The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Copy protection software recommendations

Does anybody have any tried and tested recommendations for commercial copy protection software.

The kind of thing I'm after is an API that does something similar to the Windows XP or Office XP software activation.

It really needs to be callable from VBA.

Samuel Jack Send private email
Wednesday, September 15, 2004
http:/// - they have a great licensing component, but it's for .NET so I don't know if you could use it for your purposes.
--Josh Send private email
Wednesday, September 15, 2004
Silicon Realms has Armadillo, and its follow-up, SoftwarePassport.  They continually update the software, and are very responsive via email.  As with all protection schemes, it was cracked in the past, but it's been a while since I've seen any generic cracks for recent versions.  It will save quite a bit of time over rolling your own system.  I don't know if it's callable from VBA, but it is from several languages - they have good examples.  I'd suggest emailing them and asking.
Aaron F Stanton Send private email
Wednesday, September 15, 2004  looks interesting.

Economical ($150-$300).

Haven't tried it.

Has anyone else?
Mr. Analogy {Shrinkwrap ISV owner} Send private email
Thursday, September 16, 2004

1. The price is reasonable
2. It has an increbily flexible API
3. Can be used from ANY language; even Windows Scripting
  - provided you create your own COM object or DLL layer to hide/encrypt your keys when using a JIT compiled scripting language
3. Support is better then average
4. I have never come accross hacked apps for it.
  Although i suspect only verticle/niche market product developers use it; Check out their brag page

1. Windows Platform Only (AFAIK)

Good Luck!
Heston T. Holtmann, B.Sc.Eng. Send private email
Friday, September 17, 2004
Has any one tried SerialShield: ?

From what I can see it looks good - it only costs 80 Euros, and it is a single dll that can be called from any language.

The only problem is that English doesn't appear to be the first language of the developers - so the documentation is a little unclear. Also the API is not consistent.

But it appears to  be better than anything I could write for myself in 80 Euros worth of time!

Comments anybody?

Samuel Jack Send private email
Friday, September 17, 2004
There's a decent book on the topic called, I think, "Crackproof your Software."

The trouble with using a commercial solution is that the crackers know them all better than you, and usually have off-the-shelf tools to defeat them. If you roll your own, it may be less secure theoretically because you don't know what you're doing, but it means than a cracker has to break out Soft-ICE and figure it out in the debugger. With some of the commercial solutions it's a simple matter of a script kiddy downloading the crack tools.
Joel Spolsky Send private email
Friday, September 17, 2004
Mr. Analogy {Shrinkwrap ISV owner} Send private email
Friday, September 17, 2004
If you google "encrypted dll" you will find some relevant stuff mixed in amongst the really puerile and scads and scads of virus lore.

Bottom line is you can't defend against those truly determined and truly intelligent with too much time and not enough healthy distractions unless you are prepared to wrestle hard. 

Some relevant reading here:
Some things I gleaned:

Off-the-shelf wrappers are regularly cracked for fun and bragging kudos. If your product is well known it will be cracked and sold or used as bait for trojans. If you try to defend your code with the simpler techniques they will be cracked and held up for ridicule (not the product, just your techniques).

Regular releases of updates can overwhelm the hackers' interest and leave them behind with last week's news allowing you to direct your efforts into sellable code rather than defensive measures. It's up to you to decide how best to go about defending your baby.
Sunday, September 19, 2004
Regular releases is the method I've been advocating for ... probably years now. If your software is too big to want to mirror, but too small to justify really shrinkwrapping it (i.e. putting it on a CD, in which case they'll release a hacked version on the major file sharing networks), it will likely slip through the cracks if you post regular updates that take into account all of the various methods that have been used by crakers in the past.

A release every few months means the cracker sites will fall out of date and their "Crack for version" will no longer work.

It's the only method I've seen that works consistently. Yes there's a window where you're playing catch up, and it requires constant dilligence, but everything gets cracked eventually, you just have to keep on top of it. Send private email
Tuesday, September 21, 2004
Does anybody know whether all or most copy protection requires the user to be logged in as Admin at install time?

SerialShield requires this, but this could be a pain for our users.

Any suggestions of software that does not require this?

Samuel Jack Send private email
Wednesday, September 22, 2004
Copy protection or no copy protection -- you need to be logged on as admin to install software, full stop. Regular users do not have write permission on C:\Program Files.
Joel Spolsky Send private email
Wednesday, September 22, 2004
We used to use Cryptkey. Our software was cracked and is available for $1 on every street corner in Vietnam. Not that it matters as anything you do will be cracked if anyone cares.

We found that Cryptkey was pretty buggy, at least when we started with it. The single seat authorization works great, but the floating network and license transfer part was a real problem.

We no longer use it since the company was aquired and we now have to use the parent companies favorite security system.
Miles Archer
Wednesday, September 22, 2004
Copy protection - any kind is waste of time in all means. If it worth something - it will be hacked. Those who try to convince you that "it's impossible with protection X" are just incompetent.
There can be only one
Thursday, September 23, 2004
Just to clarify our aims with copy protection: our clients will be just a few people in one organisation (for now). We have had problems in the past where they passed our software onto other organisations that they do business with - and we want to prevent that from happening.

In the past they have just been able to copy our files (mostly Excel worksheets with sophisticated macros) to another PC. We want to be able to lock the files to the PC they are installed on.

Also, we don't usually install to C:\Progam Files (I know this is probably not best practice) but to a directory that the user does have write access to.

Samuel Jack Send private email
Friday, September 24, 2004
The copy protection is composed by two parts, the method, or the algorithm and the key. I think that the algorithm mustbe a standard, but the key mustbe very strong (128 or 512 bits).
Urano Gonzalez Send private email
Tuesday, September 28, 2004

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz