tdn@cmu-cs-spice.ARPA (Thomas Newton) (01/31/85)
Claiming that copy-protection is equivalent to "buzzer-gizmos" on shirts is
patently bogus. The "buzzer-gizmos" come off after you buy a shirt, and do
not then interfere with the normal use of the shirt. Copy-protection *does*
interfere with the normal use of a piece of software, because it
(1) Prevents the user from making backups
The section of the U. S. Copyright Law that protects
software explicitly states that it is legal for the
purchaser of a piece of software to make backup and
archival copies for his/her own use.
(2) Makes it *extremely* risky for the user to customize his/
her working disk (since the working disk IS the original,
you can't afford to take chances and customize the menus,
install new DAs using some buggy utility like ResEdit or
RMover, install a RAMDisk in the system file, etc.)
How often do people want to backup and customize their Mac software? I keep
backups of all the major programs I have purchased that aren't copy-protected
(MacWrite/MacPaint, Microsoft BASIC, MacTerminal, etc.) and of the protected
programs that I have been able to backup. I have also customized several of
the programs that I normally use:
1) The version of MacTerminal on which I am typing this bboard
post has a modified version of the "standard" MacTerminal font
that I find much more readable. The MacTerminal documents which
I normally use contain resources to make the OPTION key act like
the COMMAND key, and to make the "~" character easier to type.
2) The version of MacPaint which I normally use has command keys
corresponding to *every* menu item. The most useful new keys
are the ones corresponding to the "invert" command and various
"flip" commands -- since I don't need to move the mouse out of
the drawing window to invoke them.
3) My System files contain various assortments of fonts and DAs.
If I think that installing a particular DA could be risky, I
install it on a backup of the disk, then move the changes back.
I barely tolerate copy-protection on games. I absolutely will not tolerate
it on utility/development software -- all of the people marketing protected
C compilers can forget about ever getting my money.
-- Thomas Newton
Thomas.Newton@cmu-cs-spice.ARPAjss@sjuvax.UUCP (J. Shapiro) (02/09/85)
[Aren't you hungry...?] My biggest gripe about copy protection is that it makes consolidating backups difficult. Copy protection schemes like that used by Manx software (a scratch on the disk) are ok in that even if the disk goes bad the scratch is still present, they provide *two* key disks, and they will replace a bad one free of charge. (They also set it up so that you only need the key disk at startup/reboot). I have yet to meet any scheme that Copy II Mac won't beat. My major complaint is the cost of my archive copies. I have $175 worth of disks on my desk (at $35 a box), and that is just too damn many to be screwing around trying to consolidate copy protected software (a dubious practice at best). I know computing is expensive, but why make it worse than it need be? Jon Shapiro Haverford College
gus@Shasta.ARPA (11/13/85)
> > Here are some program cracks for various Macintosh applications. > > ...etc. > > > [ Suggestions for beating copy protection schemes were here ] > > Hmmmmm. Seems to me that this kind of thing is slightly innappropriate > for the net. Besides, Sonny would never condone it. And by the way, > there is no need to 'beat' "Griffon Terminal"(sic), since it isn't copy- > protected any more. > > Scott Gillespie > Reed College > I don't see why the original article was inappropriate. True, I did expect it to cause some conmtroversy. net.anything.anything is a public forum where people can share information and help solve other people's problems. Copy protection is a problem which must be solved. Many programs are very much hampered by the mindless placement of copy protection, presumably to hamper piracy. Developers who use copy protection are only fooling themselves. Judging from experience of recent months, it will take at most one month before someone (usually Central Point Software) has defeated the protection system. Within another month, anyone who would care to have a copy of the latest Copy II Mac already has it. (Jazz lasted 2 weeks!) From then on, the copy protection no longer protects the vendor, it actually hurts him by 1) Making the program less usable 2) Generating animosity on the part of users toward the company 3) Making programs more fragile I will now take these three points individually 1) Making the program less usable. Programs are made less usable in at least three ways 1) Inability to fully use a hard disk 2) Inability for expert users to customize their environment 3) The high probability that protected programs will not be compatible with system upgrades. The current trend in Microcomputers is that more and more people are using hard disks. This problem has perhaps affected IBM PC owners much earlier than it has Macintosh owners since the XT has always had a hard as standard equipment. Developers who still insist on protecting their programs have resorted to one of four methods. 1) Not allowing hard disk use at all 2) Configuring the program for a specific configuration when the program is transfered to hard disk 3) Requiring that a "key" disk be left in the floppy drive. 4) Writing non-standard information on the hard disk itself. Choice 1 is clearly unacceptable as it defeats the entire purpose of a hard disk. Choice 2 is unacceptable because the program becomes useless when hardware is upgraded. This may not be apparent to a user (not mentioned in the documentation, or burried in fine print) until it is too late. Choice 3 is unacceptable in that it still requires use of floppies when otherwise, the system would be self-contained. This is only agravated by recent schemes which only require the key disk after 'n' invocations. A user, then, who did not originally install the program could suddenly get a weird 'please insert disk' message at any time which he did not know anything about! Choice 4 is unacceptable because other files besides the protected program also live on the hard disk. This means that any bad marks would interfere with the work of programs such as hard-disk restore and backup programs which assume that the disk is correctly formatted. (or want to make it that way!) Also, this scheme assumes direct access to a hard disk and the file system. Although this may work for IBM PC's, this, in general, will not work in a Macintosh environment where a hard disk is a separate subsystem which varies from vendor to vendor. The Macintosh environment is a rich one allowing for many variations in which individual users work with their machine. One of the most common variations is deciding what fonts and desk accessories reside on the system disk. A copy protected program makes these modifications a risky business at best since it requires that such modifications be made on the master disk. Programs such as switcher are made extremely clumsy to use when swapping between two or more copy protected programs. Programs such as RAM disks are un-usable since it is usually the applications, and not the data files that you want to place on a ram disk. Disk cache programs usually flush the entire RAM resident disk block information as soon as a disk is ejected, even if only temporarily in order to insert a key disk. While many of these problems are circumventable, they do pose a hefty inconvenience to the user. Copy protection systems often have to make assumptions about underlying hardware and system software, which would otherwise be shielded by the underlying operating system. Thus when the system is updated, many of these assumptions no longer hold true. This situation occurrs every time Apple updates the Apple II ROM's. The first programs to be incompatible are those that checksum the ROM and thus fail. This creates large inventories of un- usable software on dealers' shelves. While incompatibilities may exist for other legitimate reasons, a large number are caused by copy protection. This situation is about to occurr again as Apple is releasing the new hierarchial file system. Pat Dirks of Apple Computer spoke at the Stanford Mac Users Group Developers Subgroup meeting last Thursday (11/1) to talk about the HFS. He brought with him a list of the applications that Apple had tested for HFS compatibility. A large number of those that had failed, and certainly, the single most important reason, was copy protection. 