Software protection suggestions

Question

I am trying to find a good way of protecting a program that needs to manage its users. The program is targeted for a very specific market that has a low chance of being people going out of their way to crack or pirate it, so that is not the issue.

Currently we bind the user by username / MAC address and that is a very bad way of securing the software due to issues with laptop docks or wifi.

I need a way figuring out how to bind the user to a machine so if they try to use the same software on another computer it will not work.

-Does not need to be totally secure, just needs to have less rate of failure

It will be a windows only environment from xp-> windows 7 that could be on anything from laptop to servers and VMs.

Thanks

Answer 1

(Disclosure - I work for Agilis Software, a provider of software protection systems).

First of all, the MAC address is not a good idea for locking, even if it is widely used, as it can be set by an admin, making it easy to run your app anywhere. A combination of parameters is best, but you do need to think about the following (all provided for in Agilis's system, of course):

• What if a parameter changes, due to the user upgrading their system? Do you want the license to stop running, or to have some tolerance for minor system changes so it keeps running?
• How will you obtain the locking parameters? Any human involvement opens you to error and inconvenience for your user (typos, upper case versus lower case, entering '1' for 'l' or 'O' for '0' etc.)
• What if the user wants to move their license to a different machine? Can they do so without inconvenience, but without you being opened up to having many copies running under one license?
• A related topic - what will you do when the user calls and says "Help, my system crashed and I need to get my license up on another machine!". You WILL receive these calls...
• You mentioned virtual machines. The basic approach here is to lock to invariant logical parameters of the virtual machine. For extra security you can also have your app periodically 'phone home'.

Hope this helps.

Answer 2

Usually they bind to multiple ID-s (HDD serial number, MAC address, processor serial, etc.) and check that at least some of the ID-s are matching (so a replaced HDD will not break the sw). But the list of hw/licence ids are quite platform specififc, so without knowing that there is no exact answer.

Edit: (if you bind to a single MAC address, you could still perform quite well, assuming you're using the built-in LAN interface(s), not the active one) (for servers its more difficult, as they usually have multiple LAN if-s, so you would definitely need an id list)