6 replies to this topic

[jjplaw]

i want to implement a windows service that functions as a simple license security feature for a software X. The service is meant to run independently from software X.

The rough idea:

• The service is like a timebomb for a software Z installed on the machine...
  
• Whenever the user runs software X, the service pops up a window every 30 minutes to remind the user to register software X.
  
• If the user doesnt register the software after 1 month, the service will change the license code in a file and kill the software X process.
  
• On the next start up, software X will read the wrong license code and starts in demo mode.
  
• The service backs up the license code first (probably to a hidden file) before changing it.
  
• When the user do register, a exe or bat file will be given for the user to run.
  
• The file restores the original license file and permanently removes the service.

Additional info:

• Is it possible that if the user tries to kill the service, the service will automatically change license code and kill software X before being killed itself?
  
• If the user changes the license code manually in the file after the service changes it, then the service will automatically change it back and kill software X.

I'm quite the newbie in programming... so i wanna ask for advice first before jumping into the project... Any advice, tips or issues/concerns i should be aware of based on your experience?

I'll was thinking of coding it in C++ but might do it in C#(never used it before) after all. Seems like there are more resources for C# on windows service?

[WingedPanther]

1) Don't do this if you want your software to be successful. When Spore was released with SecuROM (a similar concept only nastier) it resulted in a massive backlash.
2) Legally, you may be required to disclose the installation of the second program in your installer. For the few people who do read EULAs, this could be a deal breaker.
3) Many sites may refuse to distribute your software as having "malware" included.
4) How does this service help? There are lots of ways around it, which is likely to result in it not working right. Do this directly in your code, or don't bother.

[scottk]

I agree with WingedPanther entirely. Plus to enforce license code validation using a service is more work than its worth. Simply host a key server on the internet and have your application talk to the server periodically to validate the license. Encrypt the communications and embed today's date in the comm so it has to talk to your server -- they cant sniff the traffic and always force a reply with the string they sniffed because the date will go stale after a day or two. done/done

[jjplaw]

Hi,

Thanks for your replies

to clarify some important stuff i missed out:

• this project is not at all meant for distribution/sales now or ever... its just some simple internal development/assignment that i'm trying out
  
• software x is just an example.. as for this case i'm trying out on a third party software. Its something independent from any particular software.
  
• the idea is to see whether a windows service has those capabilities and to try them out...

Quote

How does this service help? There are lots of ways around it, which is likely to result in it not working right.

Could you give some examples? :) If a service wont make the cut... Are there other better methods to do it?

Quote

Plus to enforce license code validation using a service is more work than its worth.

Could you elaborate more.... i'm eager to know more....

Quote

Simply host a key server on the internet and have your application talk to the server periodically to validate the license. Encrypt the communications and embed today's date in the comm so it has to talk to your server -- they cant sniff the traffic and always force a reply with the string they sniffed because the date will go stale after a day or two. done/done

Is this generally how the softwares in the current market are doing it?

Any comments/advice is greatly appreciated

[scottk]

A windows service does have those capabilities.

Quote

How does this service help? There are lots of ways around it, which is likely to result in it not working right.

The workaround depend entirely on how the logic is implemented. You could delete the configuration for it, hack the service, stop it, uninstall it, etc. Then your application would have to have provisions for the service not functioning and grant a grace period where it would still allow it to run so you didn't upset your users. If they could consistently get the grace period extended that would be one example.

Quote

Plus to enforce license code validation using a service is more work than its worth.

You're having to write another application to watch an existing application. That is more code to maintain -- so more work than its worth. Build the license checking in to your existing code like every other piece of software on the market.

Quote

Simply host a key server on the internet and have your application talk to the server periodically to validate the license. Encrypt the communications and embed today's date in the comm so it has to talk to your server -- they cant sniff the traffic and always force a reply with the string they sniffed because the date will go stale after a day or two. done/done

Yes. At least ones that are making good decisions anyway. Have an option to call in and give a hash code and you can read one back if they don't have internet access much like Windows & Office does. Also -- When your license expires do the typical "License expired. Program Terminating" but also set a number of fields all around your assembly and have it randomly break. Microsoft has found this is the best practice for deterring theft of software. If you call an Application.Exit() in one line of code for an invalid license key (probably in a method called VerifyLicenseKey()) then they can just NOOP the one line and get around your authentication. But if you randomly break the code it will take ages to figure out....

[jjplaw]

Thanks for your reply.

The case that was given to me was this:

I have full access to a colleagues PC before giving it to him/her

• There is a particular software that the colleague have to use. Say software X.
  
• There is also a particular task that the colleague have to do. For example, the task is to text me on my cell.
  
• Until the colleague completes that task, everytime he/her runs software X, a windows service will keep poping up a window every 30 mins asking him to call me.
  
• If the colleague still doesnt text me after one month, then the service will change the license key of software X and kill software X.
  
• the service will backup the license key first.
  
• after the colleague texts me, i'll give him/her a file that'll restore the orginal license key and permanently remove that service.

The so called "security" feature that i'm trying to implement is something local to the PC. No connection to LAN or internet.

I'm just wondering if windows service is able to do it. Of course it doesnt have to be bullet proof. I'm just experimenting on how extensive can a windows service (or any other better method) implement that feature. This is not a commercial project :o It's just something i want to try out...

[WingedPanther]

I would probably uninstall program X long before calling you. If I did call you, you wouldn't like what I had to say. I agree with scottk's assessment of the problems.