012 9:41 am
by dpayer
FYI - I just found a simple way to make GUIDs within NB using a function.

http://www.neosoftware.com/forum/viewto ... 0#11207570

PostPosted: Tue Aug 28, 2012 1:58 am
by Alex
Thanks DPayer

PostPosted: Fri Aug 31, 2012 10:06 am
by dec
Hello,

For design time pourposes, I add a new utility to my npTool plugin which allow to get a new GUID string just by choose the appropiate menu item or by press the appropiate hotkey. Just for your information.