views:

317

answers:

6

Problem: Customer X is (considering) porting one of his formerly "Windows only" shareware applications to Mac OS X. One of his concerns is how to enforce the 30-day trial period and make it immune to "system rollback" software like Time Machine.

Question: What is the industry best practice for preventing the use of "system rollback" software to lengthen or otherwise modify a 30-day trial period on shareware?

DISCLAIMER: I do not consider the strategy of Customer X to be a viable one, and I don't see how people will have the incentive to rollback their whole system just to use his software for a few more days. Nevertheless, for the sake of due diligence I ask here just so I can research his question. Please consider this if you wish to down-vote merely because you (and I) may disagree or find this impractical.

+1  A: 

How much money will he spend in finding and implementing a solution? How much money will he lose by people extending their trial period? What's the ROI?

Oh wait, that wasn't the question. He wants to do something even if it costs him more than it earns.

thursdaysgeek
This is often the only way to make the pirate-paranoid suits see sense - talk about money. Saying "you can't ever really protect against this" doesn't convince them half as easily as "Any effective defense is likely to cost more than we make from this product"
Draemon
+3  A: 

Usually OS X developers use a hidden file in one of the support folders somewhere with the trial date in it. For the most part this is a good enough strategy for what he wants, I doubt anyone will do a full system restore just to pirate his application, and if they use Time Machine to restore the application bundle itself from an earlier date, it won't make any difference at all to the trial date.

Now, if he is worried about users doing a full restore or tracking down the hidden file, he could try some sort of online validation service for his trial software. Really though, those people are just going to find a cracked copy anyway, which you can't really fight even if you wanted to put the time into it.

Marc Charbonneau
+1  A: 

One method that might be viable would be to grab a few system-unique variables. I'm not sure what is available in OSX but a two examples might be: primary HD serial number, primary network adapter MAC address.

Combine the factors into a reproducible hash "phone home" (make sure you disclose this in an EULA or somesuch). You can measure how many times the user has used it and "reply" to let the app know whether to load up or not.

It's not fool-proof... But short of cracking it (which is an unavoidable issue) the end user would need fairly extreme knowledge of how the system works.

It will cost more (as you need to keep the activation server(s) up and running) and it'll be annoying for users that want to use it without an internet connection. Measure that up, add on the development costs and consider if piracy is really enough of an issue to justify the costs.

Remind your client that if they have measured illegal downloads, not every download is a lost sale.

Oli
A: 

As Oli wrote, the software could phone home with hardware serial numbers and such. There are even DRM schemes that could use TPM hardware on the machine itself. Phoning home is straightforward enough, but it has multiple flaws:

  1. There are privacy implications. Many users don't like it when software phones home, and anyone who uses dialup will notice the phoning.
  2. You have to maintain the phone-home app.
  3. People with no internet connection will be locked out unless you have a backup DRM scheme, such as a hidden file in a system folder as Marc wrote.
  4. If there is a problem with the phone home server, your customers may have difficulty using the trial app.

However, a good use of the phone home server would be to collect metrics about how the app is used, and possibly to download updates. Metrics have more privacy implications, of course.

In the end any app can be cracked. The video game vendors have anti-cheating software out there to prevent modified clients from cheating online; perhaps that technology could be used here as well. However there's still the pernicious requirement for an internet connection.

Mr. Shiny and New
+1  A: 

It's shareware, so there's some things we know.

There are people who are going to want to use your software, and are perfectly willing to pay for it. All you have to do for them is get them to try out your software, and don't make it hard to pay. (For me, Paypal is quick and easy, but mailing a check becomes a chore.)

There are people who just aren't going to pay for your software, and what they do doesn't affect you. You're probably actually a little better off if they cheat; that way, they might interest somebody who might pay you. Try to stop them from using your software if you like, but don't kid yourself into thinking this will get you a dime more.

There are people who are willing to pay you, but would prefer to use it for free. These people are who you want to worry about. You want to make it less of a problem to just pay you than to cheat. If the cost is reasonable, they aren't going to put an unreasonable amount of effort into using it anyway, so you don't need to get into overly restrictive measures. (Remember that the only people who will work hard to cheat are the ones that wouldn't pay you in any case.)

Remember also that making the protection unduly annoying is going to move people from the "could pay" to "won't pay" categories. Many contemporary examples to the contrary, I really don't think that annoying your legitimate customers is a vital part of a business plan.

There's nothing you can do, short of phoning home enough to cause lots of other problems, to prevent everybody from cracking your protection scheme, so if it's worth selling on the first place somebody will crack it, and likely put it on Pirate Bay. Don't worry about that, since there's nothing much you can do about it. Save your effort for things that will give you more profit. EDIT: Be very careful about protecting your application. You do not want the Pirate Bay version to be clearly superior to the legitimate version. You also want legit customers saying "It's great, and no problem to install" rather than "It disabled my DVD drive and impregnated my gerbil, but after that it was great to have".

Finally, I don't see the difference between Windows and MacOSX here. If I download some shareware for Windows, I keep the .zip file around, and I can uninstall and reinstall, or reset the system date. For MacOS, i can uninstall and reinstall, or reset the system date, and Time Machine can automate some of this. What's the issue here? (Remember that if you leave uninstallable bits where they can cause problems later, you're potentially annoying the cash customers.)

My recommendation would be to not worry about it too much.

David Thornley
A: 

Software to restore a system to a previous state exists for Windows and most other operating systems too. Even easier is to use VMware or something to install the trial into a virtual machine, which allows you to roll back to a previous snapshot in an instant. I always install trials into a virtual machine, not because I want to extend the trial period, but because I want to fully test the trial before I risk it on my main system.

If somebody is willing to go through the trouble of repeatedly rolling back their PC or VM just to keep using your trial version, they probably won't buy your software anyway. If you block them they'll crack your competitor's product instead.

Jan Goyvaerts