brad@looking.UUCP (Brad Templeton) (12/11/85)
A lot of myths floating about on this issue. It seems that most people just have a knee jerk reaction to this sort of thing. They see copy protection as hurting a product's utility, and that makes it bad. While it does hurt the utility, it's not black and white. I know, since we're about to release a fairly major new product and there was a big debate about what to do: 1) Far too many people copy. They think it's OK. In the case of this program, a fancy syntax-directed programming environment that's particularly good for teaching, it seems as though we are aimed at the worst groups of thieves: Hobbyists, amateur programmers and educators. Unlike Lotus, which the typical BBS style theif has little desire for, this system is eactly the kind of thing the typical software thief wants to play with... 2) The system has whole piles of on-line help. At over 300K, there's more help than manual. We go to the effort of making the program more usable without the manual, and it's going to resort in more theft. 3) As a programming-oriented system, copy protection would hurt it more than other systems. You don't have to start and stop this system all day long, but you might want to. Would be a pain to run from floppy. 4) At the low price, people may actually pay for it a bit more than usual. ------ The result? A program that will probably be stolen a great deal (like much of my other software), but at the same time a programming system in a world where no successful programming system has been copy protected. With trepidation, it's going out non-protected. But if there were a clean way to do it, such as serial numbered machines, I think we would do it in a second. ==================== The real answer is to stop thinking of software theft as a joke. You know lots of people who will admit to software theft. It will be hard, but shun these people. Treat them with the same stigma as you would other criminals who have no respect for the (in this case, intellectual) property of others. If the customer pays the price of copy protection, the customer should start doing things about it. -- Brad Templeton, Looking Glass Software Ltd. - Waterloo, Ontario 519/884-7473
demillo@uwmacc.UUCP (Rob DeMillo) (12/13/85)
I have been intimately involved in the copy protection
debate for quite some time - personally, I am against
copy protection as much as I am against theft of software.
However, there are a few things to keep in mind, and I
even beleive I have come up with a partial solution. (..and
I'd like to hear comments - positive and negative about it, since
I will probably be forced to use it at some point in the
future...)
First, as it has been pointed out numerous times: there will
always be software pirates -- copy protection or not. (Some pirates,
I suspect, even enjoy the protection schemes: more of a challange.)
The people who are the most likely to pirate software are also
the people most capable of busting a CP scheme.
Second, if your target market is big buisness, I wouldn't
even bother with copy protection. They are the clientile that
are least likely (and least capable) of piracy. They have
reputations to protect.
Thirdly, I do not - nor have I ever beleived in - the "harmless
copy protection scheme." By nature, a copy protection scheme
screws up your memory device. Sooner or later, it's gonna bite ya.
(Probably no big deal if you install the CPed software on
a floppy, but anyone who installs one of them on a hard disk
hasn't quite got all of his bits in one word -- so to speak.)
Now, the "solution" to which I would appreciate comments about,
since I have never heard it mentioned yet - but it seems to make
sense:
(a) Resign yourself to the fact that you are going
to lose sales. Period.
(b) On every disk you sell, grant the buyer the right
to make unlimited backup copies for his/her
own personal use.
(c) On EVERY distributed diskette, include (somewhere)
in the code an encrypted serial number. Keep a
record of which user has which serial number.
(d) If you find a pirated copy of your code, check
the serial number and trace it back to the
source!
(e) Prosecute to the fullest extent of the law.
This scheme has several advantages:
(a) Ease of implementation - only need good
bookkeeping to keep track of the serial #s.
(b) Not dangerous - never any worry of your
clients disks getting accidently wisked away
to the Twilight Zone.
(c) MOST IMPORTANT: respect from your clients
because you have respect for them. (And
that's what it's all about, ain't it?)
(d) Realism: no one can protect anything, anyway, no how!
Comments?
--
--- Rob DeMillo
Madison Academic Computer Center
...seismo!uwvax!uwmacc!demillo
"...I suppose you find the concept of a
robot with an artificial leg amusing?"
