tags:

views:

732

answers:

10
+7  Q: 

Best Shareware lock for Delphi Win32

Same intro as my last question:

I am re-writing and/or consolidating a bunch of my "app framework" classes (basic mainform, about box, locking routines & purchase linking, auto-update, datamodule initializer, etc) -- Basically, I have a number of small potential shareware apps that I'm wanting to get out the door, and want to re-use code where I can, as well as build a framework for later apps to save time.

But different question: : )

What is the best shareware lock component for Delphi Win 32 apps? (I don't mind paying for commercial if that's best).

Clarifying -- yes, best license key verification / lock + trialware component.

A: 

I've used ICE License in the past. Tool was easy to use - which is good, as the support was shocking!

None of these types of products is perfect, but, if you've decided that this is the route you want to go, you could do worse than this product.

dommer  2009-04-01 19:31:35
Thanks -- this was actually one I'd found a few years ago, but couldn't think of the name of it. Appreciate the help, and good to here it worked well. Will check it out.
Jamo  2009-04-01 20:45:37
Be warned, support for this product may be hard to obtain or nonexistant, based on responses to this question: http://stackoverflow.com/questions/2290324
Argalatyr  2010-02-18 22:03:01
+5  A: 

There is no effective way to lock down an application, period. You can make it more difficult for users to use the program without a valid license from you, at the risk of creating false negatives, which can become a PR nightmare very quickly in the Internet age.

There are two ways to go about doing this. You can create some sort of DRM lock built into the software. These take no time flat for some talented hacker to reverse-engineer. (The best tend to last about 1 month.) Or you can create a validation system that requires the program to connect to a server. These are a lot harder to crack, but tend to have serious false-negative problems, and if your server ever goes down, all your paying customers are up a creek. In the end, neither is a good solution.

Long story short, if you want to make a program that will be profitable, make it of high enough quality that people will be willing to pay for it, and market it to the people who are willing to buy software instead of steal it. There just aren't any shortcuts.

Mason Wheeler  2009-04-01 19:41:36
I know you can't beat the hackers -- basically looking for best tool to keep honest people honest, which in a full-functionality trialware marketing approach, is has been proven to be both necessary, and effective. (Don't have the reference, but I remember reading a very clear case study of it).
Jamo  2009-04-01 20:44:59
+1, regardless how often this will get asked, there is no better answer. But "s/hacker/cracker/g" please.
mghie  2009-04-01 20:46:48
Jamo  2009-04-01 20:59:50
Interesting. Link please?
Mason Wheeler  2009-04-01 21:56:44
I wish I could find it (tried can't recall a unique enough search term to grab it via Google). I'm not making it up though -- it came as a reference link on one of ny "MicroISV" RSS feeds I think. If I can find it again, I'll definitely post here. It was VERY interesting!
Jamo  2009-04-01 22:28:52
Jamo, Mason - if it's any consolation I remember reading something very similar to that and I can't find it either. I thought it might actually have been in Bob Walsh's book, but I can't see it. I have no idea where I read it, but if it comes to me I'll post the link here.
robsoft  2009-04-02 06:45:00
@Jamo, I think you're confusing the well-known study by Colin Messit, regarding the profitability of full-function, non-expiring trial (e.g. the "honor system") vs. crippling (features were missing or degraded as the trial approached or exceeded the expiration). Colin did a proper A/B split test, pretty much proving that crippling/limiting was the way to go. The Association of Shareware Professionals changed their bylaws to allow crippling, to the chagrin of "purists". And a lot of authors made a lot of money as a result.
Chris Thornton  2010-05-10 03:21:46
+2  A: 

I have used OnGuard by turbo power in several projects, but do not rely on it being the only method to protect the software. You can also use the LockBox library to encrypt data, such as a record stuffed in a database your app controls, containing license registration data that you emailed to the user and they applied via cut and paste into the about box.

The strongest way to protect things is to have a piece that the user doesn't have access to, and have your software "call home" to validate that its still valid (very DRM like). Unfortunately, this is easy for anyone to block by turning on thier software firewalls and excluding your application from using the internet. Of course DRM like systems have a bad name right now, but its partly because they are a frustration point to the end user because they work... as long as the service which validates the license is up.

skamradt  2009-04-01 23:44:35
I'd prefer to think they have a bad name because they do things which, in any other context, would be classified as illegal computer hacking, and users savvy enough to know what DRM is don't like the double standard.
Mason Wheeler  2009-04-01 23:54:21
+2  A: 

I tend to agree that aggressive DRM is really bad and annoys legitimate users, but, at the same time, an incentive to keep honest people honest isn't bad either, provided it doesn't get in the way...

