palarson@watdragon.waterloo.edu (Paul Larson) (01/17/88)
Lately, several people on this newsgroup have been discussing software piracy, how it hurts developers, and how it harms the Amiga community (and, by extrapolation, the microcomputer community in general.) Several wierd and wonderful methods of copy protection(such as serial numbers, dongles, and sentinel-viruses) and counterattacks (such as frying a pirate's hard disk) have been proposed. As one who plans his carreer in the computer field, I can sympathise with these complaints, but I feel it is time to hear a consumer's mpoint of view. If you, as developers, wherather of hardware or software, plan to implement such draconian measures as mentioned above, you should also be scheaming to monopolize the microcomputer market to a greater extent than IBM currently controls the mainframe market. The reason is simple: copy protection is unpopular among consumers. Consider, for instance, the fact that microcomputer magazines now state whether a reviewed program is copy protected or not. It's very simple: if you copyprotect your programs, you will lose customers and revenue. Personally, I refuse to buy copyprotected software. The only exception to this statement is the case where the copyprotection on a product is extremely simple, such as the presence of invisible files (the Mac has them, I am not familiar with the Amiga file system.) Purchasing the shrink-wrapped version of a product gives me several things which I feel are necesary: documentation, technical support, and future updates. Despite the superb interfaces of modern programs, I couldn't live without the manual, if only because it teaches me the advanced commands and features of a product. Technical support is convenient; it's nice to know someone is proepared ot listen and respond when you holler for help. Finally, updates, which are usually provided at a nominal cost, are necessary since I realize that no product can be rock solid when it is released. I rely on the products I buy for my computer to get work done, and thus I would not consider pirating, which eliminates the three factors listed above. Anyhow, with the awakening of the business market to the wonders of the computer, more and more software companies are swinging around to cater to this relatively wealthy sector. This sector, to my knowledge, does not deal in software piracy to the extent of the early hobbyist community. The early ideal of computer hobbyists was the freedom of information, whereas the business community realizes that services must be paid for. The business community has always been wealthier than the hobbyist community, and thus has little need for software piracy. Consider, for example, the exhorbitant prices of such products as Pagemaker and Word 3.0 for the Mac, and the fact that people actually buy them despite these prices. It seems to me that developers, many of whom are already busily cashing in on the need for business applications, might find better use for their time than screaming at the hobbyist community, to whom the developers are catering less and less every day. Johan Larson These are my opinions; I welcome your corrections, if you find them flawed, and your comments if you find them distasteful.
chou@endor.harvard.edu (scott Chou) (01/17/88)
In article <4663@watdragon.waterloo.edu> palarson@watdragon.waterloo.edu writes: >Several wierd and wonderful methods of copy protection(such as serial numbers, >dongles, and sentinel-viruses) and counterattacks (such as frying a pirate's >hard disk) have been proposed. As one who plans his carreer in the computer >field, I can sympathise with these complaints, but I feel it is time to >hear a consumer's mpoint of view. > >If you, as developers, wherather of hardware or software, plan to implement >such draconian measures as mentioned above, you should also be scheaming to > >Personally, I refuse to buy copyprotected software. The only exception to >[ . . many good reasons to buy legitimately . . ] I also avoid copy protected software like the plague. Especially when there are plenty of excellent unprotected products to choose from. My main complaint against copy protected software, especially the ones where drastic punitive measures have been taken, is that they too often end up destroying the work and time of even their legitimate users. Many a time I have had files or entire diskettes corrupted due to modified file/operating systems. Many of their little hacks end up being time bombs completely unaware of the evolution of the environment in which they operate. Data incompatibility and corruption are almost always inevitable. Of course there is always that possibility of a bug in a hallucinating CPU which accidentally invokes the Hard Disk erase trap intended for a pirate. I, however, have no problems with serial numbers and other "safe" or "passive" protection schemes. Let's all ban together and boycott software with "harsh" copy protection measures. Scott Chou ------------- Usual Disclaimers
tedrick@ernie.Berkeley.EDU (Tom Tedrick) (01/18/88)
->Several wierd and wonderful methods of copy protection(such as serial numbers, ->dongles, and sentinel-viruses) and counterattacks (such as frying a pirate's ->hard disk) have been proposed. What are "dongles"? Thanks, -Tom tedrick@ernie.berkeley.edu
brad@looking.UUCP (Brad Templeton) (01/19/88)
