How do I copy protect software?
September 19, 2005 7:08 AM Subscribe
What is the best way to copy protect my software with the minimum of hassle for the users, but maximizing revenue for me?
I'm one of the small software writers, and make my living off shareware. Piracy is a fact of life, and it does not much bother me, seeing that I also have some pirated software on my PC.
A short while after releasing my software, it came up on the different crack sites. I'm sure that a lot of people, though they have money to buy the software, go out and download a copy. I'd like a system where the users would prefer to buy the software instead of pirating it. How do I go about it?
I'm one of the small software writers, and make my living off shareware. Piracy is a fact of life, and it does not much bother me, seeing that I also have some pirated software on my PC.
A short while after releasing my software, it came up on the different crack sites. I'm sure that a lot of people, though they have money to buy the software, go out and download a copy. I'd like a system where the users would prefer to buy the software instead of pirating it. How do I go about it?
Or a USB hardware dongle, such as a Rainbow Sentinel or EVE3. Might cut into your revenue to buy the hardware, but you'll cut down on a lot of piracy.
posted by Rothko at 7:26 AM on September 19, 2005
posted by Rothko at 7:26 AM on September 19, 2005
Assuming you're pricing under $50, I agree with odinsdream. Implement a simple serial number / cryptokey system coupled with a reasonable price and easy, instant online purchases. As a shareware customer I've had good luck with shareit. Yes, someone will probably crack your system and give away keys, but unless your software is massively popular many of your users will register.
My impression is network based registration is still expensive to implement and not available to small shareware. I'd be interested to be wrong about this, though.
posted by Nelson at 7:42 AM on September 19, 2005
My impression is network based registration is still expensive to implement and not available to small shareware. I'd be interested to be wrong about this, though.
posted by Nelson at 7:42 AM on September 19, 2005
I prefer/make efforts to buy software which
a) I use plenty (I rarely buy software for 4-5 uses)
b) I enjoy using
c) is easy to buy/register
d) is priced reasonably and sounds friendly
e) allows me a demo period to test it
But ask yourself: "Why do I sometimes buy the software I could have just pirated?". If you can evoke the same happy altruism in your users which persuades you to shell out then you have an answer.
Inventive ways of forcing people to pay is a different scenario altogether. Indeed, the two ideas may be completely at odds. Remember HalfLife 2 activation.
posted by NinjaPirate at 7:44 AM on September 19, 2005
a) I use plenty (I rarely buy software for 4-5 uses)
b) I enjoy using
c) is easy to buy/register
d) is priced reasonably and sounds friendly
e) allows me a demo period to test it
But ask yourself: "Why do I sometimes buy the software I could have just pirated?". If you can evoke the same happy altruism in your users which persuades you to shell out then you have an answer.
Inventive ways of forcing people to pay is a different scenario altogether. Indeed, the two ideas may be completely at odds. Remember HalfLife 2 activation.
posted by NinjaPirate at 7:44 AM on September 19, 2005
Don't bother with the dongle approach. Robocop 3 on the Amiga had one and it was cracked days before the official release.
In short, they just modified the function you call to check the dongle and made it always return with the value to indicate it was there and all was well.
Net result was a cracked version of the application and an expensive dongle.
posted by ralawrence at 7:58 AM on September 19, 2005
In short, they just modified the function you call to check the dongle and made it always return with the value to indicate it was there and all was well.
Net result was a cracked version of the application and an expensive dongle.
posted by ralawrence at 7:58 AM on September 19, 2005
Or a USB hardware dongle, such as a Rainbow Sentinel or EVE3. Might cut into your revenue to buy the hardware, but you'll cut down on a lot of piracy.
Er, no. There's about 85 billion pirated copies of 3D Studio MAX out there that will readily attest otherwise. Also, speaking as someone who actually bought and paid for his copy, those dongles can be a hassle (they break, easily get lost, the drivers don't work properly with new versions of Windows, etc.)
Network-based registration is also (generally) useless - how many billions of pirated copies of every Adobe product and Windows XP are floating around out there? That said, as far as hassle-free piracy prevention goes, this is probably the best route, unfortunately.
I'm not sure if this applies to your situation, but the gaming industry has been dealing with these issues for a long time now, and has come up with exactly one real, effective answer: games as services rather than products.
One account, one credit card number, the overwhelming bulk of the critical functionality on the server side. It's really the only anti-piracy measure that has ever stood up to the test of time - at least until the playerbase goes and writes their own server software.