2) Generating animosity on the part of users toward the company This is largely a subjective issue. This has largely to do with prople not buying products from a particular company simply because those products are copy protected. Certainly copy protection cannot help a software review. Most recent reviews devote at least a few sentences to the way a program is protected, and may even go into great length describing how the protection impeded their worek with the product. I am glad to have had a part in improving this situation in at least one case. The fact that the current version of the TMON debugger by TMQ software is un-protected is a direct result of a review that I posted on net.micro.mac several months ago. Strong opposition from the early alpha testers of the Reed College/Metaresearch Rascal package caused all versions after the initial release to be unprotected. Manx software has finally decided to do away with their copy protection in the next release. They also publicly announced that they would provide a patch over the phone to all current users describing how to defeat the existing system. Many companies are advertising the fact that their program is not copy protected. The list goes on and one about case studies where it is (or was) simply to the companie's dis-advantage to copy protect the software. 3) Making programs more fragile. Any reasonable manual for a major business software product suggests that you back up your data disks regularly. This is good and sound advice. They don't, however, suggest that you back up the master disk, for obvious reasons. Everyone who has been around computers for a while knows theat magnetic media (disks) can ware out or otherwise lose valuable data. Copy protected disks are subject to this same problem. Most companies have a disk replacement policy which allows you to obtain a replacement for a bad disk. This generally requires that you mail in the old disk, along with a fee, to obtain a single new backup disk. In the meantime, you have to wait until the new disk comes back. Some companies even provided an extra backup disk with the same information as the original so that you still have at least one working copy while the other is 'out for repair.' Unfortunately, hardware errors are such that when one disk becomes unusable, there is a good chance that this may occurr on another disk. This is compounded by the fact that many programs WRITE to the protected master disk. This subjects the disk to destruction due to software errors, which is a much more common problem. Finally, the "two disk" packaging is generally available for the more expensive software packages. Medium and low-cost programs generally do not have this 'feature.' There is one instance, however, where copy protection is permissable, however, and which may actually INCREASE the value of the product. This is in the case of games. Generally, games do not require back-up dtat disk, and do not make effective use of a hard disk, nor do they really need any extra utilities such as disk caches and ramdisks. The reason why copy protection is desireable in a game, however, is that when you buy a protected game, you buy two games for the price of one! The first game is the one shown on the front cover. The second is trying to break the protection system! The analogy between games, especially adventures, and protection systems goes a very long way. Copy protection has gone far beyond simply making a program un-duplicatable by normal means. Those people installing the protection system have to guard against attacks from various directions. The first is bit copy programs such as Copy II Mac. In this case, the solution is to create stranger and stranger disk formats which are not correctly interpreted by the latest version of the Central point product. The second direction of attack is simple "crack" lists like the message that prompted this reply. This is solved by requiring such 'cracks' to be extremely long by providing multiple checks and checksums in the code. The third direction comes from user who would go in and remove the copy protection themselves. This is where the true 'game' quality comes in since at this point, copy protection becomes a duel between two expert programmers: the one creating the protection system and the one removing it, just like a plyer tries to solve an adventure created by its author. In both cases, there is a guaranteed solution, but that solution may be arrived at by gathering clues, and making logical deductions to solve puzzles. In the case of an adventure, the 'solution' is carefully planned out by the author so that there are just enough clues to make the game possible to win at. In the case of protection systems, the "solution" is the path that the program takes when running from the original disk. If this did not exist, the program would never run. Both can have red harings and traps to confuse and slow down the player. In each case, it is the author's job to make the solution as difficult to arrive at as possible. No copy protection system is un-beatable. This has been born out time and time again by so-called 'uncopyable' programs. No matter how many levels of encryption there are in the code, there is always a solution. It becomes a matter of pride for someone removing a protection system to complete his work and not give up in midstream. Such system can thus only thwart the efforts of novices but not of experts. Both sides have certain advantages. While the creater has the advantage of having the full source code available to him, and knowing the state of the machine at all times, the defeater has the second law of themodynamics behind him, in that it is easier to destroy something than to create it. The defeater exploits weaknesses in the system that he might find that the creater might not have thought of. By this time this issue of copy protection has transcended all issues of piracy, which after all, which is what protection is supposed to prevent. Whatever the copy protection defeater's motives, he is certainly not going to change his mind about anything after he has defeated the protection system. Only his morals can decide that. It thus may or may not be easy to thwart the efforts of would-be pirates by both making the program un-copyable Copy II mac, and by requireing that any patch be extremely long, but is impossible to thwart the efforts of those who have set their mind to defeating a protection system. Thus, there comes a point of diminishing returns after which ANY level of protection is no longer helpful, if not detremental because of the increase in code size required to support the copy protection, the time that it takes to execute it and perhaps most important for companies involved, the hours required to create it. This may translate into several thausands of dollars or many man-hours of employee time, depending on whether the protection system is done in house or out. If the situation persists in the direction that it is going today, copy protection will become a more and more expensive proposition. It has proven easy to defeat the protection