Your reviewer sees two gold standards in copy-protection, namely, Add-in-Express copy-protection and BrickSoft copy-protection.
It also gives some ideas to "other" Delphi vendors to make their products better and better.
Defense #1, is raising prices. Make those who want full sources pay more than a thousand dollars. That's the correct price to deter those warez teams. If you price it US$200 or US$300 dollars, do not be surprised warez teams using fake credit cards will start making those fake credit cards orders.
Defense #2, is address-verification. Verify those credit card holders so that anyone from Russia, such as Rocky ("Mr. Protas & Friends") can be easily found out. Why did your reviewer know about Mr. Protas? I guess someone had an insecure customer site and you could view all the blackedlist customers :)
Defense #3, is no support for unpaid users. Make them pay and give them a 30-days money back guarantee. Really good idea, since credit-card frauds will not get any support. That means those who get it "illegally" get no support what-so-ever.
Defense #4, make everyone who register on forum use their real name, so JohnDoe do not have a chance to hide.
Defense #5, is use on-line activation. Have a person who is from India and then use the software in Pakistan? No way, the setup will just fail. Since the "key" can be validated online (contrary to what they say), all it takes is just disable the customer and end of problem.
Defense #6, is use subscription model, make those who need it pay, really pay. Since those good-for-nothing customers who use pirated software won't pay, that cuts off a line of "updates" for them.
Defense #7, is use water-marking. Did you know that the source code files are watermarked? Maybe when you share your sources with the world, just remember that someone paid for it, and he's going to get his license canceled.
Defense #8, monitor RapidShare, and those file-sharing sites. Cut off those illegal downloads as quickly as they are uploaded.
Defense #9, call your customers. Even SMS them and ask them to type down the contents of SMS to email. It cuts down on software piracy by 99% since hand-phones can be much easily traced down to a RealName(tm) than some anonymous pirate.
Defense #10, copy-protect the BPLs and give BPL trials with very restricted sources. Make sure the design-time is copy-protected with multiple layers. That allows Delphi to load, and since Delphi is normally excluded from firewall, and make sure you call home every once in while, too.
Defense #11, give machine specific hardware keys to copy-protected BPLs. That means that the casual pirate cannot share his copy of Add-in-Express with someone else, such as his co-worker, or maybe the 20-people Development team in India using 1 copy of Add-in-Express. No, really.
Defense #12, since the BPLs are copy-protected with machine specific hardware keys, code is watermarked, it becomes much easier to trace down who leaked it, and of course, since the BPLs are copy-protected, it will not work. It means game-over for people trying to use the pirated versions.
Defense #13, is use different hardware specific keys for Armadillo. Contrary to what customers think, Armadillo still have some life in it, like stopping all but the most expert crackers. Anyone who spends a month trying to crack 5 or 6 copy-protected files with different Armadillo keys and strip-out the copy-protection will have a nice time, really nice time.
Defense #14, is use all the features in Armadillo, like nano-mites, code splicing. Then let it load into Delphi. Sure, it works 100%, but trying to crack it will be like, ...,
Defense #15, Use a large public key, like a 1024-bit primary key and private key for cryptography, and use proper methods to encrypt the files. (See #16)
Defense #16, Use real cryptography rather than funny XOR. Why did I mention funny XOR? to stop the idiots on the internet who decoded the DevExpress public-key and found the "private key" and started to issue licenses. Maybe "they" should consider setup DevExpress RU or DevExpress CN (China) :)
If DevExpress is reading this, they need to stop using funny XOR and consider two things:
- widen the key from 56-bit,128-bit,256-bit,512-bit,768-bit to 1024-bit key. Even consider 2048-bit key if piracy still persists.
- stop using XOR and simple algorithms. Try using better hashing algorithms such as SHA2 (instead of MD5) for authentication.
- copy-protect their files using Armadillo with machine specific keys.
Defense #17, goes to BrickSoft. For example, every time they connect on-line, it goes to their license server to validate the user, unless they pay for the US$5000 version.
Defense #18, in order to use a RAR password correctly, here is the correct instructions:
When you have RAR files, download the RAR passwords from on-line activation. Do not store them inside your setup. No on-line activation, no RAR password.
Since a RAR file can have multiple passwords, consider building a RAR file with 10 or 20 different passwords.
Defense #19, Remember to use SSL instead of HTTP for on-line activation, no really. Think about it.
Defense #20, Setup too many times, fail the on-line activation. Get the customer to mail about it. Sure, there will be some customers who would complain, but wh0knows?
Defense #21, read this blog, it will give you more money-making advice than you can ever think about.
No comments:
Post a Comment