There was an excellent slashdot comment I read about six months back by someone who claimed to do copy protection cracking that explained in a fair amount of detail exactly how one could go about making his life hell. A quick glance through a Google search on 'Slashdot' "inline functions" 'polymorphism' isn't turning up the relevent comment, though, which is a shame because I think it would be more useful for you than most of the responses you'll get here. I'll dig a little further because I'd also be interested in turning up that comment.
posted by Ryvar at 7:59 AM on September 19, 2005
Er, no. There's about 85 billion pirated copies of 3D Studio MAX out there that will readily attest otherwise. Also, speaking as someone who actually bought and paid for his copy, those dongles can be a hassle (they break, easily get lost, the drivers don't work properly with new versions of Windows, etc.)
Network-based registration is also (generally) useless - how many billions of pirated copies of every Adobe product and Windows XP are floating around out there? That said, as far as hassle-free piracy prevention goes, this is probably the best route, unfortunately.
I'm not sure if this applies to your situation, but the gaming industry has been dealing with these issues for a long time now, and has come up with exactly one real, effective answer: games as services rather than products.
One account, one credit card number, the overwhelming bulk of the critical functionality on the server side. It's really the only anti-piracy measure that has ever stood up to the test of time - at least until the playerbase goes and writes their own server software.
There was an excellent slashdot comment I read about six months back by someone who claimed to do copy protection cracking that explained in a fair amount of detail exactly how one could go about making his life hell. A quick glance through a Google search on 'Slashdot' "inline functions" 'polymorphism' isn't turning up the relevent comment, though, which is a shame because I think it would be more useful for you than most of the responses you'll get here. I'll dig a little further because I'd also be interested in turning up that comment.
posted by Ryvar at 7:59 AM on September 19, 2005
No dongles. I'd much rather buy software if I can just give my CC # and get a serial from your website than wait for it to ship.
posted by maledictory at 8:24 AM on September 19, 2005
posted by maledictory at 8:24 AM on September 19, 2005
Yeah, regarding dongles -- if you make the legitimate copy less convenient to use than the illegitimate copy, you're giving users an incentive to just get the illegitimate one.
posted by Zed_Lopez at 8:34 AM on September 19, 2005
posted by Zed_Lopez at 8:34 AM on September 19, 2005
...and needing to leave a cd in the tray counts as a dongle. Even for games I buy, I use the no-cd cracks whenever I can.
I suppose you might try a modified nagware system like winedt uses. But really, all of the copy protection schemes I've ever seen suck, and annoy me (the customer).
posted by ROU_Xenophobe at 8:49 AM on September 19, 2005
I suppose you might try a modified nagware system like winedt uses. But really, all of the copy protection schemes I've ever seen suck, and annoy me (the customer).
posted by ROU_Xenophobe at 8:49 AM on September 19, 2005
More copy protection = more challenge to crack it = more prestige for doing so = more people trying their hands at it.
This is exactly how one piece of software that I know is extremely unpopular (as in nobody else here has probably heard of it) ended up cracked, over and over.
If you do plan to do it, consider NOT putting "bombs" in it to ruin cracked copies. The people running cracked copies are NOT going to tell the world they are, and they will just say "This shitty software did X to my computer / blew up / crashed / whatever". That means bad word of mouth for your software and resulting fewer sales.
Stick with the tried and true Key-Based registration. Easy and doesn't drive your users insane (although it is a little pointless, IMHO).
posted by shepd at 8:58 AM on September 19, 2005
This is exactly how one piece of software that I know is extremely unpopular (as in nobody else here has probably heard of it) ended up cracked, over and over.
If you do plan to do it, consider NOT putting "bombs" in it to ruin cracked copies. The people running cracked copies are NOT going to tell the world they are, and they will just say "This shitty software did X to my computer / blew up / crashed / whatever". That means bad word of mouth for your software and resulting fewer sales.
Stick with the tried and true Key-Based registration. Easy and doesn't drive your users insane (although it is a little pointless, IMHO).
posted by shepd at 8:58 AM on September 19, 2005
anything can be cracked. There's even classic classic cracks, for example, like 3DSR3 (in the dos days) that took a little longer than others, so much so that the feat was bragged about in the loader.
that said, your software IS going to be pirated (if it's really niche, or if it's on the mac side, it may take a little longer). Just look at it as a matter of fact. i can't think of one application that has gone uncracked, except possibly VERY VERY small apps that no one ever uses. (hell, I recall that even an obsure oberheim matrix 1000 patch editor that i wanted to check out was eventually cracked, though it did take about six months).