systems of programs which have used similar methods. Once one is defeated, the others become much easier, if not trivial to break. It has also proven easy to defeat systems which were applied by someone not directly involved in the creation of the program. "Drop-in" protection systems which make few assumptions about the host program are as easy to remove as a parasite which clings to its host by only a few points instead of getting inside. Companies will either decide that enough is enough and that copy protection is simply not worth all of its shortcomings, or they will simply pass the higher and higher cost of such protection to us users. Hardware protection systems that use un-copyable 'keys' which are hooked in to the computer through one of various i/o ports solve the "fragile disk" and hard disk problems by making the key uncopyable instead of the disk. All other problems still exist. Additionally, the increased cost of the key and "key ring" may make this scheme impractical for all but the most expensive software packages. So far, I have only said negative things and have provided no positive ideas. I believe that I ought to end this message with a positive suggestion; an idea which software publishers may not have thought about as an alternative to "hard" copy protection: Soft protection. I will write this idea in Macintosh terminology, but the general scheme should be applicable to other machines as well. Here is how it works. Lets say that you want to publish a program called "Fantasic". There will be two files on the disk: "Fantastic" and "Fantastic Copyright notice." Both are executable programs. Both are clearly visible on the desktop. Niether is copy protected, and there are no hidden keys on the disk. The program is totally copyable and movable to a hard disk. The master disk need only be used once, and then put away, except for emergencies. The "Fantastic" program is the main program to be run. The "Fantastic copyright notice" program simply displays a single screen stating that this program is copyrighted and that it is illegal to copy it for anything other than your own personal use, you being the original purchaser. The screen also describes the material advantages of owning a legitemate copy, such as customer support and free or low-priced updates. Now here is the interesting part: "Fantastic" will NOT run unless "Fantastic copyright notice" is also on the disk, and in the same folder as "Fantastic." This, program-wise, can easily be done. I will not go into details how. Just suffice it to say that it would take only a trivial amount of code. (Much less than the text of the copyright notice.) The theory behind this scheme is that every time that you launch the program from the finder, you also see the copyright notice program. You may choose to ignore it, but it is always on your disk nagging at you if you indeed have accepted a pirated copy. Some people will never accept or give out pirated software. You don't have to worry about those. Others will never buy something tat they can otherwise get a hold of by copying. There is not much you cando about those because any protection system will be broken sooner or later (but probably sooner). The people that you need to worry about are those in-between folks who are undecided on the issue. These are the people who you could gently sway or nudge in your direction. The general philosophy is to get people with a carrot instead of a stick. This scheme is certainly not foolproof, technically. A user may launch "Fantastic" from either the minifinder, or may open a "Fantastic" document. and thus not be "reminded" by th e copyright-notice file. However, requiring that it be in the same folder as "Fantastic" would probably make the user see it often enough assuming that much of the time that the Mac is used is spent in the finder. Nothing should be done to antagonize the user. This includes placing page after page of threatening legal text in the copyright notice file (a la smoothtalker) or requiring that the notice be read after every n'th invocation of the program. Everything should be done to give the impression that the publisher is there to help legitemate owners. This must certainly be considered an experimental solution. I make no guarantees that it will either help or hinder sales compred to a completely protected or un-protected program. However, like most experiments, they must be tried out to see if they work. Copy protection is a sticky issue in today's software market. Claims by software makers that it increases sales by disallowing illegal copies are dubious. Meanwhile, users have to make due with a program hampered to various degrees by it. Protection systems themselves, as they become more sophisticated, become games played between the creators and defeaters of protection systems. On the other hand, there are alternatives to copy protection which may achieve the same results in less brute force ways. I will be speaking on copy protection at the next Stanford Macintosh Users Group Developers meeting next Thursday, November 21, in Polya 111, (Turing auditorium) on the Stanford campus at 7:30pm. Anyone in the San Francisco Bay area is welcome to come. Gustavo A. Fernandez
murlocker@water.UUCP (M. Urlocker) (11/14/85)
> > > Here are some program cracks for various Macintosh applications. > > > ...etc. > > > > > [ Suggestions for beating copy protection schemes were here ] > > > > Hmmmmm. Seems to me that this kind of thing is slightly innappropriate > > for the net. Besides, Sonny would never condone it. And by the way, > > there is no need to 'beat' "Griffon Terminal"(sic), since it isn't copy- > > protected any more. > > > > There is one instance, however, where copy protection is permissable, > however, and which may actually INCREASE the value of the product. This is > in the case of games. Generally, games do not require back-up dtat disk, > and do not make effective use of a hard disk, nor do they really need any > extra utilities such as disk caches and ramdisks. The reason why copy > etc... I disagree! I bought Sargon III and later a hard disk and discovered I couldn't get Sargon to work with it. Once you get used to the speed and convenience of a hard disk, you really don't want to go back to the hassle of booting a floppy. Moreover the copy protection can inhibit the use of things like switcher or ram disks. With the performance of most software on the mac, developers should *encourage* the use of ram disks, caches, etc, because it makes the product perform significantly better, leading to more satisfied customers. I could backup Sargon with CopyII Mac, without difficulty, (so could any pirate!) but I couldn't get it legitimately on the hard disk until the "crack" was posted. I think it is the duty of every software vendor to supply a means of installing the software on the hard disk without requiring insertion of the master floppy. I won't buy *any* program that cannot be used with my hard disk. mark
ins_adsf@jhunix.UUCP (David S Fry) (11/16/85)
I just wanted to say that I agree with most everything Gustavo
Fernandez had to say in article 1173. Recently debate about copy protection
has been a hot topic in computer magazines, and it seems as though a
solution must be found. One certainly understands that a developer doesn't
want his creation to be stolen, but when companies like Lotus and Microsoft
sell software for $500-600, it's hard to be sympathetic.
The most simplistic answer, of course, is to not copy protect anything.
I even have two friends, former die-hard pirates that would copy anything
they could, who now refuse to break the copyright notice of any un-copy-
protected program; protected software is still fair game to them. If this
was practiced more often, they feel, developers and users could live happily.
