views:

732

answers:

10

Same intro as my last question:

I am re-writing and/or consolidating a bunch of my "app framework" classes (basic mainform, about box, locking routines & purchase linking, auto-update, datamodule initializer, etc) -- Basically, I have a number of small potential shareware apps that I'm wanting to get out the door, and want to re-use code where I can, as well as build a framework for later apps to save time.

But different question: : )

What is the best shareware lock component for Delphi Win 32 apps? (I don't mind paying for commercial if that's best).

Clarifying -- yes, best license key verification / lock + trialware component.

A: 

I've used ICE License in the past. Tool was easy to use - which is good, as the support was shocking!

None of these types of products is perfect, but, if you've decided that this is the route you want to go, you could do worse than this product.

dommer
Thanks -- this was actually one I'd found a few years ago, but couldn't think of the name of it. Appreciate the help, and good to here it worked well. Will check it out.
Jamo
Be warned, support for this product may be hard to obtain or nonexistant, based on responses to this question: http://stackoverflow.com/questions/2290324
Argalatyr
+5  A: 

There is no effective way to lock down an application, period. You can make it more difficult for users to use the program without a valid license from you, at the risk of creating false negatives, which can become a PR nightmare very quickly in the Internet age.

There are two ways to go about doing this. You can create some sort of DRM lock built into the software. These take no time flat for some talented hacker to reverse-engineer. (The best tend to last about 1 month.) Or you can create a validation system that requires the program to connect to a server. These are a lot harder to crack, but tend to have serious false-negative problems, and if your server ever goes down, all your paying customers are up a creek. In the end, neither is a good solution.

Long story short, if you want to make a program that will be profitable, make it of high enough quality that people will be willing to pay for it, and market it to the people who are willing to buy software instead of steal it. There just aren't any shortcuts.

Mason Wheeler
I know you can't beat the hackers -- basically looking for best tool to keep honest people honest, which in a full-functionality trialware marketing approach, is has been proven to be both necessary, and effective. (Don't have the reference, but I remember reading a very clear case study of it).
Jamo
+1, regardless how often this will get asked, there is no better answer. But "s/hacker/cracker/g" please.
mghie
Jamo
Interesting. Link please?
Mason Wheeler
I wish I could find it (tried can't recall a unique enough search term to grab it via Google). I'm not making it up though -- it came as a reference link on one of ny "MicroISV" RSS feeds I think. If I can find it again, I'll definitely post here. It was VERY interesting!
Jamo
Jamo, Mason - if it's any consolation I remember reading something very similar to that and I can't find it either. I thought it might actually have been in Bob Walsh's book, but I can't see it. I have no idea where I read it, but if it comes to me I'll post the link here.
robsoft
@Jamo, I think you're confusing the well-known study by Colin Messit, regarding the profitability of full-function, non-expiring trial (e.g. the "honor system") vs. crippling (features were missing or degraded as the trial approached or exceeded the expiration). Colin did a proper A/B split test, pretty much proving that crippling/limiting was the way to go. The Association of Shareware Professionals changed their bylaws to allow crippling, to the chagrin of "purists". And a lot of authors made a lot of money as a result.
Chris Thornton
+2  A: 

I have used OnGuard by turbo power in several projects, but do not rely on it being the only method to protect the software. You can also use the LockBox library to encrypt data, such as a record stuffed in a database your app controls, containing license registration data that you emailed to the user and they applied via cut and paste into the about box.

The strongest way to protect things is to have a piece that the user doesn't have access to, and have your software "call home" to validate that its still valid (very DRM like). Unfortunately, this is easy for anyone to block by turning on thier software firewalls and excluding your application from using the internet. Of course DRM like systems have a bad name right now, but its partly because they are a frustration point to the end user because they work... as long as the service which validates the license is up.

skamradt
I'd prefer to think they have a bad name because they do things which, in any other context, would be classified as illegal computer hacking, and users savvy enough to know what DRM is don't like the double standard.
Mason Wheeler
+2  A: 

I tend to agree that aggressive DRM is really bad and annoys legitimate users, but, at the same time, an incentive to keep honest people honest isn't bad either, provided it doesn't get in the way...

Not a real component reference, but some interesting reading on protecting software:

anti-cracks tips:
Fravia's HOW TO PROTECT BETTER.
Pirate-Me-Not.

reflections on Piracy and DRM:
Piracy and Unconventional Wisdom.
Piracy & PC Gaming.

François
A: 

Oreans has very good production products(Themida & WinLicense), and recommended more than other products.

Mohammed Nasman
+2  A: 

Having watched others have trouble in the past with third party licence & protection software, I think there is only one viable system. First, don't spend too much time on it, just make a good product, and update it often. Second, separate the install code from the protection. This way you can change the protection at the drop of a hat, without affecting any users. This basically means you have to write your own install code system, or use one like the old Turbopower one. Then use something that will protect your decoder a little. I currently use the Oreans Code Virtualizer which is quite sufficient.

Keeping them separate gives you flexibility, and less hassle.

mj2008
How did Code Virtualizer has fared since your reply? Are you still using it and have you found any issues to note about?
smartins
@smartins It still just keeps on working for me. Adding the sections to encrypt is easy, and making it happen in my build script is easy. No problems!
mj2008
A: 

I also not believe that it's worth to spend a lot of time and energy in a tecnical protection, the people who want steal your software wil doe it anyway.

Peldi Guilizzoni from Balsamiq have a nice blog post over this subject:

http://www.balsamiq.com/blog/?p=382

Anders Pedersen
A: 

I can second the recommendation for Oreans' products. Their support is particularly good, too.

I also use Armadillo - which is ok, but I wouldn't recommend it anymore; and ASProtect, which I really wouldn't recommend at all.

stg
A: 

I creating a "self-modifying" EXE by appending a data record to the end of my compiled application. The first thing my application did was get the machine id and the bios date from the computers memory. I would then compare these to the machine id and bios date stored in the appended data record. Seek to end... back up XX number of bytes... read to end.

This worked great. If a buddy passed on a program to a friend and it didn't recognize the machine id or bios date and reverted back to trial-ware. When they entered the key successfully I would update the appended record with that machines user information.

Then Norton started flagging my software as a virus because it was a self-modifying EXE. That put a halt to my app locking days. I haven't tried since.

Cape Cod Gunny
A: 

I tend to prefer Armadillo from Silicon Realms (http://www.siliconrealms.com/). It has nice nice features and is integrated with Digital River/RegNow.com (being a subsidiary of them).

There are alot of Anti-Armadillo software available but custom builds a some additional prevention coded by you do magic.

Gad D Lord