-- Marvin, the Paranoid Android
kucharsk@gumby.UUCP (12/13/85)
> (c) On EVERY distributed diskette, include (somewhere) > in the code an encrypted serial number. Keep a > record of which user has which serial number. > (d) If you find a pirated copy of your code, check > the serial number and trace it back to the > source! > (e) Prosecute to the fullest extent of the law. > (d) Realism: no one can protect anything, anyway, no how! > > Comments? > > > > -- > --- Rob DeMillo > Madison Academic Computer Center > ...seismo!uwvax!uwmacc!demillo Well, it is a thought, but most likely it will end up the same as any other copy-protection scheme. It's no real problem to take out the "serial number," as anyone who's ever seen a pirated copy of a Infocom game knows. Realistically, I don't think there is a way to stop piracy, as most people will never turn down "something for nothing," or a $250 applications program for the cost of a disk and a few minutes with a double drive system. The best way of reducing loss to piracy is to provide good programs at low prices. And as radical as this seems, another good way is to not protect it at all. The majority of pirates out there are in it somewhat for the prestige, and it's a lot more prestigious to say that you had to crack the copy protection and remove the serial number than to say "Oh, I just got out the diskcopy program on the master disk." Good examples of this are Beagle Brothers and Penguin software. They both sell good programs at low prices, and except for Penguin's games, UNPROTECTED. Neither seems to be floundering due to major losses from piracy, and amazingly enough, I haven't seen all that many copies of their programs floating around. Maybe these two companies have the right idea. Bill Kucharski University of Wisconsin - Madison Disclaimer: "The above opinions do not represent those of this scholastic institution, the CS dept. herein, or of the babel fish in my right ear."
chuck@eneevax.UUCP (Chuck Harris) (12/14/85)
The idea of putting serial numbers in distributed software is a good one,
however there are a few problems that you may not have thought of.
1) most commercial copying schemes rely on the bulk copying
of a master disk onto a large number of "clone" disks.
They do not use (to the best of my knowledge) a computer
to add things to each individual disk. The addition of
a serial number would require a special copying machine
that has the ability to make different copies on each disk .
2) When I leave the office at the end of the day, I do not
put my machine in a vault. Other people could gain access
to the software on my machine without my knowledge (does
this sound like your office?). The existance of a copy,
or copies, of a program with my serial number on them in
no way proves that I had anything to do with the creation
of the copies.
The idea that you could punish an owner because some copies of a program
that he purchased were found elsewhere is wrong. If the publisher of
a program wants the program's users to protect the program with such
vigor, perhaps he should include a vault with every purchase, and insist
that the program be placed in that vault when the user is not willing to
be responsible for its being stolen?
I would not purchase any program that could cause me to be prosecuted
as the result of someone stealing it from me.
To make my stand clear, I am not in favor of copy protection, or software
theft. I feel that manufacturers must accept the fact that some theft
will occur, and make use of a stolen copy undesirable. The best ways
I know of doing this are through providing: excellent customer service,
a manual worth paying for, a product that has been adequately tested,
and a price that is reasonable.
And yes, I do still believe in the tooth fairy!
Chuck Harrisbrad@looking.UUCP (Brad Templeton) (12/15/85)
In article <31@gumby.UUCP> kucharsk@gumby.UUCP writes: >> (c) On EVERY distributed diskette, include (somewhere) >> in the code an encrypted serial number. Keep a >> record of which user has which serial number. > A quick note here - this also eliminates dealer sales, since dealers can't and won't do your paperwork for you here. You'll only get people who send in their registration cards. Very few. > > > The >best way of reducing loss to piracy is to provide good programs at low prices. I have heard several people say this. Why do they say it? Is there some evidence for it? It seems to me that the better a program is, the more likely it is to be stolen. Are programs like popular games, flight simulators and other cheap products stolen less? I doubt it. Turbo Pascal is stolen a lot, and the only reason that many don't steal it is that the manual has been made deliberately hard to photocopy. >And as radical as this seems, another good way is to not protect it at all. >The majority of pirates out there are in it somewhat for the prestige, and >it's a lot more prestigious to say that you had to crack the copy protection >and remove the serial number than to say "Oh, I just got out the diskcopy >program on the master disk." But the kid pirates who steal for fun are not the main complaint on some groups of software, although they are on many of my commercial products. For a program like Lotus, it's the business where one copy zoomed around the department that caused the real damage. -- Brad Templeton, Looking Glass Software Ltd. - Waterloo, Ontario 519/884-7473
brown@nicmad.UUCP (12/16/85)
In article <1799@uwmacc.UUCP> demillo@uwmacc.UUCP (Rob DeMillo) writes: >Now, the "solution" to which I would appreciate comments about, >since I have never heard it mentioned yet - but it seems to make >sense: > > (a) Resign yourself to the fact that you are going > to lose sales. Period. Agreed. > (b) On every disk you sell, grant the buyer the right > to make unlimited backup copies for his/her > own personal use. Already permitted by law. > (c) On EVERY distributed diskette, include (somewhere) > in the code an encrypted serial number. Keep a > record of which user has which serial number. Great. So what! You have a record of where you shipped it. But you rely on the customer to send back the card. Most of us users DO NOT send back that dumb little card. End of bookkeeping. > (d) If you find a pirated copy of your code, check > the serial number and trace it back to the > source! Above note says why it won't work. > (e) Prosecute to the fullest extent of the law. Fine. > >This scheme has several advantages: > (a) Ease of implementation - only need good > bookkeeping to keep track of the serial #s. And users who will send back the cards. > (b) Not dangerous - never any worry of your > clients disks getting accidently wisked away > to the Twilight Zone. Twilight Zone only happens if 'let's kill um' code is added. > (c) MOST IMPORTANT: respect from your clients > because you have respect for them. (And > that's what it's all about, ain't it?) Now, if Lotus would do that. > (d) Realism: no one can protect anything, anyway, no how! Very true. > >Comments? What there is is types above. -- ihnp4------\ harvard-\ \ Mr. Video seismo!uwvax!nicmad!brown topaz-/ / decvax------/
broehl@watdcsu.UUCP (Bernie Roehl) (12/16/85)
>Well, it is a thought, but most likely it will end up the same as any >other copy-protection scheme. It's no real problem to take out the >"serial number," as anyone who's ever seen a pirated copy of an Infocom >game knows. Only if they know the serial number is there to begin with. Put it in several different places in the code, encrypted so it's hard to find.
demillo@uwmacc.UUCP (Rob DeMillo) (12/16/85)
> > (c) On EVERY distributed diskette, include (somewhere) > > in the code an encrypted serial number. Keep a > > record of which user has which serial number. > Great. So what! You have a record of where you shipped it. But you rely > on the customer to send back the card. Most of us users DO NOT send back that > dumb little card. End of bookkeeping. > > (d) If you find a pirated copy of your code, check > > the serial number and trace it back to the > > source! > Above note says why it won't work. > > > >This scheme has several advantages: > > (a) Ease of implementation - only need good > > bookkeeping to keep track of the serial #s. > And users who will send back the cards. > -- > > Mr. Video seismo!uwvax!nicmad!brown What are you talking about? What card? I am talking about the burden of bookkeeping being on the the company, not the consumer. You produce the diskettes on demand, and encode the serial number in the diskette. The consumer doesn't have to send back anything. -- --- Rob DeMillo Madison Academic Computer Center ...seismo!uwvax!uwmacc!demillo "...I suppose you find the concept of a robot with an artificial leg amusing?" -- Marvin, the Paranoid Android
brown@nicmad.UUCP (12/17/85)
In article <1811@uwmacc.UUCP> demillo@uwmacc.UUCP (Rob DeMillo) writes: >> > (c) On EVERY distributed diskette, include (somewhere) >> > in the code an encrypted serial number. Keep a >> > record of which user has which serial number. >> Great. So what! You have a record of where you shipped it. But you rely >> on the customer to send back the card. Most of us users DO NOT send back that >> dumb little card. End of bookkeeping. >> > (d) If you find a pirated copy of your code, check >> > the serial number and trace it back to the >> > source! >> Above note says why it won't work. >> > >> >This scheme has several advantages: >> > (a) Ease of implementation - only need good >> > bookkeeping to keep track of the serial #s. >> And users who will send back the cards. >> -- >> >> Mr. Video seismo!uwvax!nicmad!brown > >What are you talking about? What card? The little registration card that comes with most software that I have seen. >I am talking about the burden of bookkeeping being on the >the company, not the consumer. You produce the diskettes >on demand, and encode the serial number in the diskette. >The consumer doesn't have to send back anything. Yes, but in this instance, for the company to know where the software went, the user HAS to send back the registration card. If that is not done, how is the company supposed to know where their product went? The serial number on the diskette isn't going to magically appear back at the company, with the address from whence it came. -- ihnp4------\ harvard-\ \ Mr. Video seismo!uwvax!nicmad!brown topaz-/ / decvax------/
friesen@psivax.UUCP (Stanley Friesen) (12/17/85)
In article <467@looking.UUCP> brad@looking.UUCP (Brad Templeton) writes: >> >> The >>best way of reducing loss to piracy is to provide good programs at low prices. > >I have heard several people say this. Why do they say it? Is there some >evidence for it? It seems to me that the better a program is, the more >likely it is to be stolen. Are programs like popular games, flight >simulators and other cheap products stolen less? I doubt it. They may not be stolen less, but they are purchased more which is the important thing. Actually they may even be stolen less. With my current financial situation I cannot afford a program over about $60, and it sure can be a *pain* *not* having the Microsoft Assembler, or a decent DBMS. And of course I am stuck with older, buggy, versions of my programs because I cannot justify spending $50 for an upgrade(with my registered user discount no less!). So, yes *good*, *cheap* software is the real solution, because then people like me can *afford* to buy the program and there is really less temptation to steal it in order to have it at all. > >But the kid pirates who steal for fun are not the main complaint on >some groups of software, although they are on many of my commercial products. >For a program like Lotus, it's the business where one copy zoomed around the >department that caused the real damage. > Then Lotus should have provided them with a *site* license, there is *no* valid reason why a business should have to purchase a seperate copy for each and every employee! -- Sarima (Stanley Friesen) UUCP: {ttidca|ihnp4|sdcrdcf|quad1|nrcvax|bellcore|logico}!psivax!friesen ARPA: ttidca!psivax!friesen@rand-unix.arpa
arh@bdaemon.UUCP (arh) (12/17/85)