David Fry
rupprech@bbnccv.UUCP (Wolfgang Rupprecht) (11/17/85)
I don't want to come across as a believer in copy protection,
I'm not. (I also think that software houses often let greed play too
large a role in setting their prices. They could undoubtably stop a
lot of copying by lowering their prices.)
Something that I have been toying with is another type of
'soft' protection. A software company could inbed unique serial
numbers in the software AND register these numbers at the time of
sale. The serial number could be done in several places, each time
encrypted in a different way. (Or better yet, linking subroutines in a
different order in each copy, with the serial number being the order
of the routines and linked in variables. This would make it VERY
difficult to erase the serial number!) It wouldn't prevent people from
coping it. It would only make them think twice before they gave
somebody a program that COULD be traced to them. Again, it would be
possible to "file the engine block" in hopes of removing the tell-tale
serial numbers, but the nagging fear that you might have missed one,
and could be sued for damages for fathering hundreds of illegal copies
would undoubtably stop many.
What does the net think?
-wr
--
wolfgang rupprecht
{harvard, ihnp4, decvax}!bbnccv!rupprech
rupprech@bbnccv.arpabrian@ut-sally.UUCP (Brian H. Powell) (11/18/85)
> > Something that I have been toying with is another type of > 'soft' protection. A software company could inbed unique serial > numbers in the software AND register these numbers at the time of > sale. The serial number could be done in several places, each time > encrypted in a different way. (Or better yet, linking subroutines in a > different order in each copy, with the serial number being the order > of the routines and linked in variables. This would make it VERY > difficult to erase the serial number!) It wouldn't prevent people from > coping it. It would only make them think twice before they gave > somebody a program that COULD be traced to them. Again, it would be > possible to "file the engine block" in hopes of removing the tell-tale > serial numbers, but the nagging fear that you might have missed one, > and could be sued for damages for fathering hundreds of illegal copies > would undoubtably stop many. > > What does the net think? Nice idea, but this makes the duplication part of production non-trivial. If you have to relink the program for each disk produced, imagine the time and resources involved. SLOW. Duplication is slow enough. Vendors want the product out fast. Most companies would rather not suffer the expense of complicated copy- protection schemes. (Remember, you not only have to generate the serial numbers, you have to keep track of them when they are sold.) Also, the registration would be hard to enforce. Every computer store has to tell every computer salesman that your piece of software must be registered. Seems like somebody would forget, or just decide it's not worth it. Brian H. Powell UUCP: {ihnp4,seismo,ctvax}!ut-sally!brian ARPA: brian@sally.UTEXAS.EDU U.S. Mail: Southwestern Bell P.O. Box 5899 345-0932 Austin, TX 78763-5899 AT&T (512) 345-0932
mazlack@ernie.BERKELEY.EDU (Lawrence J. &) (11/19/85)
> I don't want to come across as a believer in copy protection, >I'm not. (I also think that software houses often let greed play too >large a role in setting their prices. They could undoubtably stop a >lot of copying by lowering their prices.) Actually, I think that developers should be able to have some form of copy protection, they develop a product and should be paid for it. What annoys me is not being able to backup my OWN copies or transfer them to hard disk. How to solve this problem, I don't know. > Something that I have been toying with is another type of >'soft' protection. A software company could inbed unique serial >numbers in the software AND register these numbers at the time of >sale. The serial number could be done in several places, each time >encrypted in a different way. (Or better yet, linking subroutines in a >different order in each copy, with the serial number being the order >of the routines and linked in variables. This would make it VERY >difficult to erase the serial number!) It wouldn't prevent people from >coping it. It would only make them think twice before they gave >somebody a program that COULD be traced to them. Again, it would be >possible to "file the engine block" in hopes of removing the tell-tale >serial numbers, but the nagging fear that you might have missed one, >and could be sued for damages for fathering hundreds of illegal copies >would undoubtably stop many. > I suspect that this wouldn't be very effective as I don't believe that prosecution against or law suit against individuals is about to happen. If it doesn't happen, such a scheme wouldn't be effective. Sigh. Sob. ...Larry Mazlack MAZLACK@ERNIE.BERKELEY.EDU
jkm@security.UUCP (Jonathan K.Millen) (11/22/85)
---------
An ideal form of copy protection is possible if each machine has a
serial number that is readable by software (e.g., stored in ROM). When
a program is sold, it comes in a form that is uncopyable, but as soon as
it runs on a machine, two things happen: (1) it "freezes" on that machine,
that is, it will run only on the machine with that serial number; and (2)
it becomes copyable.
If the customer gets a new machine, he should be able to send the
original disk back to the vendor (as proof of purchase) and get a new
unfrozen disk for a nominal charge.hes@ecsvax.UUCP (Henry Schaffer) (11/24/85)
> --------- > An ideal form of copy protection is possible if each machine has a > serial number that is readable by software (e.g., stored in ROM). When > a program is sold, it comes in a form that is uncopyable, but as soon as > it runs on a machine, two things happen: (1) it "freezes" on that machine, > that is, it will run only on the machine with that serial number; and (2) > it becomes copyable. > If the customer gets a new machine, he should be able to send the I have one microcomputer at work, and another at home. I often carry my purchased copy of software with me to work and back. This is a legal use which would not be possible with this suggested type of protection. --henry schaffer
smh@mhuxl.UUCP (henning) (11/25/85)
> An ideal form of copy protection is possible ..., but as soon as > it runs on a machine: (1) it will run only on the machine with that serial number; and (2) it becomes copyable. > If the customer gets a new machine, he should be able to send the > original disk back to the vendor (as proof of purchase) and get a new > unfrozen disk for a nominal charge. **** **** From the keys of Steve Henning, AT&T Bell Labs, Reading, PA mhuxl!smh Please save the word IDEAL for software that I can use on at least 6 different machines (1 at home and 5 at work) but will only let the licensed user use and not something like a 'licensed machine' use. I don't mind carrying around my software, but please don't make me carry around my Mac to places that already have a Mac available for me to use. Also, I don't think that it is acceptable to have to get all new software if your machine gets trashed or for some reason gets a new ID number.