Not a real component reference, but some interesting reading on protecting software:

anti-cracks tips:
Fravia's HOW TO PROTECT BETTER.
Pirate-Me-Not.

reflections on Piracy and DRM:
Piracy and Unconventional Wisdom.
Piracy & PC Gaming.

François  2009-04-02 01:23:40
A: 

Oreans has very good production products(Themida & WinLicense), and recommended more than other products.

Mohammed Nasman  2009-04-02 06:11:08
+2  A: 

Having watched others have trouble in the past with third party licence & protection software, I think there is only one viable system. First, don't spend too much time on it, just make a good product, and update it often. Second, separate the install code from the protection. This way you can change the protection at the drop of a hat, without affecting any users. This basically means you have to write your own install code system, or use one like the old Turbopower one. Then use something that will protect your decoder a little. I currently use the Oreans Code Virtualizer which is quite sufficient.

Keeping them separate gives you flexibility, and less hassle.

mj2008  2009-04-02 08:22:41
How did Code Virtualizer has fared since your reply? Are you still using it and have you found any issues to note about?
smartins  2010-02-21 10:43:28
@smartins It still just keeps on working for me. Adding the sections to encrypt is easy, and making it happen in my build script is easy. No problems!
mj2008  2010-02-21 15:49:36
A: 

I also not believe that it's worth to spend a lot of time and energy in a tecnical protection, the people who want steal your software wil doe it anyway.

Peldi Guilizzoni from Balsamiq have a nice blog post over this subject:

http://www.balsamiq.com/blog/?p=382

Anders Pedersen  2009-04-02 13:03:45
A: 

I can second the recommendation for Oreans' products. Their support is particularly good, too.

I also use Armadillo - which is ok, but I wouldn't recommend it anymore; and ASProtect, which I really wouldn't recommend at all.

stg  2009-04-02 14:29:22
A: 

I creating a "self-modifying" EXE by appending a data record to the end of my compiled application. The first thing my application did was get the machine id and the bios date from the computers memory. I would then compare these to the machine id and bios date stored in the appended data record. Seek to end... back up XX number of bytes... read to end.

This worked great. If a buddy passed on a program to a friend and it didn't recognize the machine id or bios date and reverted back to trial-ware. When they entered the key successfully I would update the appended record with that machines user information.

Then Norton started flagging my software as a virus because it was a self-modifying EXE. That put a halt to my app locking days. I haven't tried since.

Cape Cod Gunny  2009-10-25 12:27:06
A: 

I tend to prefer Armadillo from Silicon Realms (http://www.siliconrealms.com/). It has nice nice features and is integrated with Digital River/RegNow.com (being a subsidiary of them).

There are alot of Anti-Armadillo software available but custom builds a some additional prevention coded by you do magic.

Gad D Lord  2010-09-04 22:30:01

related questions

How do you implement Levenshtein distance in Delphi?
Reintroducing functions in Delphi
Does Delphi call inherited on overridden procedures if there is no explicit call
HelpInsight documentation in Delphi 2007
Is it possible to deploy a native Delphi application with ClickOnce
In Delphi 7, why can I assign a value to a const?
Best way to sort an array in delphi
What's the best Delphi book for a newbie?
Visual Studio equivalent to Delphi bookmarks
What's the idiomatic way to do async socket programming in Delphi?
64bit Memory allocation
Documenting Delphi
How to implement Type-safe COM enumerations in Delphi ?
TClientDataSet Aggregates specification aren't added automatically when creating an Aggregate field.
Multiple form Delphi applications and dialogs
Unit testing in Delphi - how are you doing it ?
How to keep track of the references to an object?
Delphi and COM: TLB and maintenance issues
Changing CURRENT save/default directory in Delphi 2007 without using Save-As
What is the best way to make a Delphi Application completely full screen ?
Are there any "mind mapping" components for Delphi? (native VCL preferably)
Delphi resources for existing .NET developer.
What is needed to get Delphi back on top?
Delphi MDI Application and the titlebar of the MDI Children
Can a windows dll retrieve its own filename?