tags:

views:

570

answers:

8
+6  Q: 

Most secure way to license software

What is the best and most secure way to license software? Is there an existing program for doing so? I want to sell a script of mine, but I want to make sure that users cannot redistribute or sell it themselves (of course, if they deactivate the registration on their own computer and choose to resell, that is their choice).

The software language is VB.net.

Since I am not sure whether or not I could host a registration database of any sort, is there any way to keep licensing self-contained securely? I would like the user to be able to download the demo and be able to upgrade to the full version somehow.

Thanks for the help!

If there is not currently a software in existence to do this, how would i go about making one?

A: 

Don't bother. If a user is determined enough to resell your script, there is absolutely nothing you can do to stop them. By doing so, you limit users who may want to tweak your script for non malicious reasons.

phantombrain  2009-08-13 23:22:05
I know that, but I at the very least wish to stop people from being able to simply post copies everywhere. All it would take now for someone to redistribute my script is an email or an upload to a server.
Cyclone  2009-08-13 23:25:32
+6  A: 

Since I am not sure whether or not I could host a registration database of any sort, is there any way to keep liscensing self-contained securely?

No, there is no way to do it securely. Even if you do have a registration database, it is crackable.

Remove full version code from the demo. If you have a small amount of buyers, this lessens your chance of leakage greatly.

If you want to make copy protection, you should start reading up on it. Since you are asking about this, I can tell that it will take you a very long time to make decent copy-protection. It's best to just hire someone else to do it for you.

A .net obfuscator is probably the easiest and most effective solution for you.

Unknown  2009-08-13 23:23:10
Is there any way to do it at all then?
Cyclone  2009-08-13 23:26:08
Is there a free .net obfuscator? I cannot find the Dotfuscator download anywhere on their website...
Cyclone  2009-08-13 23:27:34
There's always a way, but ask the RIAA and DVD CCA how effective they are.
chris  2009-08-14 01:15:09
I found a good one "Phoenix Protector". It works well!
Cyclone  2009-08-28 20:17:13
@Cyclone: I find it a bit ironic that you're asking for a "free" program to do that sort of thing.
hasen j  2009-11-07 06:35:30
A: 

It's not so much an answer to the question of licensing, but if you're concerned about your potential customers decompiling your assemblies then you should look into Obfuscation.

Obfuscation is performed on your release builds and it heavily modifies the naming of classes, methods, and fields within your application. If a user tries to regenerate the source code using a tool such as Reflector they will be met with a high level of difficulty in trying to make the code compile or function.

Update: To answer Cyclone's comment: Dotfuscator is probably the best known since it's been shipping with Visual Studio since 2003 (I think; not sure if it's limited to specific VS editions). Some quick Google searches turned up a tutorial on using it in Visual Studio 2008, and also some alternative options.

STW  2009-08-13 23:26:38
Do you have any obfuscator in mind that I should use?
Cyclone  2009-08-13 23:28:23
I am using Visual Basic 2008 express, it doesnt come with it >.<
Cyclone  2009-08-14 02:11:39
A: 

with .net? Its very difficult to protect it.

Best bet is only do a trivial system and rely on peoples honesty. Make it easy and simple for those who actually buy your software.

Demo? omit code from the download.

basically, don't be too paranoid...

Keith Nicholas  2009-08-13 23:28:05
+3  A: 

If your software is desired enough and done well people will pay for it. You are always going to have a % that never will. Rather than wasting time trying to stop them, focus on improving the product.

99.9% of companies don't want to steal something and rather not change your software for there needs. They rather buy something out of the box that will work.

Keep in mind Fog Bugz from Fog Creek ships with its complete source code, and they have no problems selling there software because it is a quality product.

Quality is important, focus on that not security.

David Basarab  2009-08-13 23:28:30
Hmm, so you are basically saying that if the product is good enough and does what it says, that enough people will go ahead and actually purchase it the right way that it does not matter? Makes sense, good thing I am not charging much for this. I know that the higher the price the more likely it is that users wont want to pay.
Cyclone  2009-08-13 23:31:13
That is what I am saying. It is quality that will bring people to your product. Focus your engeries in that.
David Basarab  2009-08-13 23:32:10
That is what I am doing at the moment, it is nearly ready for sale. I just have one feature which is bugging and not doing anything at the moment, but I will have that fixed shortly
Cyclone  2009-08-13 23:38:15
The point is rather that most likely it won't make any difference. Especially if your product target audience is companies using it in commercial activity, they are much more likely to just buy a license regarding of any protection measures just so that they are legally in the clear. And if it's home users, or a company in a country where copyright is mostly toothless (Russia, China...), then it won't really matter anyway.
Pavel Minaev  2009-08-13 23:49:31
At any rate, I guess I shouldn't be TOO worried about this, you are right. If I were to want a copy of software, personally, the very last thing I would do is to go search for illegal copies. I would go and buy a license right away. This product would be great for office use, so I guess companies would probably use it as well, and they would purchase it. How much money do you think would be lost from pirated copies in one year? (in a percentage)
Cyclone  2009-08-14 02:21:36
This answer is probably correct for the US but there are still some cultures where software piracy isn't seen as stealing. Even in the UK (my home), my experience is that many quite large companies will often use more "seats" than they've paid for.
MarkJ  2009-08-21 13:07:03
+1  A: 

Generally there is no way to protect .NET software from craking it. It is too easy (especially using Reflector). So you need to perform some steps to be able to protect to some degree:

  1. Obfuscate the code (often very non-trivial task as you cannot obfuscate public interfaces exposed to reference them).
  2. If the software is a development component it can be protected using built-in .NET Licensing (by using .licx files in Visual Studio). One company the helps with this: http://www.infralution.com/
  3. User registration server (this won't protect from cracking, but will protect from "non-licensed" usage).

In any case Obfuscation is the main step as it is the only one thing that puts .NET assemblies closer to native binaries.

Dmytrii Nagirniak  2009-08-14 01:12:39
A: 

There is only one way to secure that your software doesn't get pirated and it is to make most of the logic and/or communication reside on a server. Even then, if your product is popular enough, people will try to get hands on your server software to run it privately.

Qua  2009-08-14 01:17:34
+1  A: 

Take a look at the article Developing for Software Protection and Licensing; it explains how to choose a solution, why you should obfuscate your application and gives a number of tips for structuring your code to be harder to crack.

The thing to remember is that once your application is running on another machine, there is no 100% guaranteed way to prevent execution. What you can do, if you're careful, is raise the bar sufficiently high that it's easier to purchase your software than to crack it.

Obligatory disclaimer & plug: the company I co-founded produces the OffByZero Cobalt software licensing solution for .NET, which supports VB.NET natively.

Duncan Bayne  2009-11-07 06:29:12
Looks good. Obligatory annoying question: May I have a free copy in exchange for a copy of all the paid software I have made? (mostly kidding)
Cyclone  2009-11-08 02:21:36

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?