julian@osu-eddie.UUCP (Julian Gomez) (11/25/85)
> An ideal form of copy protection is possible if each machine has a > serial number that is readable by software (e.g., stored in ROM). When > a program is sold, it comes in a form that is uncopyable, but as soon as > it runs on a machine, two things happen: (1) it "freezes" on that machine, > that is, it will run only on the machine with that serial number; and (2) > it becomes copyable. > If the customer gets a new machine, he should be able to send the > original disk back to the vendor (as proof of purchase) and get a new > unfrozen disk for a nominal charge. What happens if the customer's Mac goes down and he has to get a loaner for a while? What about a customer who has more than one Mac and buys a 2nd CPU license, which usually means the customer doesn't get another distribution kit? (although i have yet to see more than one Mac in the same room anywhere besides a dealer) -- "If Chaos himself sat umpire, what better could he do?" Julian "a tribble took it" Gomez Computer Graphics Research Group, The Ohio State University {ucbvax,decvax}!cbosg!osu-eddie!julian
vishniac@wanginst.UUCP (Ephraim Vishniac) (11/25/85)
> I have one microcomputer at work, and another at home. I often carry > my purchased copy of software with me to work and back. This is a legal > use which would not be possible with this suggested type of protection. > --henry schaffer Alas, it's not legal according to Microsoft. I recently received my update for MS Basic, so parts of the long and baffling licensing agreement are fresh in my mind. They seem to insist that when you purchase their software, you purchase it for use on one *machine*, not for use by one *person*. -- Ephraim Vishniac [apollo, bbncca, cadmus, decvax, harvard, linus, masscomp]!wanginst!vishniac vishniac%Wang-Inst@Csnet-Relay
jkm@security.UUCP (Jonathan K.Millen) (11/26/85)
In article <799@ecsvax.UUCP> hes@ecsvax.UUCP (Henry Schaffer) writes: >> --------- >> An ideal form of copy protection is possible if each machine has a >> serial number that is readable by software (e.g., stored in ROM). When >> a program is sold, it comes in a form that is uncopyable, but as soon as >> it runs on a machine, two things happen: (1) it "freezes" on that machine, >> that is, it will run only on the machine with that serial number; and (2) >> it becomes copyable. >> If the customer gets a new machine, he should be able to send the > > I have one microcomputer at work, and another at home. I often carry >my purchased copy of software with me to work and back. This is a legal >use which would not be possible with this suggested type of protection. >--henry schaffer The "second machine" case is very much like the "new machine" case. You should be able to send the original disk to the vendor and receive an unfrozen copy (while still keeping a copy of the frozen one). The new disk would not be free, since the vendor has handling, copying, mailing, and disk costs to cover, and may also want to charge something extra to discourage people from redistributing them. The new-disk charge would still be no more than wholesale price (I assume about half retail), and it could be much less on expensive programs - just enough to cover customer registration bookkeeping. Keep in mind that customer registration would not be necessary for every customer, only those who request a new disk, and not until they do so. Jon Millen "We should stand on the shoulders of those who have gone before us... not on each other's toes." -a Peter Neumann paraphrase
jkm@security.UUCP (Jonathan K.Millen) (11/27/85)
In article <345@mhuxl.UUCP> smh@mhuxl.UUCP (henning) writes: >> An ideal form of copy protection is possible ..., but as soon as >> it runs on a machine: (1) it will run only on the machine with that >serial number; and (2) it becomes copyable. >> If the customer gets a new machine, he should be able to send the >> original disk back to the vendor (as proof of purchase) and get a new >> unfrozen disk for a nominal charge. > >**** **** >From the keys of Steve Henning, AT&T Bell Labs, Reading, PA mhuxl!smh > >Please save the word IDEAL for software that I can use on at least 6 different >machines (1 at home and 5 at work) but will only let the licensed user use >and not something like a 'licensed machine' use. ... Sounds like you want a site license for free here. > .... Also, I don't think that >it is acceptable to have to get all new software if your machine gets >trashed or for some reason gets a new ID number. I can sympathize with this objection; my Mac has already had a logic board replacement. How about this: when you buy the package, it already has two unfrozen disks in it. Save one for a disaster or use it on a second machine (you can still get more, for a price). Jon Millen "We should stand on the shoulders of those who have gone before, not on one another's toes." -a Peter Neumann paraphrase
bantz@Clio.Uiuc.ARPA (11/27/85)
Using the same purchased software on two machines (home and work) sure seems like a reasonable use, but it proscribed by the "shrink-wrap" "agreement" on some software, which clearly "licenses" the software for use on a particular cpu.
gig@ritcv.UUCP (Gordon Goodman) (11/28/85)
As was mentioned in another posting, using a rom serial number to imprint on software makes it impossible to use software legitimately. The DEC Pro 350 used this scheme much to my dismay. In university lab settings, this protection scheme is a horror. How can students buy software when it can only be used on one particular machine? Gordon Goodman RIT
jkm@security.UUCP (Jonathan K.Millen) (11/29/85)
In article <885@osu-eddie.UUCP> julian@osu-eddie.UUCP (Julian Gomez) writes: >> An ideal form of copy protection is possible if ... > >What happens if the customer's Mac goes down and he has to get a loaner >for a while? .... A dealer could provide a loaner with frozen copies of all the software you need, and then some. It would be a great incentive to get your machine fixed there - test drive any software you like, while you're waiting for your machine to be repaired! Jon Millen "We should stand on the shoulders of those who have gone before us, not on each other's toes." -a Peter Neumann paraphrase
smh@mhuxl.UUCP (henning) (12/02/85)
> >What happens if the customer's Mac goes down and he has to get a loaner > >for a while? .... > > A dealer could provide a loaner with frozen copies of all the software That is illegal. You can not give people copies of licensed software unless you pay for a very liberal license. The user is licensed and not the machine. I can see it now on the NY Times: "Lotus sues machine for violating license agreement." We could create machines that would only run one program. That would really solve the problem. The software would be in rom. [:{)>
jkm@security.UUCP (Jonathan K.Millen) (12/02/85)
-------
From the various objections I've seen to copy protection based on
freezing copyable software on a ROM serial number, it appears that the
REALLY ideal scheme should identify the purchaser rather than the
machine. The software should freeze on the buyer's fingerprint, or
some other personal characteristic which (unlike a password) can't be
given away. I wish I could think of a way to do that.
