views:

346

answers:

7

I'd like to put an expiration date in some software I made. Obviously

psuedocode:

if time() > xxx: exit()

All someone has to do here is set their system clock back. Anything better to do?

+9  A: 

What would be more user friendly is to keep track of the number of days a user has used your software. For example, each time your program starts up you could write a date to an encrypted file (unless the date already exists in the file). Then once there are more than, say, 30 dates in the file, let the user know it is time to buy the full version.

Justin Ethier
Products such as Beyond Compare use this scheme - great for potential customers that install your product and don't use it for 30 days only to find that the trial has expired.
Tom Leys
Good idea, +1 :-)
Ed Swangren
Delete the file and get an extension.
Martin York
You can add a hash of installation timestamp as a header in the file and compare it with installation time to prevent "delete-extension".
beermann
deletion of the encrypted date-used-storage file should cause an automatic trial end. The header file should contain some kind of signature at the top that is generated uniquely by each run of the installer, and checked against some other secret data stored at some other secret location. of course, all these things are fragile and are easily defeated by a sufficiently well equipped observer.
Warren P
A: 

The solution doesn't need to be perfect, it just has to be annoying enough to the user so he won't try to game the system.

You could calculate the aboslute value's difference and make sure that it is smaller than X days. In that way, they would need to always keep their clock within X days. Which no one would ever do forever.

Brian R. Bondy
"Which no one would ever do forever" - Don't be so sure :-). I agree with you though.
Ed Swangren
Ya, never say never; however, the annoyance of continuously adjusting your clock is pretty high.
Brian R. Bondy
+1  A: 

Work off of the create date of one of the files you install.

this gives you a non-changing date to subtract from now to get the time the program has been installed. The only problem with this is when they re-install it. The easiest way to combat this is with a registry setting.

highphilosopher
+3  A: 

Someone will always be able to defeat your system if they put enough effort into it. Joel Spolsky said something to this effect that is very accurate (words are mine):

Your software protection scheme does not have to be bullet-proof (nor can it be), it just needs to be good enough to keep the honest people honest

So, with that in mind we can think up something clever enough to keep the honest people honest as the filthy cheaters are not going to pay for your app anyway. I have never needed to do this, nor have I looked into any known methods, but I can think of a few ideas:

  1. Use a two-way hash to store the initial date and compare that to the present date. You can save the has to disk.

  2. On Windows, use the registry. Yes, this is no where near bullet-proof, but most people will not go digging through the registry to find your key (and most will not know how to anyway).

  3. Use the created date of your installation files as a reference.

Ed Swangren
+1  A: 

There's no real solution here - anything can be cracked. You could consider:

  • checking the time with an online service
  • storing the last run date and checking to make sure that it isn't after the current date
  • checking the "last modified" date on some system files.
amdfan
A: 

You can try to record the timestamps in the registry. You can encrypt the timestamps when you put them there. The question is is it worth it?

Messing with your computer clock, especially rolling it back creates all sorts of headaches. People usually do not do it, At least all the time - limited trial versions of software from Microsoft, Adobe, etc, do not try to build protection against rolling back the clock

mfeingold
+1  A: 

What is your goal here? If it's to stop all theft, good luck with that; all protection schemes will be broken eventually. If it's to keep the honest people honest, don't worry about them setting the clock back - it's enough of a hassle that nobody will do it, and those honest folk will pay up immediately.

Mark Ransom