I would go with a challenge/response authorization. This is because it adds a LITTLE bit extra to the protection that will stop joe blow user from calling up his buddy and being "hey, do you have a serial number for this" -- because joe will need a key maker. It is definitely more of a bitch than a serial though, but there may be a turnkey system you can buy (although chances are good that the turnkey system has already been cracked, so pirates wouldn't even have to bother to make a release for your app).
Beyond that, however, I don't see how you can make it more difficult to crack without inconveniencing your users.
You shouldn't look at all piracy as a lost sale, however -- unless your app is a crucial tool and the best in its class (in which case you'll have plenty of legit sales) the vast majority of people who download a cracked copy will probably install it, run it once, go "humm. that might be handy later" and then promptly lose it somewhere on DVD. I don't know of a lot of folks whose thought process is " I'm gonna see if there's a crack, and if not, I'm gonna buy it." Usually folks think "well, if I can't find a crack for this one, I'll use this other one" Whereas the folks who are gonna buy it never think anything but "huh, guess I'll buy this. Reasonable price".
posted by fishfucker at 9:09 AM on September 19, 2005
that said, your software IS going to be pirated (if it's really niche, or if it's on the mac side, it may take a little longer). Just look at it as a matter of fact. i can't think of one application that has gone uncracked, except possibly VERY VERY small apps that no one ever uses. (hell, I recall that even an obsure oberheim matrix 1000 patch editor that i wanted to check out was eventually cracked, though it did take about six months).
I would go with a challenge/response authorization. This is because it adds a LITTLE bit extra to the protection that will stop joe blow user from calling up his buddy and being "hey, do you have a serial number for this" -- because joe will need a key maker. It is definitely more of a bitch than a serial though, but there may be a turnkey system you can buy (although chances are good that the turnkey system has already been cracked, so pirates wouldn't even have to bother to make a release for your app).
Beyond that, however, I don't see how you can make it more difficult to crack without inconveniencing your users.
You shouldn't look at all piracy as a lost sale, however -- unless your app is a crucial tool and the best in its class (in which case you'll have plenty of legit sales) the vast majority of people who download a cracked copy will probably install it, run it once, go "humm. that might be handy later" and then promptly lose it somewhere on DVD. I don't know of a lot of folks whose thought process is " I'm gonna see if there's a crack, and if not, I'm gonna buy it." Usually folks think "well, if I can't find a crack for this one, I'll use this other one" Whereas the folks who are gonna buy it never think anything but "huh, guess I'll buy this. Reasonable price".
posted by fishfucker at 9:09 AM on September 19, 2005
No matter what you do, the pirates are going to pirate your software if you want. So don't be fooled by any method that claims to be immune to being subverted. And don't get worked up because a keygen appears on a site, because that will happen regardless of what you do.
Copy protection is only there to keep honest people honest. Those that want to copy your software will. So in that vein, your copy protection should be something that is as unobtrusive as possible, but that still reminds honest people that they should register. As soon as you realize that your audience is potential honest customers (as opposed to hostile adversaries) then you should be able to come up with a system that works.
posted by Rhomboid at 12:01 PM on September 19, 2005
Copy protection is only there to keep honest people honest. Those that want to copy your software will. So in that vein, your copy protection should be something that is as unobtrusive as possible, but that still reminds honest people that they should register. As soon as you realize that your audience is potential honest customers (as opposed to hostile adversaries) then you should be able to come up with a system that works.
posted by Rhomboid at 12:01 PM on September 19, 2005
Sell them the software, and use their credit card number as the serial number.
They won't likely give that number away!
posted by Wild_Eep at 12:30 PM on September 19, 2005
They won't likely give that number away!
posted by Wild_Eep at 12:30 PM on September 19, 2005
Internet activation is simple to do if you have a reasonable knowledge of SOAP or some similar web calling function. Wild_eep's is a good idea, but it'd scare me away. (My credit card details would then be on my hard disk.) I'd prefer to know that I could log onto a web page with my serial number and view my account details. It'd stop me giving someone my serial number, but it wouldn't rely on holding my credit card number on my hard disk or entering my credit card into a piece of software I didn't fully trust.
posted by seanyboy at 1:12 PM on September 19, 2005
posted by seanyboy at 1:12 PM on September 19, 2005
If possible, use something besides just paypal, since people often see paypal as an obstacle to payment.
Funny, I feel the exact opposite way: Paying with PalPal means not entering my address and cc number for the umpteenth million time. Click, login, choose shipping address (or none if it's nunyabidness cuz it's a download purchase) and -go- I'm done. I'm MORE likely to buy if it's PayPal.
