Where does an application store "I'm deactivated" on Windows?

Question

Applications often have registration keys. It can arguably be placed in a file or in the registry. Sometimes, an application is deactivated by entry of another key, or the passing of a date, etc. Where can one safely store such information about an application be deactivated? A file isn't the answer; a backup copy can be restored to defeat this. The registry is a weak answer, only because most people don't know its there, and don't think to restore it, and if they do they restore the whole thing which usually has other discouraging side effects.

It seems to me that storing deactivation information is hopelessly unsafe, as old copies can always be restored. At best one can hide this data by obfuscation under cryptically named files or registry keys.

Is there a standard trick I don't know, or a standard scheme supported by Windows, that helps with this problem?

Round 2: I've seen a number of answers. None of them specifically say "you can't do this" but several imply that phoning home is the only good choice (for "deactivation").

Let's assume phoning home and dongles are NOT the answer, and one has to leave something on the machine. What do typical licensing schemes actually do in this case?

Answer 1

Ya,you could encrypt things,that's what they do!.Check the net for various licensing schemes.Even microsoft has one...Microsoft Software Licensing and Protection

You can use the Microsoft Cryptographic API to develop you code.Plus obscure you assemblies or dlls.Force user activation.

Answer 2

All protection schemes are vulnerable to some type of attack. Encryption of information does help prevent attacks because the information is stored in an obfuscated way, but even this isn't unbreakable.

Another possible option is to store the actual activation state information remotely and leave a reference to this information on the machine, possibly encrypted. There are many ways to do this but one that comes to mind is to store a GUID of some kind that you could then look up in your database

One downfall of this is the requirement of an internet connection, I don't know if that is prohibitive or not but the general idea is to remove the activation state from a machine you don't control and put it on one that you do

Answer 3

In contrast to the IPhone and other closed environments on an open platform like windows/linux you always run a very high risk that the protection is easily circumventable (local serial protection) or will be cracked by reversing and patching your code. Virtually every modern single player game has this problem. Additionally it is very hard to find a solution that does not annoy the user too much. We all remember the Sony-CD-Rootkit disaster and in the game industry its the always the newest DVD-protection that doesn't work on all drives the way its supposed to. But what can you do? You can try the usual serial, call-home option and ban certain serials in newer updates (Adobe, FlashFXP, Windows). If you have a very low consumer base, this probably is enough for you. If - for whatever reason - that is not an option, what about an USB-Dongle that is needed to use your software. Heard of quite some CAD-programs using this. One last thing you can look into, what about watermarking your application? If it shows up on certain p2p networks you will maybe be able to see where the leak is. Basically nothing will give you a 100% guarantee, but there are options to make it more difficult for the average user... Please keep in mind that most of your money should be spend on creating a great product not in buying mostly useless protection!

Answer 4

Here is a short but pretty good overview of different options.

http://www.developer-resource.com/how-to-protect-software.htm

Answer 5

Create and sign a license file on a server. If you use public key cryptography, the license file can't be faked easily. Your application can be of course cracked to not need the license, but that's a different thing.