Jon Millen
"We should stand on the shoulders of those who have gone before us,
not on one another's toes." -a Peter Neumann paraphrasejimb@amdcad.UUCP (Jim Budler) (12/03/85)
In article <348@mhuxl.UUCP> smh@mhuxl.UUCP (henning) writes: >> >What happens if the customer's Mac goes down and he has to get a loaner >> >for a while? .... >> >> A dealer could provide a loaner with frozen copies of all the software > >That is illegal. You can not give people copies of licensed software unless >you pay for a very liberal license. The user is licensed and not the machine. >I can see it now on the NY Times: "Lotus sues machine for violating license >agreement." We could create machines that would only run one program. That >would really solve the problem. The software would be in rom. [:{)> Doesn't that answer the question? If they are issuing a license to ME, not to my MACHINE, what are they doing putting any machine dependencies in it. I think it is time some one made the software vendors make up their minds: 1) Are they selling a product? 2) Are they licensing a trade secret? 3) Are they distributing a copyrighted article? Right now they are trying to get the best of all three worlds. i.e. 1) The vendors don't sell anything, but license it, thus avoiding all product liability laws. 2) They license use of their software. In the mainframe world this procedure also includes maintanence and support, but not in the micro world. 3) They copyright it in addition, just to gain some extra protection for their overblown prices, then say it isn't the same as a book and shouldn't allow lending libraries. I think anything I buy in a retail store with money is a product and should be subject to the product liability and warranty laws. And this means that when some 'copy protection scheme' causes me to lose legitimate use of something that I have paid for, the vendor is fully liable under the law. -- Jim Budler Advanced Micro Devices, Inc. (408) 749-5806 Usenet: {ucbvax,decwrl,ihnp4,allegra,intelca}!amdcad!jimb Compuserve: 72415,1200 Bogus newsgroup: net.news: Move to end of .newsrc[yn^L]? Don't be dictators, use thought.
hes@ecsvax.UUCP (Henry Schaffer) (12/03/85)
> From the various objections I've seen to copy protection based on > freezing copyable software on a ROM serial number, it appears that the > REALLY ideal scheme should identify the purchaser rather than the > machine. The software should freeze on the buyer's fingerprint, or > some other personal characteristic which (unlike a password) can't be > given away. I wish I could think of a way to do that. > Jon Millen BOTH options should be available to the purchaser. The software should be able to sit on one machine and let anyone come along and use it. It should also be able to be moved to another machine. So I think that all this talk about "freezing" misses the point. The protection needed, to allow normal and effective use of the software, and yet to assure compliance with copyright law, is some method to prevent (multiple) concurrent use by >1 person OR by >1 machine. --henry schaffer
bill@utastro.UUCP (William H. Jefferys) (12/03/85)
> Using the same purchased software on two machines (home and work) > sure seems like a reasonable use, but it proscribed by the > "shrink-wrap" "agreement" on some software, which clearly > "licenses" the software for use on a particular cpu. Not necessarily. Reading from the standard Microsoft License Agreement, Article 1 specifies use on a single COMPTUTER at a single location, but Article 4 reads: "As the LICENSEE, you may physically transfer the SOFTWARE from one computer to another provided that the SOFTWARE is used on only one computer at a time..." (The rest of Article 4 is not relevant to this discussion). It seems to me that this article specifically permits the kind of use that was contemplated, at least in the case of Microsoft.
dick@ucsfcca.UUCP (Dick Karpinski) (12/04/85)
In article <1009@security.UUCP> jkm@security.UUCP (Jonathan K.Millen) writes: >REALLY ideal scheme should identify the purchaser rather than the >machine. The software should freeze on the buyer's fingerprint, or >some other personal characteristic which (unlike a password) can't be >given away. I wish I could think of a way to do that. > That is the point of the $5-15 dongle, a piece of hardware attached to the computer in some innocuous way (as a pass thru rs232 port?) which acts as a singular, non-reproduceable key. If it is a micro chip with one subroutine in its rom, then it will be hard to cheat. But you can move it to the office/home/replacement computer easily. Dick -- Dick Karpinski Manager of Unix Services, UCSF Computer Center UUCP: ...!ucbvax!ucsfcgl!cca.ucsf!dick (415) 666-4529 (12-7) BITNET: dick@ucsfcca Compuserve: 70215,1277 Telemail: RKarpinski USPS: U-76 UCSF, San Francisco, CA 94143
berry@tolerant.UUCP (David Berry) (12/05/85)
> BOTH options should be available to the purchaser. The software should > be able to sit on one machine and let anyone come along and use it. It > should also be able to be moved to another machine. So I think that all > this talk about "freezing" misses the point. The protection needed, to > allow normal and effective use of the software, and yet to > assure compliance with copyright law, is some method to prevent (multiple) > concurrent use by >1 person OR by >1 machine. > --henry schaffer I got it! Put little radio transmitters in every disk that continuously broadcast what program is being run from them :-). -- David W. Berry {ucbvax,pyramid,idsvax,bene,oliveb}!tolerant!berry [Don't shoot the Tolerant Systems, I'm just the consultant]
briand@tekig4.UUCP (Brian Diehm) (12/06/85)
> From the various objections I've seen to copy protection based on >freezing copyable software on a ROM serial number, it appears that the >REALLY ideal scheme should identify the purchaser rather than the >machine. The software should freeze on the buyer's fingerprint, or >some other personal characteristic which (unlike a password) can't be >given away. I wish I could think of a way to do that. I'm FAR from being a midwest Bible-thumper, but that book DOES indeed refer (apocryphally) to such a scheme - all we need do is put an identifying mark on every person. Revelations mentions forehead or wrist. What with the banks being antsy about volumnious losses over credit card scams, and what with suggestions like the above, it seems pretty inevitable. Personally, this scares the s*it out of me. I prefer a world where at least some crime is still possible - civil disobedience may be our only form of protest someday! -Brian Diehm Tektronix, Inc. (Solely my opinions, folks!)
eilers@stolaf.UUCP (David V. Eilers) (12/06/85)
> ------- > From the various objections I've seen to copy protection based on > freezing copyable software on a ROM serial number, it appears that the > REALLY ideal scheme should identify the purchaser rather than the > machine. The software should freeze on the buyer's fingerprint, or > some other personal characteristic which (unlike a password) can't be > given away. I wish I could think of a way to do that. > > Jon Millen > > "We should stand on the shoulders of those who have gone before us, > not on one another's toes." -a Peter Neumann paraphrase Interesting. Sense we are simply dreaming up a system, a card could be given to every purchaser of a mac. Simply plug that card (ROM?) into the mac you are useing and you are then able to use any software that has been frozen with your number on. What do you think? Sure, there would be ways around this. Like copying the card or inventing a machine to emulate any card, but this would make it very unconvenient to use a copy frozen with another ROM number. You would either have to keep alot of extra cards around or keep track of a lot of numbers. (Not to mention having to know the number in the first place.) Also, if this system were made relatively expensive as far as reproducing a ROM card goes (~$30.00) it would make it more economically feasible to buy inexpensive software, than to make illegal copies. On the other side, it would make inexpensive software more feasible because, most copies would be brought, not stolen, and the returns on marketing an inepensive program would go up. It would also presure vendors to keep there prices within the range of a copied card because, if the price was considerably higher, people might be willing to go through the trouble of an extra card for the *large* difference in price. Dave Eilers ihnp4!stolaf!eilers
reid@dciem.UUCP (Reid Ellis) (12/08/85)
In article <1009@security.UUCP> jkm@security.UUCP (Jonathan K.Millen) writes: >the REALLY ideal scheme should identify the purchaser rather than the >machine. The software should freeze on the buyer's fingerprint, or >some other personal characteristic which (unlike a password) can't be >given away. I wish I could think of a way to do that. How about the way the person types? I believe that there is an area of identification in which the rhythm of the user typing in his password is as important as the password he types. Of course, the amount of code required to do this would probably be prohibitive, but this is an *ideal* solution after all.. Some thoughts on implementation: When run the first time, the program gives you a dialog box in which you type your password. If you botch the password (or actually plain text, listed in the dialog if you like) it clears and waits for another try. There is a standard "Cancel" button to return to the finder. The information is recorded in a file and if that file is found missing, the program returns to the finder. Thereafter, the user needs to type in a password or short phrase and there you go. A problem would be that typing the password would be tedious if done too often, if the program is used many times per day. As well, of course, you could copy the program first, and *then* run it, so maybe this isn't the *ideal* scheme after all. -- -- Reid Ellis "Roads? Where we're going, who needs _roads_?" {{allegra,decvax,duke,floyd,linus}!utzoo,{ihnp4,utzoo}!utcsri}!dciem!reid This message brought to you courtesy of the Poslfit Committee
keithd@cadovax.UUCP (Keith Doyle) (12/10/85)
In article <223@tolerant.UUCP> berry@tolerant.UUCP (David Berry) writes: > >I got it! Put little radio transmitters in every disk that continuously >broadcast what program is being run from them :-). >-- > > David W. Berry Don't laugh! There was a rumor in net.video or similar place a couple of months ago about certain unscrupulous agencies (FCC, FBI, or maybe Nielsen?) driving panel trucks around with sensitive instrumentation designed to pick up signals from the I.F. amps in your T.V. tuners, in order to determine what channels people are watching (they'd all get channel 3 (L.A.) if you ask me). Maybe this technique could be adapted to look for the electronic 'fingerprint' of what program is running in your computer. Might be a way to determine if an inordinate amount of illegal copies of Lotus or something are running in a building somewhere. (ADAPSO are you listening?) Keith Doyle # {ucbvax,ihnp4,decvax}!trwrb!cadovax!keithd # cadovax!keithd@ucla-locus.arpa Reminds me of the old days when the first program that I got running on my first personal computer (IMSAI) before I had any peripherals, was a program to play 'Daisy' thru an A.M. radio, that was keyed in through the front panel switches.
dick@ucsfcca.UUCP (Dick Karpinski) (12/12/85)
In article <5018@stolaf.UUCP> eilers@stolaf.UUCP (David V. Eilers) writes: >> freezing copyable software on a ROM serial number, it appears that the >> REALLY ideal scheme should identify the purchaser rather than the >> machine. The software should freeze on the buyer's fingerprint, or > >Interesting. Sense we are simply dreaming up a system, a card could be >given to every purchaser of a mac. Simply plug that card (ROM?) into >Dave Eilers It is called a "dongle" and really effective ones incorporate a bit of the application on the card. This makes it very difficult to do without the dongle. In volume they can be produced for about $20. One way to employ them is by attaching to a modem port. A cheap micro chip with its subroutine in its ROM is enough. Very effective. Dick -- Dick Karpinski Manager of Unix Services, UCSF Computer Center UUCP: ...!ucbvax!ucsfcgl!cca.ucsf!dick (415) 666-4529 (12-7) BITNET: dick@ucsfcca Compuserve: 70215,1277 Telemail: RKarpinski USPS: U-76 UCSF, San Francisco, CA 94143
david@sagan.UUCP (David Taylor) (12/13/85)
1002@security.UUCP> <799@ecsvax.UUCP> <9081@ritcv.UUCP> <1009@security.UUCP> <
837@ecsvax.UUCP> <223@tolerant.UUCP> <978@cadovax.UUCP>
Sender:
Reply-To: david@sagan.UUCP (David Taylor)
Followup-To:
Distribution: net
Organization: MicroPro Int'l Corp., San Rafael, CA
Keywords:
The person who describes the rumor about the FCC checking your home tv
emissions to determine what channel you are watching is obviously unaware
of the situation in England, where this exact method is used to catch
people, who are behind on their TV licence payments.
Yes, thats right, it is necessary to pay the UK government a fee
to be allowed to watch TV in the UK. The funds are supposed to help support
the BBC. (Perhaps the PBS stations should try it here . . . )
--
david
... David W.Taylor, MicroPro Product Development
{dual,hplabs,glacier,lll-crg}!well!micropro!sagan!davidkim@mips.UUCP (Kim DeVaughn) (12/13/85)
> It is called a "dongle" and really effective ones incorporate a bit of > the application on the card. This makes it very difficult to do > without the dongle. In volume they can be produced for about $20. > One way to employ them is by attaching to a modem port. A cheap > micro chip with its subroutine in its ROM is enough. Very effective. ^^^^^^^^^^^^^^ NOT if you have a good debugger, logic analyzer, and some a reasonable amount of intelligence (say, a 5th grade education). They can be broken *quite* easily, and afford little "protection" against shoplifters. The reason I chose to use the word "shoplifters" is to remind the soft- ware industry (and in particular, the ADAPSO crowd) that they aren't any different than any other type of vendor. ACCEPT THE FACTS OF LIFE PEOPLE, YOU *WILL* GET RIPPED-OFF NOW AND THEN. Why not try taking the mature, rational, sensible approach that Borland has pioneered. NO COPY/EXECUTION PROTECTION ... just an excellent product, a *reasonable* price, quality documentation (in a form that's difficult to copy), good support, and a site licensing policy (Borland is a bit *too* high on this, in my opinion). You think they haven't profitted? Go look at their offices in Scotts Valley ... /kim Disclaimer: I believe that the above opinions represent a majority of the marketplace today (other than the ADAPSO crowd). I could be wrong, but I doubt it. In any case, these opinions, while not copy-protected, are also not Guaranteed to do *anything* for any purpose whatsoever. My employer may or may not agree with my opinions. BTW, there is a good discussion on the copy-protection of human genes going on somewhere on the net ... -- UUCP: {decvax,ucbvax,ihnp4}!decwrl!mips!kim DDD: 415-960-1200 USPS: MIPS Computer Systems Inc, 1330 Charleston Rd, Mt View, CA 94043
rp321@uiucuxa.CSO.UIUC.EDU (12/13/85)
/* Written 6:32 pm Dec 7, 1985 by reid@dciem.UUCP in uiucuxa:net.micro.mac */
In article <1009@security.UUCP> jkm@security.UUCP (Jonathan K.Millen) writes:
How about the way the person types? I believe that there is an area of
identification in which the rhythm of the user typing in his password is
as important as the password he types. Of course, the amount of code
required to do this would probably be prohibitive, but this is an *ideal*
solution after all..
[...]
--
--
Reid Ellis "Roads? Where we're going, who needs _roads_?"
{{allegra,decvax,duke,floyd,linus}!utzoo,{ihnp4,utzoo}!utcsri}!dciem!reid
This message brought to you courtesy of the Poslfit Committee
/* End of text from uiucuxa:net.micro.mac */
Another problem with the scheme... what if the user happens to be a bit tipsy,
not quite awake, etc., and can't quite get the rhythm right. What about
careless typos? Basing the protection on how the user types just isn't a good
idea.
Russell J. Price
University of Illinois
{ ihnp4, pur-ee, convex }!uiucdcs!uiucuxa!rp321
rp321@uiucuxa.CSO.UIUC.EDU
Disclaimer: the above address will not be valid pretty soon... the semester's
ending....rp321@uiucuxa.CSO.UIUC.EDU (12/13/85)
/* Written 7:36 pm Dec 9, 1985 by keithd@cadovax.UUCP in uiucuxa:net.micro.mac */
In article <223@tolerant.UUCP> berry@tolerant.UUCP (David Berry) writes:
Don't laugh! There was a rumor in net.video or similar place
a couple of months ago about certain unscrupulous agencies (FCC, FBI,
or maybe Nielsen?) driving panel trucks around with sensitive instrumentation
designed to pick up signals from the I.F. amps in your T.V. tuners, in order
to determine what channels people are watching (they'd all get channel 3
(L.A.) if you ask me). Maybe this technique could be adapted to look for
the electronic 'fingerprint' of what program is running in your computer.
Might be a way to determine if an inordinate amount of illegal copies of
Lotus or something are running in a building somewhere. (ADAPSO are you
listening?)
/* End of text from uiucuxa:net.micro.mac */
Can you say "Big Brother is listening?" The invasion of privacy potential
is staggering!
Russell J. Price
University of Illinois
{ ihnp4, pur-ee, convex }!uiucdcs!uiucuxa!rp321
rp321@uiucuxa.CSO.UIUC.EDU
Disclaimer: the above address will not be valid pretty soon... the semester's
ending....pugh@cornell.UUCP (William Pugh) (12/17/85)
I saw an interesting copy protection method on a game for the
C-64 (the game is Elite).. The system is called LensLok. The game comes with
a little plastic lens contraption. When the program starts up, it displays
some stuff that looks like garbage on the screen. When you place the
lens gadget against the screen and look through it, you can clearly see a
two letter code. To run the program, you simply have to key in those two
letters. The two letters are generated randomly each time the program is
run.
Its a little bothersome, sort of like using a key-disk, but it's okay
for games.
--
Bill Pugh
Cornell University
..{uw-beaver|vax135}!cornell!pugh
607-257-6994