> (c) On EVERY distributed diskette, include (somewhere) > in the code an encrypted serial number. Keep a > record of which user has which serial number. If you sell only via direct means, this may be doable, even though a bit impractical. But selling through distributors and retailers will obviate this scheme (if you can get the disribution channels to buy into this, let me know how!). > (d) If you find a pirated copy of your code, check > the serial number and trace it back to the > source! How many opportunities to find stolen copies do you think you'll get in your lifetime? How much will it cost you in time and dollars? When will you get time to do any useful work? Forget it - it isn't worth the effort. I wrote a program called the Chrome Ranger in 1982, dutifully copyrighted and "execution" protected it, and sold a few thousand copies through IBM dealers. The protection, such as it was, did little to deter copying and definitely reduced sales, especially to the hard-disk crowd. I now sell the program without protection and find that it sells itself on the basis of stolen copies. Free advertising, in effect. Sure I lose some sales, but I make some that I might not otherwise, so I still come out ahead. Now I have time to write new programs instead of chasing after crooks, who are usually 14-year olds that I can't or won't prosecute anyway. Augie Hansen Omniware Denver, Colorado
desj@brahms.BERKELEY.EDU (David desJardins) (12/18/85)
In article <1974@watdcsu.UUCP> broehl@watdcsu.UUCP (Bernie Roehl) writes: >> It's no real problem to take out the >>"serial number," as anyone who's ever seen a pirated copy of an Infocom >>game knows. > >Only if they know the serial number is there to begin with. Put it in >several different places in the code, encrypted so it's hard to find. This doesn't work. All you need to do is get two copies and compare them. This is a standard practice among "hackers." --David desJardins
ugthomas@sunybcs.UUCP (Timothy Thomas) (12/22/85)
>> It's no real problem to take out the >>"serial number," as anyone who's ever seen a pirated copy of an Infocom >>game knows. > Put it in several different places in the code, encrypted so it's hard to find Even if you did this, you could get two copies of the program, and compare them byte by byte. The areas in which they differ are obviously those which contain information specific to that disk, namely the serial number. It would be a simple matter of substitutine 0's or nulls in place of those differences. There will never be an answer to the software problem, except good software at reasonable prices, like Borland. -- ____________ ____/--\____ \______ ___) ( _ ____) "Damn it Jim!, __| |____/ / `--' I'm a programmer not a Doctor!" ) `|=(- \------------' Timothy D. Thomas SUNY/Buffalo Computer Science UUCP: [decvax,dual,rocksanne,watmath,rocksvax]!sunybcs!ugthomas CSnet: ugthomas@buffalo, ARPAnet: ugthomas%buffalo@CSNET-RELAY
tim@ism780c.UUCP (Tim Smith) (12/26/85)
In article <343@bdaemon.UUCP> arh@bdaemon.UUCP (arh) writes: >> (c) On EVERY distributed diskette, include (somewhere) >> in the code an encrypted serial number. Keep a >> record of which user has which serial number. > >If you sell only via direct means, this may be doable, even >though a bit impractical. But selling through distributors >and retailers will obviate this scheme (if you can get the >disribution channels to buy into this, let me know how!). > Since the distributors are also hurt by piracy ( unless they are the pirates ... ), maybe they would be willing to keep track of who buys what. -- Tim Smith sdcrdcf!ism780c!tim || ima!ism780!tim || ihnp4!cithep!tim
ka@hropus.UUCP (ka) (12/31/85)
With respect to hiding a serial number in each program, Timothy Thomas says: > Even if you did this, you could get two copies of the program, and compare > them byte by byte. The areas in which they differ are obviously those > which contain information specific to that disk, namely the serial number. > It would be a simple matter of substitutine 0's or nulls in place of those > differences. You could encrypt the code for a few subroutines using the serial number, and decrypt these routines before they were called. If the encrypted code for these routines were replaced with 0' or nulls, the code would no longer work. Alternatively, you could require that the serial number had odd parity, and have the program crash the system (after optionally trash- ing the disk) if the serial number had even parity. >There will never be an answer to the software problem, except good software >at reasonable prices, like Borland. This is probably true. Kenneth Almquist ...!houxm!hropus!ka