An alternative to Product Activation



Firstly, let's agree that whatever security system Codegear employs, it will
be cracked; and cracked versions of their software will be available to
download.

Let's also agree that Codegear is unlikely to abandon their policy of
requiring some sort of anti-piracy mechanism.

So I wonder if we could have a *constructive* debate, generating suggestions
for an anti-piracy system which meets Codegear's needs AND that we could
live with. After all, that's much more helpful than just moaning and
complaining, isn't it?

Lots of people (including myself) object to on-line activation, for all the
reasons given in previous threads. I don't propose to go over that again.

Similarly, hardware dongles have gone out of fashion due to costs and
logistical problems (especially when the software itself is downloaded).
Also, OS changes can render them inoperative. Furthermore, if a dongle
should fail at some time in the future, the software would be rendered
unuseable. I don't expect hardware dongles will be regarded as a serious
option by Codegear.

In the '90s Microsoft used a "registration code" which was printed on the CD
case. As I understand it, the code was checked for validity using some
secret algorithm. I don't think it was associated with any particular copy
of the software, so a valid code could be used on any copy of the software
you came across. Interestingly, I recall that typing a string of '1's met
the registration algorithm!

The biggest shortcoming of this system, I would say, is that any valid
registration number could be used on any copy of the software, making piracy
a simple matter of publicising a working registration number.

My suggestion is to tie the registration number to a particular copy of the
software. This would require downloaded software to be, in effect, 'built
on demand', although I propose this would only apply to a small part:
probably the installer or some sort of "signature file". Either the user
could provide a username and password at the point of purchase, which is
somehow embedded into the installer prior to download, or Codegear would
generate them for you (probably the better solution). Each time it was run,
the installer would require you to enter the username and password (which
must match the embedded ones) before the software could be installed. The
user would be responsible for keeping their username and password safe
against loss.

To pirate this software would require sending out a copy of the downloaded
software itself, plus the associated unique username and password. This
would be a very deliberate act of piracy and would probably deter any casual
theft. As no further on-line activation would be required at any time, a
system like this would suit me fine (and, I think, my employer).

I realise this security system could be circumvented simply by doing what
I've described in the previous paragraph. But let me remind you that
D2007's product activation was itself cracked within a few days of release!
So we will never end up with a bullet-proof system.

Software sold on CD/DVD is more difficult, because the system I've described
would require each disk to be different (with its own, unique, embedded
username and password). I imagine this would be impractical, but don't
really know.

I'm no expert, as you will have noticed! Can anyone suggest solutions that
would keep Codegear happy AND its customers?

Steve


.



Relevant Pages

  • Re: An alternative to Product Activation
    ... dongles will be regarded as a serious option by Codegear. ... Either the user could provide a username and password at the ... which is somehow embedded into the installer prior ... to download, or Codegear would generate them for you (probably the ...
    (borland.public.delphi.non-technical)
  • Re: D2007 Trial & Update Pack 1 ???
    ... Not sure what CodeGear will do. ... If you download the C++Builder Trial, then enter a serial number for ... that the Delphi trial will eventually point to the same installer. ... CodeGear C++ QA Engineer ...
    (borland.public.delphi.non-technical)
  • Re: Deploy an ASP Application
    ... I don't see anywhere to enter my username and password. ... Attempting download of new URL ... >> You don't have to have FrontPage installed on your machine. ... >> functionality for publishing to a FrontPage enabled server is built into ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How do I stop "To begin, click user name screen" appearing?
    ... NEW Embedded system W/Linux. ... >>> I have recently downloaded a program which insisted I also download ... >>> the Passport software to function properly. ... >> a screen will popup and you can fill in the username and password you ...
    (microsoft.public.windowsxp.newusers)
  • Re: wget for downloading scientific papers
    ... I would like to download scientific papers by using the program ... Scientific papers are usually protected via usernames and password. ... Have you read the wget manpage? ... I don't know the username and the password. ...
    (comp.unix.shell)