Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm (soon to be) graduate working on my first ever public release of a program and my ceo/boss' want to manage/"lockdown" the amount of times a client installs our software, I'm looking for the best practices for this or just best advice on how to do some sort of control on installs. I'm using the Visual Studio Custom Install Shield utility! I'm also working in C#, wpf, mvvm, if that really matters. Thank you in advance!
I'm moving my comment down as an answer; this is a fairly broad subject though...
As I mentioned in my comment, you would likely want to require online registration during the install process. During the install, the user would need to fill out their registration info that gets submitted to your registration servers. You can offer them a choice of different seat license packages starting from a "Free 30-day trial" up to an "Enterprise" edition with 20 seats, and free upgrades for 2 years (or whatever). As an extra bit of assurance that your product remains un-pirated, you may want to require the license authentication each time (or every so many days) upon the start-up of the program.
The benefit of this model is that you control the number of installs on your end. If the user needs more installs, they can contact your support staff, or go to your website, and purchase more seats/installs. Having an online central authentication server also makes it a bit harder (but not impossible) to pirate your software. Of course though, now we start into the realm of security and loss-prevention versus ease of use for your customers. But that is whole other subject for another time.
You may want to look around for a pre-built solution. I am sure there are services/products out there that do just this, that you can incorporate into your product.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm writing a C# Windows Forms application and will have Trial and Full versions. For the Trial version, I would like to provide the end users daily usage credits (i.e. 3 credits to use particular functions in the app per day)
I have seen numerous articles and discussions to prevent system date tampering, but all of them I've seen were for providing Trial periods; against altering the system date to a previous date. Here are some:
https://www.codeproject.com/Articles/1101956/Check-for-Clock-Tampering-to-Extend-Licence-Durati
https://stackoverflow.com/a/16530146/3350921
But in my case, I have opposite business case. If the user tampers system date by fast forwarding to a future day, then might easily gain usage credits just by changing the date. And obviously, I don't want this.
Would you have any recommendations as a rule of thumb how to check date tampering in a C# Winforms app, not only for backwards but also in forwards direction?
Ps. I need to achieve this completely offline. NTP or an external API call would be a good solution, but this app will probably be used mostly in offline clients.
Ps2. I was thinking to check "last modified time" property of a particular system file of Windows OS. For example, if there's such a Windows system file that gets its "last modified time" updated each time Windows is reboot, then I feel like I can recognize the system date fast forward. Any thoughts with this?
Many of the comments say that managing it locally is not fool-proof, by that analogy so is any software that is developed however I have to admit that things are not so easy when you're sandboxed to a local pc that user has complete control over.
The question here is how many layers are you willing to add to make it difficult to break. And what's the software's tolerance to environment modifications, which comes with cost of UX. With many layers of security and least tolerance.
With that you have hardened it pretty well.
Some of the Security layers I can think of :
Encrypting the timer logic in a Registry hive as Binary value.
Look for events in the event viewer for any specific change that you suspect relates to tampering of a system property. (Changes to system date can be caught here)
Implementing a service that auto starts (If you want to monitor something)
Watch out for decompilers and terminate license, invoke auto-delete if necessary
MacAddress of known PC's that have been suspected to breach the software (this can be stored and sent back to the remote server when internet connection is next established)
You can set the tolerance level which is how your app responds to suspected manipulations.
Example: If you suspect that there was an attempt to stop your service or manipulate/delete registry, you can either warn or terminate license or what ever counter measure you want to perform.
Disclaimer : Some of it can be intrusive, that's the trade off you have to sacrifice
P.S:
I'm sure there are more ways of hardening it, what are your thoughts
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
At beginning next year I'll end my education and start professional way with web app development (my target is Web development especially asp.net mvc). At this moment I work and each day I still progress my skills. I think it's difficult question but I want to hear from more experienced persons that it is really sense with achive certificates (if yes what certificates are important and for which I should focus) or rather focus on self build-up carrier.
Taking certifications won't do you any harm, as going through the process of studying for them should improve your knowledge and help develop your skills. The official study guides for some of the MCSD certifications cover a lot of material and show you how to build some cool demo apps, so I'd recommend targeting them if any.
In interviews though, most employers are more interested in how good you are at describing technical concepts and what your previous projects were than what certificates you've got. So just don't expect having a few certificates to be a substitute for being able to demonstrate strong technical skills and experience.
Only certification are not useful. better you get advance knowledge and experience in appropriate technology. As of now you are fresher so first start preparing self study and small smalpoc with each subject.
if you are want to do certification only for getting good job and salary then it will not be useful. because once you mention certification in your resume then expectation of interview panel from you will be little bit high.
So think all way and take proper decision. All the best.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm trying to build software for property management, which includes full accounting support, document storage, client data handling and mail merge functionality.
I want to work with the smallest arsenal of tools that I'll need for the job - the simpler the better! It won't be graphics-intensive and support for multimedia is not required, but I would really like remote access.
95% of usage will be by property managers through their local desktop installations.
5% will be by owners, who want to check their account balance online, and change their personal details in the DB. There can be no installation for this.
Will asp.net suffice for this 5% remote access?
I only have a small amount of experience with winforms, and could learn asp.net if that's what I need for the remote access. My question is: Will this be enough for my objectives, or am I going to kick myself halfway through for not using something else? (WPF, Silverlight etc)
Thank you. I did ask this https://stackoverflow.com/questions/22628436/c-sharp-property-management-database-software-should-i-use-wpf-winforms-or-si earlier but didn't receive satisfactory results, and have changed my question slightly.
EDIT:
By data processing I mean running functions like "charge all 2,000 owners in the system a management fee increase of 5%" or "process all creditor payments into a batch banking file".
First of all, don't go for WinForms and Silverlight,
WPF is much more useful than WinForms
likewise ASP.net or ASP.net MVC based applications are more useful than Silverlight based web applications. And if you are planning to go for a web based solution, choose ASP.net MVC.
Now, concerning your decision to choose between desktop and web based solutions, I would personally suggest to go for a web based solution if there is no specific requirement which holds you going online. Also Google on pros and cons of web and desktop applications and this link.
And if you find out that a desktop application suits you, then develop it in WPF not in WinForms.
:)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've made a program that I need to license before selling it to customers. Since I'm not sure, that it will gain me at least the cost of commercial licensing software, I would not like to buy one.
So I'm looking for advice on how to implement licensing feature with following logic:
All license keys are validated on server side each time application starts (no licensing info is stored at userside except the license number).
There is only one application running with one license key at the same time.
What I do not know is how to protect my program from simple decompiling/disassembling and just removing a call to check license? Or making own server that will make a response true on each license? How does such security normally made?
I've searched for free SDKs or something like that, but could not find anything.
I'll be very thankful for your help!
P.S: I do not aspire to make the system "indestructible", but I would like to receive the protection that is more expensive to crack than paying $5.10 for a copy of the program.
P.P.S: Sorry for my bad english.
What I do not know is how to protect my program from simple
decompiling/disassembling and just removing a call to check license?
Or making own server that will make a response true on each license?
How does such security normally made?
You are confusing licensing and obfuscation. To prevent the above, you will need to obfuscate your exes and dlls using an obfuscator.
Since I'm not sure, that it will gain me at least the cost of
commercial licensing software, I would not like to buy one.
IMHO you are much better off focusing and spending time on your actual software than in developing a licensing scheme from scratch (re-inventing the wheel as they say).
If you do open up to paid solutions, take a look at CryptoLicensing (for licensing and copy-protection) and Crypto Obfuscator (for obfuscation and code-protection).
DISCLAIMER: I work for LogicNP Software, the developer of above mentioned products.
(Sorry can't comment on other people's posts???)
It depends on what your application is doing.
I'm currently faced with the same problem as you. I'm going for a log in system, simply fetch and compare to what's in the database. If not present do not launch app. Not that I need more, the application relies on my database and without it it is useless.
Then they can spend a couple of hours figuring out what my database looks like based on what they see on queries or practically rewriting my entire product. I'm going to spend little on in app security. The only protection I wish to have is not to show my server's data.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I've developed a piece of software n C#.
And I already implemented a way for customers to upgrade the software using a single license key.
The single license keys are (32 chars) calculated based on some hardware stuff which isn't likely to change (a lot).
This all works pretty good.
However now I want to implement a enterprise license.
Basically I want the customer to be able to license the software on different (unlimited) machines with only one key (so I cannot use the hardware checks for this).
What would be an approach for this?
There are some things I can think of:
Hardcode 1 license key in the software which always works
Build custom programs for enterprises on request with their hardcoded license key in it (not really something I would like to do)
Make some function / algo / something that will check if a entered license key is valid (and still be able to use different keys per enterprise also 32 chars long).
The last option will be preferred I think.
However I cannot come up with a way to check if the entered license is a valid enterprise license.
PS
I am not looking for a way to completely stop piracy of my application, just a simple way to implement an enterprise license.
In my experience, you should go for the solution that results in the least amount of friction for your paying customers.
People will either pay for your software or not, and as long as you have some kind of mechanism to validate licenses, it really doesn't matter how strong it is. There is not a single piece of software that I can think of for which you can't find working pirated copies, which to a large extent makes all efforts in this direction wasted.
One of the things that bother me the most is when the pirated copy is better than the paid-for version. As an example, the virtual CD/DVD software Daemon Tools is protected by a mechanism that sounds somewhat similar to yours. It generates a machine and software-version specific key and is generally a hassle to use legally. I own a 5-PC license and if I want to update it, I have to go and revoke the old-version licenses, issue a new one and re-register the updated software. Repeat for every installation. I've often considered just using a cracked version as it provides a much simpler upgrade path, which basically just involves installing the software.
I realize that you have probably considered all this and may be of a different opinion, but your guiding principle should be to make the paid-for experience beat the pirated one.