No doubt there's some subset of anti-Paypal crank who might be turned off but if you're not selling tinfoil hats I don't think you need to worry about them.
For me the #1 incentive to buy something is if it's at my what-the-hell threshold, which for me is $20. A good piece of software that does what I want and gives me a reasonable period of upgrades will get my $20 without a second thought. If it's very fully functional (ACDSee, Nero) I'll pay more but the time between discovery and biting the bullet is looooooong.
posted by phearlez at 2:48 PM on September 19, 2005
Funny, I feel the exact opposite way: Paying with PalPal means not entering my address and cc number for the umpteenth million time. Click, login, choose shipping address (or none if it's nunyabidness cuz it's a download purchase) and -go- I'm done. I'm MORE likely to buy if it's PayPal.
No doubt there's some subset of anti-Paypal crank who might be turned off but if you're not selling tinfoil hats I don't think you need to worry about them.
For me the #1 incentive to buy something is if it's at my what-the-hell threshold, which for me is $20. A good piece of software that does what I want and gives me a reasonable period of upgrades will get my $20 without a second thought. If it's very fully functional (ACDSee, Nero) I'll pay more but the time between discovery and biting the bullet is looooooong.
posted by phearlez at 2:48 PM on September 19, 2005
Regarding the CC #, just hash it. MD5 still has a relatively low collision frequency, and it would be fine for this. Nothing's stored anywhere, just the hash...
posted by devilsbrigade at 3:47 PM on September 19, 2005
posted by devilsbrigade at 3:47 PM on September 19, 2005
Consider copy protection as an instrument to keep honest people honest ; that's to say, a cheap lock will keep the majority of people away (keeping them honest) but of course will not deter the pros.
The time you'd waste on a very hard copy protection is much more wisely invested into doing a product that isn't
1. a minor differentiantion from other similar product (see all the FTP proggies out there it's a riot only few really are interesting)
2. "does suck donkey bawls"
and that
a. actually does something demanded for a change
b. and does it reasonably well and reliably
which will definitely attract some customer.
Hopefully if you reach some success you'll not be accused of patent infringment by patent squatters.
posted by elpapacito at 4:34 PM on September 19, 2005
The time you'd waste on a very hard copy protection is much more wisely invested into doing a product that isn't
1. a minor differentiantion from other similar product (see all the FTP proggies out there it's a riot only few really are interesting)
2. "does suck donkey bawls"
and that
a. actually does something demanded for a change
b. and does it reasonably well and reliably
which will definitely attract some customer.
Hopefully if you reach some success you'll not be accused of patent infringment by patent squatters.
posted by elpapacito at 4:34 PM on September 19, 2005
I don't know what software you make...but if possible...
You can cetainly get more money (and key - a returning revenue) if you can produce a service end to your software online.
Example that I hate:
There are some Treo chat clients/software that require you to pay a monthy returning revernue for some level of service. I pay toooo many of these.
Example I like.
A small yearly fee that gets me software updates for free, quickly and easily, using my sn as a gateway (deactivating too many uses of a given serial number).
The guy who is using the biggest PITA, and I think minimallly pirated method, is using some sort of first time registration challenge response...
It provides an ID, which you cut and past into a webpage, that generates a Serial number. I don't see his software out there pirated too often.
automaticduck.com
posted by filmgeek at 10:36 PM on September 19, 2005
You can cetainly get more money (and key - a returning revenue) if you can produce a service end to your software online.
Example that I hate:
There are some Treo chat clients/software that require you to pay a monthy returning revernue for some level of service. I pay toooo many of these.
Example I like.
A small yearly fee that gets me software updates for free, quickly and easily, using my sn as a gateway (deactivating too many uses of a given serial number).
The guy who is using the biggest PITA, and I think minimallly pirated method, is using some sort of first time registration challenge response...
It provides an ID, which you cut and past into a webpage, that generates a Serial number. I don't see his software out there pirated too often.
automaticduck.com
posted by filmgeek at 10:36 PM on September 19, 2005
Wild_Eep writes "They won't likely give that number away!"
And you'll guarentee not a single business, non-profit, educational institute, or any one but private individuals will ever buy your software.
posted by Mitheral at 8:31 PM on September 20, 2005
And you'll guarentee not a single business, non-profit, educational institute, or any one but private individuals will ever buy your software.
posted by Mitheral at 8:31 PM on September 20, 2005
This thread is closed to new comments.
posted by Rothko at 7:20 AM on September 19, 2005