Wibu-Systems Blog

Copy protection: dongles or activations?

Posted by John Browne on Jun 2, 2011 6:43:00 AM

Ok, let's assume you're tired of having your software ripped off and need some copy protection. Now what?

You could roll your own copy protection. On the surface it seems simple, but, as they say, the devil is in the details. Chances are, anything you can create yourself (in a reasonable amount of time) will be easy to crack. Maybe not by your college roommate, but by some nefarious hackers who do this all the time.

So you've (wisely) decided to turn to an outside supplier for your copy protection. But should you use dongles or activations?

Good question. Dongles are more secure and allow easy license portability, but they cost more and can conceivably get lost by the customer. One more thing to pay attention to. And what about drivers? Software activations seem easier (invisible, nothing to lose, no hardware to worry about, no drivers). But activations ultimately can't be quite as secure as a good dongle, and can create problems for users when they change out their computer or some components and now the machine binding in the software license no longer works.

We've all experienced this situation: you have a legal version of an application but you have to reinstall it and now it won't activate. You have to call Microsoft or Adobe or whomever and wait on a support phone queue forever and then try to convince someone you're not a license cheater. Their copy protection has worked for them but made your life miserable.

We have a new feature--just released in CodeMeter 4.30--that we call "smart binding." It reduces the run/don't run question to an algorithmic analysis of the state of the computer. For example, some hard drives change their serial number--at least what the OS reports as the HD SN changes randomly. Why? Who knows? But if your binding scheme is tied to the HD SN, you're going to have a customer who's calling constantly for a reactivation. So our smart binding looks at a bunch of stuff--you decide if you want normal, strict, or loose binding enforcement and it does the rest. Over time we expect this will result in fewer false negatives.

Activations are perfect for trial versions. You can set the binding scheme to "None" and it won't be limited to running on a single PC. Of course, if your trial is fully functional, you need to set the expiration time or limit the number of starts.

A hybrid scheme combining dongles and activations may be perfect. If you use CodeMeter, you can decide at the time of licensing whether you want to ship a dongle or an activation (CmAct license). Suppose you have a big, important customer, and it happens to be one you trust completely. But they don't want dongles. You can send them CmAct-protected versions. You have another customer in China (not to bash PRC, but stating that IP gets ripped off there is like saying it occasionally rains in Seattle). Send them CmSticks and get a full night's sleep--they're not going to be cracking your code any time soon.

Finally, here's something only a dongle can do: you can put the app, all the data, the protection, and yes, even an OS, on the dongle. We've got customers who do this. Insert memory USB CmStick (or compact flash or SD card), fire up computer, and away you go. Nothing need be installed on the actual PC.

Topics: dongles, CodeMeter, software copy protection, Anti-piracy, Copy Protection