views:

139

answers:

5

In my desktop program, I want to check that to see if the user has set his clock back.

To do so, I compare the timestamp of certain Operating System files to the current computer date. If any are after what the computer thinks is the current date, then he must have set his clock back.

For Windows XP, I have been using such files as:

c:\win386.swp
c:\windows\user.dat
and several others.

Two questions:

  1. Is this a decent way to do this, or is there something better?

  2. (Assuming the answer to 1 is "decent") What would be some good Windows Vista and Windows 7 files to compare with?


Conclusion: Priyank said something obvious that had eluded me: Rather than using any system files, the easiest and simplest way might be to just use the timestamp of your program itself. After all, the date it was installed is exactly the date you want your trial to start from.

As it turns out, your answers and my research of other related StackOverflow questions and mentioned articles has led me to decide on a much simpler scheme. My trial users already have to get a key to use the trial. I've got the date registered embedded into the key. I really don't have to check for setting the clock back. Instead I can just seee if the current time is between the date registered and the date registered plus n days.

If they want to go to the trouble of getting around that scheme, then let them. I agree that those people wouldn't pay anyway. Make your program something worthwhile that people enjoy and want to use and most will pay.

A: 

An option would be to get the date from a web service or time server. The problem here is that this only works if there is internet connection available, so this would be just a complementary method for a more safe one.

Konamiman
+2  A: 

a better way to do that IMHO would be to store the current timestamp in registry the first time your program is ran and then compare that with the current timestamp on next run and update the timestamp if everything is OK.

RageZ
I'd probably store several timestamps, and if I want to be paranoid I'd also encrypt them.
Murph
And where would you store the encryption key so your program can decrypt it and the user cannot?
Joey
If he finds the registry entries (very easy to do with registry monitor programs), then he can delete them all and the program will think its a new install. Lots of hackers do this.
lkessler
@Ikessler: I think almost any security/lock down is possible to crack so after it's more how easy you implement and how many people wouldn't try to hack it to **death**, have to be a consensus.
RageZ
RageZ
@lkessler - anyone who is that determined to hack the software is unlikey to pay anyway. You need something that will be adequately effective against typical users in your target market.
Murph
+3  A: 

Windows files will be always have earlier date, the best is to check the creation or modified date of your program with the system date. Or any time your program quit make sure to note the timestamp and compare it with the next time you start your program, and there is always NTP: http://en.wikipedia.org/wiki/Network%5FTime%5FProtocol

Priyank Bolia
RageZ
Most of the users have internet connectivity, anyway I am also proposing the other methods to compare the timestamp of files and logging the timestamp while exiting the programming and checking the same while startup. Though I don't recommend registry its easy to find and modify.
Priyank Bolia
@Priyank: that's just a remark but you are both right I would go for the NTP solution because that's the best
RageZ
@Ragez: I know. I mentioned that in the answer itself.
Konamiman
A: 

Windows provides APIs for notification of system time changes. One e.g. is the sysinfo.ocx activex control provided here.

Suraj Chandran
This will only work, if windows is running while the time is changed. If the user changes the time via BIOS or anoter OS installation he might be running, this API will not fire.
Frank Bollack
+2  A: 

This is not a direct answer, just to offer some opinion and references. Too long for me to add as comment.

If the purpose is to create a time-limited software for demo/trial use, we need to find a balance between how much you go about implementing it and the tendency for users to 'hack' pass it.

I've often tell people, if your software attracts hackers, it's probably something useful/good. No point protecting a software which no one finds useful.

Anyway, the philosophical talk aside, below are a couple good reads about this topic:

How to Implement time-limited trial on Joel's Forum
Time limited trial and Windows Certification on SO
Need Advice on Implementing a Time-limited Trial on SO

o.k.w
Good links. Thanks. +1
lkessler