In article <4663@watdragon.waterloo.edu> palarson@watdragon.waterloo.edu writes: >Several wierd and wonderful methods of copy protection(such as serial numbers, >dongles, and sentinel-viruses) have been proposed. A hardware serial number (such as serial port dongles were supposed to provide) is not copy protection at all. Such protection (checking a hardware or OS serial number) provides no impediment to copying the software, making backups, running software off networks, hard disks and ramdisks etc. The only thing it stops is running the same software on multiple machines. The only legitimate reasons for this are: a) One machine is replaced, either due to upgrade or hardware failure, or a user changes machines b) A user wishes to use the same package at home or at work, or in two offices c) A consultant wishes to use the software at a large variety of sites. As for A and B, as long as the vendor is reasonable, this does not present a problem. Most vendors would be glad to handle machine upgrade for free, and dual machine use for a minor fee, if not free. Part C is the only problem. Either vendors must be willing to grant special licences to such users, provide portable hardware serial numbers (dongles) for such special cases, or come to some other arrangement with that small group of customers. We haven't seen hardware serial numbers up to now, and we won't see them, because it's against the interest of the hardware vendors to do anything to prevent software piracy. It's good for a hardware vendor to sell a machine that it's easy to get "free" software for. The best potential source for serial numbers is the operating system. LISTENING, MICROSOFT OS/2 GROUP? Put a serial number into OS/2 and an official call to get it. Actually put several levels of serial number (machine, network, division, company ...) to allow all kinds of licencing. Of course, somebody could pirate the OS/2 AND the application, but they would be forced to do all their pirating through one user. Many companies will turn a blind eye to pirating, but few will have a deliberate corporate policy of piracy. The presence of serial numbers in OS/2 would encourage software makers to move their best stuff to OS/2, where it couldn't be pirated, but where this protection caused no inconvenience to the customers. -- Brad Templeton, Looking Glass Software Ltd. - Waterloo, Ontario 519/884-7473
sysop@stech.UUCP (Jan Harrington) (01/19/88)
in article <22628@ucbvax.BERKELEY.EDU>, tedrick@ernie.Berkeley.EDU (Tom Tedrick) says: > > ->Several wierd and wonderful methods of copy protection(such as serial numbers, > ->dongles, and sentinel-viruses) and counterattacks (such as frying a pirate's > ->hard disk) have been proposed. > > What are "dongles"? > At least on the Amiga, a dongle is a piece of hardware about 1/2 X 1 X 1 1/2 inches which plugs into either game port. Software which uses a dongle for copy protection won't run unless it's physically plugged in. The bad thing about this idea is that dongles make great cat toys ... Jan Harrington, sysop Scholastech Telecommunications ihnp4!husc6!amcad!stech!sysop or allegra!stech!sysop ******************************************************************************** Miscellaneous profundity: "No matter where you go, there you are." Buckaroo Banzai ********************************************************************************
cramer@optilink.UUCP (Clayton Cramer) (01/20/88)
> ->Several wierd and wonderful methods of copy protection(such as serial numbers, > ->dongles, and sentinel-viruses) and counterattacks (such as frying a pirate's > ->hard disk) have been proposed. > > What are "dongles"? > > Thanks, > > -Tom > tedrick@ernie.berkeley.edu A "dongle" is a gadget that attaches to your serial port and when interro- gated, returns a unique number which the software being protected knows about. However, the dongle allows any serial port actions other than the interrogation for unique number to pass through unaltered. At least that's the theory, and if they worked, they would be a perfectly acceptable way of copy protecting very expensive software (though not justifiable for software that sells for, say, $30). I only have experience with one software product's dongle, and it leaves a sour taste in my mouth. We use schematic capture software from Case Technology, and the PC version uses a dongle, to which we have Logitech Mice attached. For no apparently reason, and with no apparent pattern, we sometimes have to disconnec the mouse from the dongle to get the software started. Clayton E. Cramer
graefe@tramp.Colorado.EDU (William S. Graefe) (01/20/88)
In article <415@stech.UUCP> sysop@stech.UUCP (Jan Harrington) writes:
=in article <22628@ucbvax.BERKELEY.EDU>, tedrick@ernie.Berkeley.EDU (Tom Tedrick) says:
==> What are "dongles"?
=At least on the Amiga, a dongle is a piece of hardware about 1/2 X 1 X 1 1/2
=inches which plugs into either game port. Software which uses a dongle for
=copy protection won't run unless it's physically plugged in. The bad thing
=about this idea is that dongles make great cat toys ...
Apple has recently created a provision for the Mac's. On the SE, II, and
IIgs, they have created a new bus for input devices, called Apple Desktop Bus.
ADB has a provision for dongles which are called ADAPSO's. They are the same
thing. You plug it into an ADB port and the program will search it out,
and run, if it finds it. This is the answer to the Lisa mistake made where
users could only run copy protected software on *their* machine due to
an electonic serial number.
Other ADB devices: relative position(mice), fixed position(graphics tablet),
appliances,
!---------graefe@tramp.Colorado.EDU----graefe@tramp.UUCP---! ,---. !
! Bill |(insert something terribly witty, humorous, )! | _ _ !
! GraeFe, Jr.|(and inspiring in this space: )! `-+-' | !
!---------{sunybcs, hao,nbires}!boulder!tramp!graefe-------! `---' !
mwm@eris (Mike (My watch has windows) Meyer) (01/20/88)
In article <1852@optilink.UUCP> cramer@optilink.UUCP (Clayton Cramer) writes:
<At least that's the theory [behind dongles], and if they worked, they
<would be a perfectly acceptable way of copy protecting very expensive
<software
No, they aren't. You really want me to have to swap dongles every time
some piece of my carefully selected donglified software running on my
multi-tasking system wants a different dongle?
Worse yet, you want me to anticipate when that software is going to
want a dongle?
Dongles only work well in multi-tasking environments if all software
companies agree on what should be in the dongle for that machine.
Unless it's something at the OS level or below, that's not likely to
happen. And since the OS/hardware people can sell more things if it's
easy to steal software for them, they aren't liable to supply that
serial number.
Oh yeah - since IBM has blessed multi-tasking OS's, I expect everyone
to jump on that bandwagon. Except for those who've been there for
years, of course.
