A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.
We're closed, folks!
Doug Nebeker ("Doug")
0 down vote favorite
I provide a free edition to my application (.NET), and I have to store my data into the Windows registry in a way that users can't detect where it is stored (I have to be able to load the data as well).
I'd prefer to use a tool that can provide it. Do you know such a good tool? I've already tried two tools (Cryptolicensing and Eziriz) but I'm not satisfied with the support quality provided by the vendors.
P.S. The data I have to store does not override any data. Users sign end-user agreement that allows me to store the data (it's a typical end-user license agreement [EULA]).
Are you talking about a licensing system, or simply data storage? If data storage, you could try Isolated Storage . It's not tamper proof, but for 99.9% of your users it effectively is.
Like Nicholas, I suspect you're trying to do some licensing-esque stuff. My guess is you're trying to do "unverified trials". Meaning, you're trying to start a trial by storing data to some "secret" and "untouchable" area on the user's computer so that the user can't "reset" the trial. The "unverified" part of "unverified trials" just means that you don't want to contact a 3rd-party server to start the trial.
Did I get that right?
If so, then let me be the one to burst your bubble. Unverified trials can be reset easily with relatively limited skills. (Yes, I'm aware of all the tricks to store to places that are "hidden". Spoiler alert: they're not as hidden as you think they are. Theses tricks haven't fooled anyone since the mid-90's.)
So, then, what are your options?
1. Keep using a simple unverified trial system with full knowledge that the trials can be reset.
2. Waste time building a super-secret unverified trial system that stores to "hidden" places (but can still be reset as easily as any other unverified trial system).
3. Use "verified" trials. Namely, use the "fingerprint" of the computer, contact a server and do an "activation" that includes trial data. Here's how we implement it: http://wyday.com/limelm/help/trials/#verified
Is that helpful? If you tell us what you're trying to store we'll be able to give you more useful advice.
Sunday, July 27, 2014
I like Wyatt's #1 option. So few users will bother trying to steal your software like this. And if you write to that registry value every time the app starts, those few will have to continue to reset it. Anyone willing to go to that much bother to avoid paying is probably not a customer you want anyway.
You can NEVER hide anything in the Registry. All can be tracked with Process Monitor (aka "ProcMon") and/or RegShot. It's all too easy.
Even if you think you found a good hiding place, a Registry-cleaning app like CCleaner might accidentally delete your entries, thinking they're just garbage. If this is saved data from your users and it's now lost, consider yourself sued for releasing "faulty" software.
Better to just save the data in the Registry somewhere safe (so CCleaner will leave it alone), but encrypted, so it can't easily be found and/or modified by lay users like a prefs file in %APPDATA% can.
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz