Your reviewer got some emails and questions from several "non-legal" sites. Here are ways for vendors to fight back:
Q: How do I monitor RapidShare to check if my [components/libraries] are pirated?
Step 1:
Google for your [component/library] and enter "http://rapidshare" or some file-uploading site.
In one notable example:
http://www.google.com/search?q=kbmMemTable+%22http%3A%2F%2Frapdishare%22&btnG=Search&meta=
Step 2: Make an alert for so that Google notify you of this.
Step 3: Write an email to http://rapidshare.com/abuse.html with all the required information.
Q: How do I monitor [sites] which require to register?
Step 1: Use a free-email address provider and create a new free email account.
Step 2: Participate in board discussions, and answer replies (you really do not have to upload anything; just reply to 10 or 20 forum posts).
Step 3: Click on the "Hi Thanks" to see offending link (i.e., your software being pirated).
Step 4: Get the link and see previous question.
Q: What should I do with IP addresses?
Step 1: Once you get IP address, you can then google their IP address or go to those IP -to- City (such as MaxMind.com) or IP -to- country location.
Step 2: See your customer base. If that person is from that area/city/state/country, just disable the account.
Step 3: As added bonus, announce to the MSFT or Borland newsgroup this person pirates
software and inform other software vendors.
Q: What kind of software allows you to make setups on demand?
Step 1: You can make that logs-in to Windows and run a batch process from IIS.
Step 2: From the script, run the setup package and insert the necessary variables.
Q: What setup software should I avoid?
You should avoid MSI because MSI can be easily decompressed. Most of files are in one big CAB file.
Step 1: Extract the CAB file from MSI
Step 2: Extract the files from CAB file.
Step 3: If the MSI contains source codes in non-encrypted, you can guess what will happen next.
You should avoid Innosetup because there's Innounp (Innosetup Unpacker) and that can strip a password-protected setup within minutes.
You should avoid Wise because it does not store it's hash tables correctly. The password is hashed into a number.
That is: If you know the hash of ANY one of the files and the original content, you can compute the hash of the password. Since the hash of password is all that is needed to unlock the files, if you have both trial and full-version using same files (same readme, same help files, etc.), you can obtain the rest of the full-version files.
You should avoid InstallAware because on installation, it simply extracts everything to a temp directory. So suppose you have both trial and full-version in the setup, you can imagine lots of people looking at the temporary directories for some reason.
Q: Should I use PKZIP?
See above. Paraphrased:
You should avoid PKZIP because it produces weak-keys.
That is: If you know the contents of ANY one of the files and the original content, you can compute the hash of the password. Since the hash of password is all that is needed to unlock the files, if you have both trial and full-version using same files (same readme, same help files, etc.), you can obtain the rest of the full-version files.
Q: What are your thoughts about those [sites]?
DelphiHater thinks they are "honeypot" sites and the free-for-all is "sugar-cane". Do I need to say more?
:)
No comments:
Post a Comment