<mike
--
How many times do you have to fall Mike Meyer
While people stand there gawking? mwm@berkeley.edu
How many times do you have to fall ucbvax!mwm
Before you end up walking? mwm@ucbjade.BITNET
suhler@im4u.UUCP (Paul A. Suhler) (01/20/88)
William S. Graefe writes: >Apple has recently created a provision for the Mac's. On the SE, II, and >IIgs, they have created a new bus for input devices, called Apple Desktop Bus. >ADB has a provision for dongles which are called ADAPSO's. They are the same >thing. You plug it into an ADB port and the program will search it out, >and run, if it finds it. ADAPSO is actually the Association of Data Processing Service Organizations, whose Software Protection Committee had a project to establish a communi- cation protocol for dongles attached to IBM PC serial data ports. I hadn't heard of "ADAPSO" being used as a generic name, but it's not surprising. They finally abandoned the effort in about August 1986, as it looked like software protection was a dying effort. I hadn't heard of anyone's trying to put dongles on Macintosh products. I was part of a group here at UT that launched into an ADAPSO-sponsored Consumer Reports-style study of various protection devices for IBM PCs. They called it all off before we actually began testing devices. The only result was a survey of the field in the September 1986 issue of IEEE Software. -- Paul Suhler suhler@im4u.UTEXAS.EDU 512-474-9517/471-3903
michael@crlt.UUCP (Michael McClary) (01/20/88)
In article <4663@watdragon.waterloo.edu>, palarson@watdragon.waterloo.edu writes: >Several wierd and wonderful methods of copy protection(such as serial numbers, >dongles, and sentinel-viruses) and counterattacks (such as frying a pirate's >hard disk) have been proposed. [] And goes on to object to object to such measures. Similarly, in article <3823@husc6.harvard.edu>, chou@endor.harvard.edu (scott Chou) quotes him and writes: > I also avoid copy protected software like the plague. Especially > when there are plenty of excellent unprotected products to choose > from. > > My main complaint against copy protected software, especially the ones > where drastic punitive measures have been taken, is that they too often > end up destroying the work and time of even their legitimate users. > [] Many of their little hacks end up being time > bombs completely unaware of the evolution of the environment in which > they operate. Data incompatibility and corruption are almost always > inevitable. Of course there is always that possibility of a bug in a > hallucinating CPU which accidentally invokes the Hard Disk erase trap > intended for a pirate. and argues for passive measures only. I agree wholeheartedly. I avoid any software that tries to copy- protect itself, because it complicates operation and backups. And I consider any program including code designed to destroy other data to be too hazardous to have on my system under any circumstances, so I'll never buy a product I know is "protected" in that manner, and I tell my customers to avoid such packages like the plauge. But I won't stop there. I'd like to point out a possible pitfall to developers considering the use of data-destroying boobytraps for pirates: Suppose one of your legitimate customers is somehow bit by the trap. Suppose it destroys a lot of important data. Like a big chunk of his business records. Suppose he sues you for his losses. You could lose a >lot< more than any hypothetical pirate would cost you in lost sales. You could lose >your< business, and your home and car. (Even a corporate shield wouldn't necessarily protect you - that "veil" can be "pierced" when you deliberately do something that may cause damage to others.) You could develop a reputation as "A guy who writes booby-trapped software, like the program he wrote that took down company X", and lose future business, too. If your program, when it thinks it's been pirated, refuses to run, or takes out its own object and/or database, that's one thing. When it goes after other data, that's quite another. =========================================================================== "I've got code in my node." | UUCP: umix.cc.umich.edu!node!michael | AUDIO: (313) 973-8787 Michael McClary | SNAIL: 2091 Chalmers, Ann Arbor MI 48104 --------------------------------------------------------------------------- Above opinions are the official position of McClary Associates. Customers may have opinions of their own, which are given all the attention paid for. ===========================================================================
florman@randvax.UUCP (Bruce Florman) (01/21/88)
> >Personally, I refuse to buy copyprotected software. The only exception to > >[ . . many good reasons to buy legitimately . . ] > > I also avoid copy protected software like the plague. Especially > when there are plenty of excellent unprotected products to choose > from. > Scott Chou At the MacHack conference in Ann Arbor last year, Dave Feldt made a suggestion about "the only legitimate use of copy protection." If a program is launched off the original disk, the program should detect this and put up an alert that says: "Hey Stupid! This is the original disk! Make a copy and use that!" -- ======================================================================== florman@rand-unix.ARPA {decvax,sdcrdcf,trwrb,trwspf,vortex}!rand-unix!gnu!florman "But these people are all perfectly normal!" -David Byrne
wetter@tybalt.caltech.edu (Pierce T. Wetter) (01/21/88)
> Stuff about Hardware keys... > >The only thing it stops is running the same software on multiple machines. >The only legitimate reasons for this are: > a) One machine is replaced, either due to upgrade or hardware failure, > or a user changes machines > b) A user wishes to use the same package at home or at work, or in > two offices > c) A consultant wishes to use the software at a large variety of > sites. > >As for A and B, as long as the vendor is reasonable, this does not present >a problem. Most vendors would be glad to handle machine upgrade for free, >and dual machine use for a minor fee, if not free. > >Part C is the only problem. Either vendors must be willing to grant >special licences to such users, provide portable hardware serial numbers >(dongles) for such special cases, or come to some other arrangement with >that small group of customers. Actually, part A+B, in my experience, are real problems. There is a package for the PC called CC which requires a hardware key. The problem is that the key which hangs off the serial or parallel port (two versions) doesn't work with certain configurations. In other words it does something special to the serial card which only works for certain serial cards/clones/unix coprocessing boards. Because of this they have sent us over five differnt keys. To this day, the program will occasionally get confused and refuse to go on having mis-read the key. (sigh) As for just reading a serial number out of rom or os/2 two or whatever, have you seen the statistics for pc failures? Or the time-span between dos versions? Pierce Wetter Basically, Hardware keys suck. Parkinson's Fifth Law: If there is a way to delay in important decision, the good bureaucracy, public or private, will find it. -------------------------------------------- wetter@tybalt.caltech.edu --------------------------------------------
ok@quintus.UUCP (Richard A. O'Keefe) (01/21/88)
In article <1319@looking.UUCP>, brad@looking.UUCP (Brad Templeton) writes: > We haven't seen hardware serial numbers up to now, and we won't see them, > because it's against the interest of the hardware vendors to do anything > to prevent software piracy. It's good for a hardware vendor to sell a machine > that it's easy to get "free" software for. Most models of VAX have hardware serial numbers. The Xerox Lisp Machines "know their own names". On many other machines, an Ethernet address is good enough identification. On a SUN, for example, it is easy to get a number which identifies the machine. It *is* in the interest of the hardware vendor to prevent piracy of *their* software. So you are likely to see hardware serial numbers on machines whose manufacturers have a range of unbundled software. If software developers provided better products for machines with hardware serial numbers (e.g. provide the upgrades 6 months or a year earlier on such machines) maybe more hardware manufacturers would find it in their interests to provide this simple feature.
Lee_Michael_Kary@cup.portal.com (01/21/88)
A few more comments on copy protection schemes, including 'dongles': The fundamental problem (as I see it) with every copy protection scheme I've seen (including non-computer implementations like Macrovision(tm)) is that they end up punishing the honest user while slowing down only the most incopetent pirates. The main problem with any of the ID systems (a serial number in the computer/CPU or the 'dongles') is that a business HAS to have a backup of anything important offsite. If your office burns down and your accounting system can't be run because the only computer it will run on (or the only dongle) is gone, you could well end up out of business. It's not so bad if it's a main-line product (WordPerfect, etc.) that you could buy another copy of, but if you are NOT a mainline business and use an 'unusual' package (be it accounting, CAD, desktop-publishing, ...) what are you supposed to do? Buying two copies of the product (one to use and one to archive) again punishes the honest user - the pirate breaks the copy protection and has a more functional (safer) product as well. As I understand it, most of the 'dongle' based systems query for an ID at various points in the program to keep you from swapping the dongle between systems (5 for the price of one - easy with an RS-232 switchbox). The problem - if the ID read fails 1 time in 1000, how long before you get kicked out (or worse) even though you're legitimate? (Not nearly long enough). Disclaimer: I work for a software company (as a programmer). We don't copy protect (never had it - never will). I know games *may* be an exception, but copy protection doesn't seem to gain anything for anyone, except the companies that sell copy protection schemes.
tainter@ihlpg.ATT.COM (Tainter) (01/21/88)
In article <1319@looking.UUCP>, brad@looking.UUCP (Brad Templeton) writes: > The presence of serial numbers in OS/2 would encourage software makers > to move their best stuff to OS/2, where it couldn't be pirated, but where > this protection caused no inconvenience to the customers. > Brad Templeton, Looking Glass Software Ltd. - Waterloo, Ontario 519/884-7473 Copy protection based on use of a serial number unique to a machine is NO COPY PROTECTION AT ALL and is expensive for the seller since he has to customize each copy he sells! The serial number has to be imbedded in the code somewhere and tested. To break this one runs the program under a debugger until the testing is encountered. Now you have a handle on where the imbedded serial number is. So you write a quick routine to patch this given the new machine you want to run it on. The pirate then distributes the program and the patcher as a set. One the simpliest schemes to deal with. --j.a.tainter
jejones@mcrware.UUCP (James Jones) (01/21/88)
In article <1852@optilink.UUCP>, cramer@optilink.UUCP (Clayton Cramer) writes: > At least that's the theory, and if they worked, they would be a perfectly > acceptable way of copy protecting very expensive software (though not > justifiable for software that sells for, say, $30). Well...if I'm running OS-9 on my CoCo 3, or running Multifinder on a Mac, or using an Amiga, how many dongles do I need? (Can they stack up on the serial port? Even if they can, what if I shell out from a terminal program while online and decide I need to use a dongle-protected program?) If I dial my home computer up from elsewhere, can I get a robot arm to install the dongle for me? :-) (It would have to call me back if I only had one serial port. :-) All this, combined with the extreme ease with which I'm sure I'd lose dongles, doesn't make me like them very much. Cheers, James Jones
harley@hyper.UUCP (Harley Grantham) (01/22/88)
The current discussion of dongels and such brings forth the following question: I thought copy-protection was going out of style. Particularly as companies write more expensive software for businesses. Businesses do not (according to the article I read several months ago in Infoworld) pirate software because it is too easy to get caught. Individuals do not represent a significant part of the market for such expensive programs. Game makers still have the problem, as individuals are their primary market. Has this changed or is copy protection still on the decline?? -- Harley H. Grantham, ihnp4!umn-cs!hyper!harley, Network Systems Corporation
brad@looking.UUCP (Brad Templeton) (01/22/88)
In article <4676@ihlpg.ATT.COM> tainter@ihlpg.ATT.COM (Tainter) writes: >Copy protection based on use of a serial number unique to a machine is >NO COPY PROTECTION AT ALL and is expensive for the seller since he has to >customize each copy he sells! >--j.a.tainter It's actually not so bad. If OS/2 got a serial number, and this became common, it could be quite simple. For example, if the machine had a modem (even a $30 300 baud modem would do) the software could call up the vendor's office, either via 800 number or packet network, and do the serial number initialization and customer registration quickly and cheaply. More advanced authorization would require humans. One company could set up a central clearing house of 800 numbers, so that small companies could buy time on a per use basis with little up-front cost. Well worth 3% to stop casual piracy. Of course it can be broken, just like any scheme can be broken. Mind you, it's a little harder in a protected mode OS like OS/2 where, if you did things right, the user would have to patch the OS to debug a program that was not debugger enabled. (I don't think they've gone this far in OS/2) With a serial number in OS/2, you could still see protection removers, but they would no longer have much to stand on. They would thus not see the wide distribution that today's programs get, because today's programs can claim a legitimate purpose. A serial number in the OS removes almost all the inconvenience caused by modern schemes. If you had a scheme where you could sell software that verify's the OS serial number (for 99% of users) or has an optional dongle (for the 1% that have to move about frequently), you would answer most problems of inconvenience, and still remind people that they really should respect the developers of software. -- Brad Templeton, Looking Glass Software Ltd. - Waterloo, Ontario 519/884-7473
palarson@watdragon.waterloo.edu (Paul Larson) (01/22/88)
In article <4676@ihlpg.ATT.COM>, tainter@ihlpg.ATT.COM (Tainter) writes: > Copy protection based on use of a serial number unique to a machine is > NO COPY PROTECTION AT ALL and is expensive for the seller since he has to > customize each copy he sells! The serial number has to be imbedded in the code > somewhere and tested. To break this one runs the program under a debugger > until the testing is encountered. Now you have a handle on where the > imbedded serial number is. So you write a quick routine to patch this > given the new machine you want to run it on. The pirate then distributes > the program and the patcher as a set. One the simpliest schemes to deal with. > > --j.a.tainter You have a point there, but you should also consider the fact that not all software pirates are professionals. Thus, not all of them would be able to do what you described. The method described sounds much too difficult for munchkins, as well as being a lot of work. Johan Larson
cramer@optilink.UUCP (Clayton Cramer) (01/23/88)
> In article <1852@optilink.UUCP> cramer@optilink.UUCP (Clayton Cramer) writes: > <At least that's the theory [behind dongles], and if they worked, they > <would be a perfectly acceptable way of copy protecting very expensive > <software > > No, they aren't. You really want me to have to swap dongles every time > some piece of my carefully selected donglified software running on my > multi-tasking system wants a different dongle? > > Worse yet, you want me to anticipate when that software is going to > want a dongle? > The software I've seen using dongles only needs it to start up. In a multitasking system, you start up all your dongled software first. I'm not claiming I like the idea of copy protection, but if a company is going to have it, dongles SHOULD (if they worked) be a better approach than a "key disk" or one-time installation. (The same problem about multitasking software appears with "key disks".) As much as I hate copy protection schemes, I appreciate why they exist -- I've worked with far too many people over the years who think nothing of buying a program, then offering everyone they know a copy of it. The rationalization is usually, "I wanted it, and it was overpriced." I usually respond with, "A Mercedes is overpriced also. Are you planning to steal one?" The conversation usually ends right there. Clayton E. Cramer
ok@quintus.UUCP (Richard A. O'Keefe) (01/23/88)
In article <4676@ihlpg.ATT.COM>, tainter@ihlpg.ATT.COM (Tainter) writes: > In article <1319@looking.UUCP>, brad@looking.UUCP (Brad Templeton) writes: > Copy protection based on use of a serial number unique to a machine is > NO COPY PROTECTION AT ALL and is expensive for the seller since he has to > customize each copy he sells! The serial number has to be imbedded in the code > somewhere and tested. To break this one runs the program under a debugger Wrong. We have such a scheme. The serial number doesn't need to be anywhere in the code. We ship *one* copy of the code. The customer tells us the serial numbers of the machines he wants it to run on (any number that he has paid for). New machines can be added to this list at any time. (Think "trapdoor functions".) The customer can make any number of copies of the code, and run any copy on any of the machines he is licensed for. If he tries to run the product on another machine, it just prints a polite message saying how to get a licence and quits. Everybody wins. (Yes, a really determined pirate can still steal the program. We're stopping only dumb crooks, but that's most of them.)
ericb@athertn.Atherton.COM (Eric Black) (01/24/88)
In article <556@cresswell.quintus.UUCP> ok@quintus.UUCP (Richard A. O'Keefe) writes: >It *is* in the interest of the hardware vendor to prevent piracy >of *their* software. So you are likely to see hardware serial numbers >on machines whose manufacturers have a range of unbundled software. By far, I think, most hardware manufacturers would much rather sell hardware than software. In fact, they offer software pretty much only because they would not be able to sell the hardware without it. They may spend significant amounts of money, time, and effort in developing and supporting this software, but, by and large, if the software did not sell hardware for them, they would not do it. Now, given that assumption (which is just that), why would the hardware manufacturer care if you tried to run the same software on another of his machines? Presumably the fact that you are trying to do so means that he has sold another piece of hardware. If the manufacturer creates said software so that it requires the hardware on which it runs, then he really doesn't want to set up the whole problem of copy protection, extra manufacturing and support headaches (individualizing each copy of the software, etc.), and so on. He wants to sell iron. I offer as example the Digi-View video digitizer for the Amiga from NewTek. The software is pretty neat stuff. And they just upgraded anyone who asked to the new version essentially for media cost ($10, including a new manual). No, it's only the software vendors who want their software to run on generic hardware, and who want to charge prices that encourage copying of software versus new purchase of software, who want to copy-protect it. Unfortunately, short of providing decryption built-in to the CPU chip in the instruction fetch path, the fact is that at some point in the program's runtime existence, there MUST be a "cleartext" version of the code. In simpler protection schemes, at some point in the program's execution it makes a GO/NO-GO decision as to whether the execution is authorized. Both can be defeated by a sufficiently-motivated pirate. -- Eric Black "Garbage in, Gospel out" UUCP: {sun!sunncal,hpda}!athertn!ericb Domainist: ericb@Atherton.COM
ericb@athertn.Atherton.COM (Eric Black) (01/24/88)
In article <1869@optilink.UUCP> cramer@optilink.UUCP (Clayton Cramer) writes: >The software I've seen using dongles only needs it to start up. In a >multitasking system, you start up all your dongled software first. I've seen software (useful software, too) that checks peridically for the dongle -- one example is Superbase (a relational database) for the Amiga. Unfortunately, this is one which doesn't give you a second chance to install the dongle; if, during its sojourns, it decides that the dongle is missing or wrong, it dumps you in the street. Makes it kind of hard to juggle dongles in a multi-tasking environment... Even single-tasking, I hope it never gets a read error on the dongle! Games, maybe -- "productivity software", NEVER! -- Eric Black "Garbage in, Gospel out" UUCP: {sun!sunncal,hpda}!athertn!ericb Domainist: ericb@Atherton.COM
todd@uop.edu (Used to be robert) (01/24/88)
In article <1852@optilink.UUCP>, cramer@optilink.UUCP (Clayton Cramer) writes: >I only have experience > with one software product's dongle, and it leaves a sour taste in my > mouth. I guess I would have sour taste in my mouth if someone's dongle had been there too.. ;-) yech! no thanks! (sorry, could not pass that one up)
lim@cit-vax.Caltech.Edu (Kian-Tat Lim) (01/25/88)
In article <1869@optilink.UUCP> cramer@optilink.UUCP (Clayton Cramer) writes: >As much as I hate copy protection schemes, I appreciate why they exist -- >I've worked with far too many people over the years who think nothing of >buying a program, then offering everyone they know a copy of it. The >rationalization is usually, "I wanted it, and it was overpriced." I >usually respond with, "A Mercedes is overpriced also. Are you planning >to steal one?" The conversation usually ends right there. > As one of my roommates pointed out, there is a fundamental difference between physical property such as the Mercedes and intellectual property such as a computer program: you can copy the program, but not the Mercedes. By stealing the Mercedes, you are taking it away from someone else. By copying a program, you aren't depriving the original owner of its use. I agree that copying of software is not only illegal but immoral; yet theft of intellectual property is much harder to define (and enforce laws against) than that of physical property. -- Kian-Tat Lim (ktl@wagvax.caltech.edu, GEnie: K.LIM1)
phssra@emory.uucp (Scott R. Anderson) (01/25/88)
In article <1852@optilink.UUCP> cramer@optilink.UUCP (Clayton Cramer) writes: > >> What are "dongles"? > >A "dongle" is a gadget that attaches to your serial port and when interro- >gated, returns a unique number which the software being protected knows >about. What is the etymology of this strange word? Is it perhaps derived from "dangle", because it dangles off of the serial port? Does anyone know of any software that makes use of a dongle on the Apple Desktop Bus? * Scott Robert Anderson * ** gatech!emoryu1!phssra * * * ** phssra@emoryu1.{bitnet,csnet} * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
ok@quintus.UUCP (Richard A. O'Keefe) (01/25/88)
In article <164@teak.athertn.Atherton.COM>, ericb@athertn.Atherton.COM (Eric Black) writes: > In article <556@cresswell.quintus.UUCP> ok@quintus.UUCP (Richard A. O'Keefe) writes: > >It *is* in the interest of the hardware vendor to prevent piracy > >of *their* software. So you are likely to see hardware serial numbers > >on machines whose manufacturers have a range of unbundled software. > Now, given that assumption (which is just that), why would the hardware > manufacturer care if you tried to run the same software on another of > his machines? He wouldn't. But consider the PC market. IBM would *love* it if software bought to run on one of their machines wouldn't run on a clone! > Unfortunately, short of providing decryption built-in to the CPU chip in > the instruction fetch path, the fact is that at some point in the program's > runtime existence, there MUST be a "cleartext" version of the code. This is just plain wrong. Or rather, it depends on what you mean by "the code". There need never be a cleartext version of the hardware serial number. > protection schemes, at some point in the program's execution it makes a > GO/NO-GO decision as to whether the execution is authorized. Both can be > defeated by a sufficiently-motivated pirate. There need not be a single point. For example, the program could contain several copies of the test, and every n*10 seconds for n some small random integer, execute a random copy of the test, and stop if it fails. The test need not be explicit. For example, a critical data structure could be decrypted using the serial number as encryption key, and the program could encrypt it at run time. (Yes, de- and en- are the right way around.) {The symbol table and error message table are the obvious choice, because one might want to supply language-specific versions anyway.} A sufficiently motivated pirate could break into our offices, or monitor the electrical signals from our keyboards, or do lots of other things. Is that a reason not to stop the pirates we CAN stop?
karthur@codas.att.com (Kurt_R_Arthur) (01/25/88)
In article <577@cresswell.quintus.UUCP> ok@quintus.UUCP (Richard A. O'Keefe) writes: > > He wouldn't. But consider the PC market. IBM would *love* it if > software bought to run on one of their machines wouldn't run on a > clone! When the first PCs came out from IBM, several software packages would check for the letters "IBM" in the BIOS copyright, thus effectively making the soft- ware run only on true-blue PCs....until some of the BIOS cloners came up with "this is not an IBM pc" type messages and placed them in their BIOSes in the same location. The packages would see "IBM" and churn away happily. I thought it was both ingenious and rather humorous. One problem though, with a hardware vendor making software that runs only on their machines (especially IBM and maybe DEC) is that anti-trust actions might rear their ugly heads and force unbundling, or divestiture or worse. I don't purport to know what goes on in the heads of the trust-busters, but it seems to me that a manufacturer might be taking a chance. Kurt Arthur Software Services of Florida, Inc.
ttang@puff.cs.wisc.edu (Theodore Tang @ Univ of Wisconsin-Madison) (01/26/88)
In article <4745@watdragon.waterloo.edu>, palarson@watdragon.waterloo.edu (Paul Larson) writes: > You have a point there, but you should also consider the fact that not all > software pirates are professionals. Thus, not all of them would be able > to do what you described. The method described sounds much too difficult > for munchkins, as well as being a lot of work. > Johan Larson I'm sorry Johan but the average person who does this kind of thing is about 19 years of age. I should know because (1) I know some of the people who do this sort of thing, (2) I did it myself once just so I could make a backup, and (3) I have talked with many more people over the US who do this. Copy protection is easy to break if you have the time and most hobbiests do. And this is especially true when the same scheme is used for various products, once you have removed copy protection from one, the others are very similar and done even faster. And then I haven't heard of any one "professional" that even does this. It's your average kid, ages 13 to 19. Ted Tang @ Univ of Wisconsin ttang@puff.wisc.edu.UUCP C D D D And then, I have never heard of anyone "professional"
cramer@optilink.UUCP (Clayton Cramer) (01/26/88)
> In article <4676@ihlpg.ATT.COM>, tainter@ihlpg.ATT.COM (Tainter) writes: > > Copy protection based on use of a serial number unique to a machine is > > NO COPY PROTECTION AT ALL and is expensive for the seller since he has to > > customize each copy he sells! The serial number has to be imbedded in the code > > somewhere and tested. To break this one runs the program under a debugger > > until the testing is encountered. Now you have a handle on where the > > imbedded serial number is. So you write a quick routine to patch this > > given the new machine you want to run it on. The pirate then distributes > > the program and the patcher as a set. One the simpliest schemes to deal with. > > > > --j.a.tainter > You have a point there, but you should also consider the fact that not all > software pirates are professionals. Thus, not all of them would be able > to do what you described. The method described sounds much too difficult > for munchkins, as well as being a lot of work. > Johan Larson In fact, in my experience, the vast majority of software pirates would be unable to do the above patch. But in short order, someone with the skills needed would write and sell a program to work around the copy protection scheme. Clayton E. Cramer
jallen@netxcom.UUCP (John Allen) (01/27/88)
In article <2186@isis.UUCP> aburt@isis.UUCP (Andrew Burt) writes: >I'm not saying today's prices are *unjustifyably* high, just that they >are *too* high for individuals to pay. This prevents computing from >spreading into the personal market at a faster rate. I followed the discussion up to here, and agree in concept.... >Consider: a clone PC can be had for around $400. If I want to run Dbase III >and Lotus 1-2-3 I'd have to shell out another $700 (by mail order). For the >price of two copies of MSC 5.0 I could buy another PC. This is ludicrous. >This is like saying a car will run you $10k, but the gas will cost $10k, the >oil $7k, $4k for the transmission fluid... But the analogy is 'too good' - sure, the car cost $10K, and I'll pump about $10K of gas through it (if it lasts long enough), spend $5K on insurance, another $3K (or more) on repairs and regular maintenance, $2K in property taxes... John Allen ========================================================================= NetExpress Communications, Inc. uunet!netxcom!jallen 1953 Gallows Road, Suite 300 (703) 749-2238 Vienna, Va., 22180 =========================================================================
karl@ddsw1.UUCP (Karl Denninger) (01/27/88)
In article <1388@puff.cs.wisc.edu> ttang@puff.cs.wisc.edu (Theodore Tang @ Univ of Wisconsin-Madison) writes: >In article <4745@watdragon.waterloo.edu>, palarson@watdragon.waterloo.edu (Paul Larson) writes: >> You have a point there, but you should also consider the fact that not all >> software pirates are professionals. > >I'm sorry Johan but the average person who does this kind of thing is about 19 >years of age. I should know because (1) I know some of the people who do this >sort of thing, (2) I did it myself once just so I could make a backup, and (3) >I have talked with many more people over the US who do this. Copy protection >is easy to break if you have the time and most hobbiests do. And this is >especially true when the same scheme is used for various products, once you >have removed copy protection from one, the others are very similar and done >even faster. > >And then I haven't heard of any one "professional" that even does this. It's >your average kid, ages 13 to 19. I don't know about that. We are out in the field all the time, and run into pirated software (ESPECIALLY things like 123) constantly. Much of the time it really is the 'professionals'; office users, bankers, options traders, etc. In most of these places, if you ask for the 'original disks' to reinstall their software after a hardware repair, you get hand-labeled disks with no copy-protection. Hardly 'original disks' (they can't find the non-existant manual either :-) Of course, for us to refuse service at that point (or to turn in the offender to one or more of the publishers) is effectively biting off your nose to spite your face.... Somehow I doubt that the person who stripped the protection and distributed that wonderful program to 50 or so machines was in the age bracket of 13 - 19. Now, if you're speaking of someone who does this for a living, I would have to say that I haven't seen that..... or have I? How many of these people who *have* ripped off software on a massive scale (one office comes to particular mind) would have been fired/laid off/disciplined if they spent the company's money on 50 copies of Lotus? No way to know where the piracy idea came from, who hatched it, or who's responsible.... -- Karl Denninger | Data: +1 312 566-8912 Macro Computer Solutions, Inc. | Voice: +1 312 566-8910 ...ihnp4!ddsw1!karl | "Quality solutions for work or play"
cramer@optilink.UUCP (Clayton Cramer) (01/28/88)
> But if it's true, let's look at your average pirate. Again, if anyone > has data I'd like to know, but I'd think the typical pirate is someone > who takes the software someone else acquired and wants it for personal > use. [Rationale: if they were going to use it for business they'd > justify it as a business expense and would pay for it; they'd also > want updates and complete manuals.] > > So if these premises are true (and, again, I don't claim they are, though I > suspect so) then we have: > > - Companies buy major software packages > - Individuals pirate major software packages Nope. My experience has been that companies pirate software at least as much as individuals. Companies are more likely to get caught (disgruntled employee quits, calls the manufacturer and rats on the company), but I've seen lots of both. Clayton E. Cramer
todd@uop.edu (Sgt. Preston, the Huskies and King) (01/28/88)
I happen to know of some people over thirty who break copy protections for "legal" copies in backups (i won't argue the rightness or no). The guy I am mentioning spends lots of company time playing cracker, and as far as I am concerned is a pain in the ass. Especially since the company has paid for the software and support, why don't I believe that crackers are average age of 19??
smith@COS.COM (Steve Smith) (01/28/88)
In article <1108@hyper.UUCP> harley@hyper.UUCP (Harley Grantham) writes: >I thought copy-protection was going out of style. Particularly as >companies write more expensive software for businesses. The main reason that I see for eliminating copy protection is that it simply doesn't work and it's a pain in the tail for everybody concerned. >Businesses do >not (according to the article I read several months ago in Infoworld) >pirate software because it is too easy to get caught. I wonder. Is it that businesses worry about getting caught, or is it that it is easier to win a lawsuit against an individual? Simple test. Go to a PC in use in a business setting. Call up Lotus 1-2-3 (this is to make sure it's there). Ask the owner/normal user of the PC for the manual. I have done this at a number of companies, and I have *never* gotten a real Lotus manual. I *assume* Lotus prints one. Reactions? "What manual?" (the most common) "Joe borrowed it" (not according to Joe) "It's in the library" (nope. Anyway, the company has 200 PCs) "I bought this manual myself" (at Walden's) "I never use Lotus" (it's still on the machine) "The VP keeps them all under lock and key" (strange enough to maybe be true) > Individuals do >not represent a significant part of the market for such expensive >programs. Game makers still have the problem, as individuals are their >primary market. Games seem to sell very well for awhile, and then decline. The manufacturers would like to blame this on pirating. It's easier on the ego than to admit that people just got bored with it. >-- >Harley H. Grantham, ihnp4!umn-cs!hyper!harley, Network Systems Corporation > As to anything reported in the trade press, remember that they do *nothing* in the way of investigative journalism. If Infoworld had wanted to know about the possibility of exchanging arms for hostages with Iran, they would have asked Oliver North (:-). -- -- Steve (smith@cos.com) (uunet!cos!smith) "Truth is stranger than fiction because fiction has to make sense."
leonard@bucket.UUCP (Leonard Erickson) (02/02/88)
In article <871@cos.COM> smith@cos.UUCP (Steve Smith) writes: <In article <1108@hyper.UUCP> harley@hyper.UUCP (Harley Grantham) writes: <Simple test. Go to a PC in use in a business setting. Call up Lotus <1-2-3 (this is to make sure it's there). Ask the owner/normal user of <the PC for the manual. I have done this at a number of companies, and I <have *never* gotten a real Lotus manual. I *assume* Lotus prints one. <Reactions? <"The VP keeps them all under lock and key" (strange enough to maybe be true) I'm *half* the micro support staff for a company with a large number of PC's. We've followed the "the manual is locked up" policy. why? Because at the time I started (two years ago) we had *three* DOS manuals to go with the *twenty* original disks for that dos version. Seems the rest had wandered home along with copies of the software (I'm assuming that they stole a copy of the software too). A similar story holds true for wordstar, dBase and Lotus. We're now distributing the $20-30 "manuals" that you can buy at B. Daltons. We are also starting a limited program of making the user responisible for the manual. If it disappears, he has to explain to his manager why he needs to buy a new copy of Lotus... :-) <-- < -- Steve (smith@cos.com) (uunet!cos!smith) <"Truth is stranger than fiction because fiction has to make sense." -- Leonard Erickson ...!tektronix!reed!percival!bucket!leonard CIS: [70465,203] "I used to be a hacker. Now I'm a 'microcomputer specialist'. You know... I'd rather be a hacker."