The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Writing to Registery

I have a program that im implementing a Trial version for..

I need to write data (start date and days used) counter into the registery.  but its being written as encrypted.. so it cant symply be changed or deleted.

Just curious how secure storing the info in the registery is?


is there a program that a user can use to listed to what keys my programs writes to the registery to?

and be able to figure out where the info is being written to?  or no such thing?

how can they find out exacly where in the registery my information is being wirten by my program?
RegFreak
Tuesday, October 17, 2006
 
 
If you follow the MS standards then it should be obvious which keys your program is writing to anyway. Otherwise the free Regmon utility from Sysinternals shows exactly what's going on:

http://www.sysinternals.com/utilities/regmon.html
John Topley Send private email
Wednesday, October 18, 2006
 
 
i see.

so keeping the trail day count in the registery is pretty useless?

where can i store the trial start date...  and day count?

and license information?

Wednesday, October 18, 2006
 
 
I don't see that it matters if the location of the data is known, as long as it's encrypted and your app exits if the encrypted data isn't found. Security through obscurity doesn't work.

Anyway, this has been discussed here before, see:

http://discuss.joelonsoftware.com/default.asp?design.4.393995.7
http://discuss.joelonsoftware.com/default.asp?design.4.384011.7
John Topley Send private email
Wednesday, October 18, 2006
 
 
Well not agree with you -
remove old data - and install trial version once again - most simple and effective way in this case crack your program. In this case does not metter how well encrypted your file is. Personaly I implemented many tricks to privent hacks. However I will not share this information.
Oleg Send private email
Wednesday, October 18, 2006
 
 
+1 Oleg's security through obscurity.
BurtRiddley
Wednesday, October 18, 2006
 
 
A sufficiently sophisticated user will break your protection, period. You have to decide how much pain you're going to go through, and put your users through, to slow down those guys.

The best way to protect code is not to ship it. Can you cripple your trial somehow?

Also, look at WinZip. It's trial period effectively never ends, but the nag screen is always there. The nag screen isn't annoying enough to hack the code to take it out, but it's always there, reminding the user "you haven't paid for this thing you use every day". The author has made a small fortune thanks to that little nag screen.
Chris Tavares Send private email
Wednesday, October 18, 2006
 
 
Is it okay if my Beta Version does not have as strong of a protection as the final release versioN?

can i store it in the registery now? and later think of a better way?

I have it encrypted in the registery now so u cant really change the value.


unless maybe you delete it and reinstall the software
RegFreak
Wednesday, October 18, 2006
 
 
Basically:

a) If your users know about regmon then you´re screwed. People who know these sort of things are going to get around anything you do.

b) If not then the registry is as good a place as any, just don´t give it an obvious name.
Jimmy Jones
Thursday, October 19, 2006
 
 
I have it saved as a key in the Microsoft folder in the Local machine.  with not an abvious way


wondering if this could cause some security or restriction issues when writing to registery on users computer
Regfreak
Friday, October 20, 2006
 
 
I suppose you can encode the date in the license key, and change the license key often; so uninstalling wouldn't help (no license) and reinstalling wouldn't help either (old/expired license).
Christopher Wells Send private email
Sunday, October 22, 2006
 
 
Regfreak,

"wondering if this could cause some security or restriction issues when writing to registery on users computer"

If Microsoft ever introduces a key that matches yours, the installation of your program could completely ruin the user's machine. And you are assuming that your installer will have write permissions there.

Don't change anything in locations where you have no business of changing anything. Even if it works today, it could completely fail in the future.

Besides that if I would find your key in the Microsoft-folder, I would wonder what else you could have messed up on my machine...
Secure
Monday, October 23, 2006
 
 
so where is a safe place to store info in the registery that even limited users will have access to read and write.

?

local machine key is accessable by everyone?
RegFreak
Wednesday, October 25, 2006
 
 
First, a "RegFreak" should know that it is spelled Registry, not Registery. Getting your keywords right will give you better results in search engines.

Second, here is a starting point:

http://support.microsoft.com/kb/256986/EN/

There are some more links in it, and by searching the Microsoft site I'm sure you will find megabytes over megabytes of more info about it.
Secure
Thursday, October 26, 2006
 
 
RegFreak: "local machine key is accessable by everyone?"

No. HKEY_CURRENT_USER is accessible to the currently logged in user. HKEY_LOCAL_MACHINE and HKEY_CLASSES_ROOT requires Admin rights. HKEY_ALL_USERS requires Power User rights, IIRC.

Ken
KenW
Friday, October 27, 2006
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz