Wibu-Systems Blog

Software licensing solutions in the cloud

Posted by John Browne on Mar 26, 2012 8:56:00 AM

With the increasing number of end users taking advantage of SaaS solutions, independent software vendors are faced with new licensing challenges and the need to prevent illegal software copying, as well as the running of a single license on numerous virtual machines.

But there are software licensing solutions for the cloud that can meet these challenges. On the cloud, you can actually achieve highly efficient licensing processes and enhanced protection for your software. You can reduce revenue loss due to piracy while also improving your customers’ experience. You don’t have to include tests in your application code to disable the software if a virtual machine or terminal server session is detected.

There are dongle devices on the market that you can connect to a computer within the customer’s network to enable it to function as a license server. This license service considers each VM or TS as a completely different user. It makes no difference if the use is from a VM, a TS session, or a desktop computer—the license server automatically counts the correct number of users for these “floating licenses.”

Another solution is to connect the dongle directly to the host server, which can be configured as a license server to allow use of floating network licenses, as long as you allow network functionality.

The dongle can also be connected to only a single guest system (an operating system running in a virtual machine), or it can be connected to the terminal server. It’s important in this scenario to use a device that counts local licenses in the same way as network licenses, because all sessions have local access to the license if they are running on the same instance of the operating system.

With the right software licensing solutions for the cloud, software will be disabled whenever multiplying of licenses is attempted using VMs, TM session, or reverse USB hubs.

Topics: License Management, software copy protection, Anti-piracy, Copy Protection

Top 5 factors when picking copy protection software

Posted by John Browne on Mar 23, 2012 6:09:00 AM

Anytime you add a 3rd party component into your overall product stack you need to be thoughtful before you decide. Copy protection software is no different: it's something you will rely on to protect your valuable IP and it's also something that will touch the user's experience of your product.Top 5 factors when picking copy protection software

My top 5 factors when choosing copy protection software for your company:

  1. First of all, find out if it really provides actual copy protection. Some solutions pretend they can protect your software, but in reality they are doing very little to prevent piracy. By that I mean that any reasonable hacker can crack the protection without breaking a sweat. One way to check is to look for cracked copies of their customer's products on the Internet.
  2. What platforms does it support? If you are on the Mac OS, and the tools don't support Lion, what are you going to do? Look for a vendor who has a track record of supporting many different platforms, and providing support for new platform releases immediately after they are available.
  3. How easy is the implementation? Do you have to do everything with API calls? Does it support your programming language of choice? Can you develop your application outside the copy protection software and add the protection after development is finished?
  4. What license options are allowed or--perhaps more importantly--excluded? Does the system allow for virtual machine (VM) use in legitimate instances while blocking VM usage to circumvent licensing restrictions? Does it support new licensing models like pay per use, pay per feature, pay per function?
  5. Can the vendor give you a seamless choice between software activation (cheap and simple) and hardware keys (better security)?

Topics: CodeMeter, software copy protection, Anti-piracy, Copy Protection

Is software copy protection worth the trouble?

Posted by John Browne on Mar 22, 2012 6:00:00 AM

In a word--yes.

In a few more words:
  • It doesn't have to be a lot of trouble.
  • It doesn't have to be expensive.
  • The ROI can be enormous.
Let's take these in inverted order. What's the ROI on effective software copy protection? Potentially millions of dollars. For a minute, forget about the kid who gets a cracked copy of an app from a bit torrent site. I'm talking about criminal enterprises who crack software and sell it as authentic. To (mostly) unsuspecting customers. These are people who buy your software but you don't see any revenue from the transaction. We know customers who came to us after 3rd party audits disclosed just how massive these losses were each year. The investment required to prevent this theft is trivial compared to the eventual return by thwarting thieves.

It doesn't have to be expensive: AxProtector is free, and you really don't need to expend developer resources to have good software copy protection because no source code changes are needed. In fact, you can add copy protection after your software release candidate is done in a matter of minutes. Even if you need dongles, they are relatively cheap compared to getting ripped off.

Software copy protection doesn't have to be hard.It doesn't have to be a lot of trouble: Good protection tools let you write your code without being concerned about software copy protection or license models. Those can come later. Now in the interest of full disclosure there are some situations where you might want to wrap a function or method with a specific call to the API to decrypt that function with its own license. It can, for example, allow that function to have a separate license model such as pay per use or pay per feature. But most licensing options are available with the basic software copy protection offered with AxProtector, which takes only a matter of a few minutes to add.

Topics: CodeMeter, software copy protection, AxProtector, Anti-piracy, Copy Protection

Partial encryption with IxProtector

Posted by Kevin Browne on Feb 24, 2012 3:12:00 PM

Did you know you don't have to encrypt your entire executable? Sometimes it makes more sense to just protect one or more functions. Buried in the back of AxProtector, under Advanced Project Types, is a button to just use IxProtector only. Read on for a complete walk-through example on encrypting functions using IxProtector.

Topics: software copy protection, Copy Protection, IxProtector

Does MegaUpload closure mean the end of software piracy?

Posted by John Browne on Feb 1, 2012 11:30:00 AM

With the FBI arresting seven managers of Megaupload and shuttering the website--said to be the 13th most popular website in the world at one point--does this mean the beginning the end for software piracy?

Not likely, methinks. The timing of the raid, coming on the heels of world-wide protests against SOPA legislation in Congress one day before, highlighted how divided people are on the issues of IP protection and ownership vs. web freedom.

The facts remain that unprotected software--whether movies, music, or executables--is easy to pirate and distribute. The security that most companies use (when they use any at all) to prevent illegal copying is usually easy to circumvent or non-existent. The worst cases of all are when a company makes life difficult for its legitimate users without actually strengthening its protection--sort of like having 11 deadbolts on your front door next to a window that is perpetually open.

The degree that it makes sense to protect any asset is in direct proportion to the value of that asset. The gold in Fort Knox is guarded with far greater security than your safe deposit box, which in turn has more safeguards than the mayonnaise jar full of loose change in the bedroom.

Whether Megaupload did something legal or illegal will be settled in the courts. Regardless, shutting down the site won't do anything to stop piracy; if anything it will simply move it to places where it's harder to stop. There are laws against stealing bicycles, yet they get stolen anyway. Only a good chain and padlock will deter the bad guys, and even that won't stop the most determined.

Fact is, if someone wants your bike, they can get it. Ditto your car, your wristwatch, and your software. But you can make it really really hard to steal your bike, your wristwatch, or your software.

Topics: software copy protection, Anti-piracy, software piracy, Copy Protection, SOPA, MegaUpload

If the BSA were right about piracy, we could close all the prisons

Posted by John Browne on Aug 1, 2011 9:19:00 AM

The BSA apparently thinks that piracy, like poor table manners, is simply a societal problem that can be corrected by changing people's behaviors. Note that they've concluded that litigation alone won't work. Note also that throwing people in jail for stealing cars hasn't stopped auto theft.

No, this is not our youngest developer.

Employing the same logic my father used when he said, just before delivering a no-doubt well-deserved spanking, "This will hurt me worse than it hurts you," which I understood at even a tender young age was complete nonsense, the BSA thinks apparently if we just give all these software pirates a stern talking-to the whole thing will somehow just vanish.


While the BSA explores this approach to ending crime (the successful conclusion of which will no doubt see them employed in follow-up campaigns against teen pregnancy, drug use, and drunk driving), I would suggest if you don't want to wait try locking your software like you do your car, house, and safe deposit box.

Of course, merely locking your car won't guarantee Nicholas Cage can't steal it. But it will sure cut down on the number of local clowns who will try. And if you lock your car, inside a locked garage, with a locked gate on your driveway, and add some surveillance cameras you will have the automotive equivalent of CodeMeter.

Topics: CodeMeter, software copy protection, Anti-piracy, software piracy, Copy Protection

CodeMeter advantages

Posted by John Browne on Jun 29, 2011 1:46:00 PM

We just put these up on our website, so I thought I'd list a few of the CodeMeter advantages for software copy protection:

    • Patented driverless design: no device drivers on any OS, including Windows, Mac, and Linux. CodeMeter's patented design looks like a flash drive to the operating system. No drivers mean fewer end user issues.
    • Field-updatable: Unlike other hardware keys, CmSticks do not need to be pre-programmed. You can initially program them as well as update all license and product info--even update the firmware--remotely via file exchange or through XML/SOAP web services.
    • More memory: even the standard CmStick has 256KB of usable memory; up to 8GB on flash memory models.
    • Most form factor choices: From ASIC chip to PCMCIA, and everything in between, CodeMeter offers you a hardware solution that fits your requirements. New in 2011: the CmStick/C (pictured top): the smallest USB-based anti-piracy solution in the world, and the CmStick/T with a battery to power the real time clock
    • All keys are network keys: any CmStick can make licenses available over the network.
    • SmartCard chip: all CmSticks and CmCards are based on a secure SmartCard chip, which is almost impossible to crack through physical attacks like electron microscopy or differential power analysis.
    • More license choices: whether it's time based, maintenance period, pay-per-use or pay-per-function, CodeMeter gives you the license you need for your business model. Choose hardware keys for risky markets; software keys for more trusted customers with no changes to source code.
    • SmartBinding®: False negatives are a major concern for ISVs adopting software activations based on machine binding. CodeMeter's new SmartBind feature removes the worry that your customers will need to constantly re-activate their licenses for no reason.
    • Completely customizable: Want a special color showing off your brand, a special design, laser engraving with your logo and product name? No problem. We're happy to handle special requests, even in low volumes. We can even pre-program your keys if you want before we ship them to you.
    • More platform choices: Windows. MacOS. Linux. Solaris. VxWorks. We support more platforms than anyone else. Period.
    • German engineering with US support: we'll never send your support calls to an off-shore call center. They're handled right here, in the suburbs of Seattle, WA.
    • Same day shipping: we stock all standard products here in our Edmonds, WA, distribution center. Normally we can ship the same day we get an order.
    • Limited lifetime guarantee: we guarantee CmSticks and CmCards against failure for life, barring any physical damage.
    • End user support: If your users call us with a CodeMeter question, we'll answer it for them. The only thing we can do is replace a license: only you are able to create licenses for your protected applications.
    • We put our money where our mouth is: we're the only player in this space who isn't afraid to invite people to crack their product. We've had multiple contests inviting crackers, academicians, and customers to try to break our protection--we even offered a lot of cash if they could. No one has. No one else can make this statement.
    • No performance penalty: Our CodeMeter encryption/decryption system is used for real-time applications like audio and video editing and playback. System overhead is negligible.

Topics: CodeMeter, software copy protection, Anti-piracy, Copy Protection

Copy protection: dongles or activations?

Posted by John Browne on Jun 2, 2011 6:43:00 AM

Ok, let's assume you're tired of having your software ripped off and need some copy protection. Now what?

You could roll your own copy protection. On the surface it seems simple, but, as they say, the devil is in the details. Chances are, anything you can create yourself (in a reasonable amount of time) will be easy to crack. Maybe not by your college roommate, but by some nefarious hackers who do this all the time.

So you've (wisely) decided to turn to an outside supplier for your copy protection. But should you use dongles or activations?

Good question. Dongles are more secure and allow easy license portability, but they cost more and can conceivably get lost by the customer. One more thing to pay attention to. And what about drivers? Software activations seem easier (invisible, nothing to lose, no hardware to worry about, no drivers). But activations ultimately can't be quite as secure as a good dongle, and can create problems for users when they change out their computer or some components and now the machine binding in the software license no longer works.

We've all experienced this situation: you have a legal version of an application but you have to reinstall it and now it won't activate. You have to call Microsoft or Adobe or whomever and wait on a support phone queue forever and then try to convince someone you're not a license cheater. Their copy protection has worked for them but made your life miserable.

We have a new feature--just released in CodeMeter 4.30--that we call "smart binding." It reduces the run/don't run question to an algorithmic analysis of the state of the computer. For example, some hard drives change their serial number--at least what the OS reports as the HD SN changes randomly. Why? Who knows? But if your binding scheme is tied to the HD SN, you're going to have a customer who's calling constantly for a reactivation. So our smart binding looks at a bunch of stuff--you decide if you want normal, strict, or loose binding enforcement and it does the rest. Over time we expect this will result in fewer false negatives.

Activations are perfect for trial versions. You can set the binding scheme to "None" and it won't be limited to running on a single PC. Of course, if your trial is fully functional, you need to set the expiration time or limit the number of starts.

A hybrid scheme combining dongles and activations may be perfect. If you use CodeMeter, you can decide at the time of licensing whether you want to ship a dongle or an activation (CmAct license). Suppose you have a big, important customer, and it happens to be one you trust completely. But they don't want dongles. You can send them CmAct-protected versions. You have another customer in China (not to bash PRC, but stating that IP gets ripped off there is like saying it occasionally rains in Seattle). Send them CmSticks and get a full night's sleep--they're not going to be cracking your code any time soon.

Finally, here's something only a dongle can do: you can put the app, all the data, the protection, and yes, even an OS, on the dongle. We've got customers who do this. Insert memory USB CmStick (or compact flash or SD card), fire up computer, and away you go. Nothing need be installed on the actual PC.

Topics: dongles, CodeMeter, software copy protection, Anti-piracy, Copy Protection

Copy protection dongle myths redux

Posted by John Browne on May 9, 2011 2:08:00 PM

Myth #1: Dongles are a problem for users because of driver issues.

Reality: Wibu-Systems has a patent on a driverless dongle. Doh! No driver, no hassle. How do we do it? We look exactly like a flash drive to windows, which has had native support for these devices since, oh, Windows XP or so. Since bad device drivers are responsible for at least 50% or all Windows BSOD, eliminating the driver basically eliminates the problem for the end user.

So if your dongles have been causing problems, or if you want a driverless dongle, step up to CodeMeter. You'll also get the best protection known on the planet.

Topics: dongles, CodeMeter, software copy protection, Copy Protection

How to pick a software protection system

Posted by John Browne on Apr 7, 2011 6:00:00 AM

Recently I was asked by a developer about picking a license management /software protection system for .NET. Microsoft's popular platform for app development, .NET, is easy to reverse engineer unless you use strong security. Our solution has been proven uncrackable multiple times. A software-only solution is always going to be more affordable than a solution using a dongle, but a solution using a security dongle can be completely protected against all attacks.

It's crazy to me how many developers want to roll their own licensing system. I talked to someone recently who uses a dongle to encrypt a serial number. That is SO easy to crack, it's just nuts. It's like leaving a convertible in the street with the top down and the doors locked. Hello?

We're not the only copy protection tools vendor. If you want to protect your .NET code, you need to get SDKs/eval units, do plenty of research and testing, and determine what works best for you. Some criteria you might want to consider:

  1. Do you want to target any platforms other than .NET? Linux, Mac, ??
  2. Do you want to be able to provide easy activation in low-risk markets and stronger security in higher-risk markets?
  3. What pricing/business models interest you? You should be able to, at a minimum, support pay per use, pay per time (subscription), pay per user, concurrent licensing, and network licensing. Even better is pay use/feature/module.
  4. Do you want a demo or trial unit for marketing purposes?
  5. Do you want to enable use under VMs without having your license scheme subverted?
  6. Do you need any special physical requirements for a hardware device (unusual form factors, additional flash RAM, environmental ruggedness, etc)?
  7. Where can you get support from?
  8. Where do they ship from?
  9. What are minimum order quantities?
  10. Are there annual fees you have to pay, or is it pay as you go?
  11. How robust and complete are their software tools?
  12. How do you create and program licenses with their tools? Are licenses field-updatable? Are dongles field-updatable?
  13. If you are looking at a dongle, does it require a driver? Who supports your end-user for dongle issues, if any? What is the warranty on the hardware? What OS/versions does the vendor support?

The more I talk to developers the more I realize they are frequently unaware of a) issues around license management/copy protection and b) what tools are already available to solve these problems. There's a lot of mis-information out there (more about this in a future post). There's also a lot of downright hostility towards people who don't want to give away all their hard work. (I admire the open source community, but there are plenty of cases where open source just doesn't make sense.)

Ever discovered something that looked simple on the outside and was hideously complex under the hood (like, say, organic chemistry)? Copy protection is like this. If you had any idea how easy most stuff is to crack, or how much work we've invested in making our solution robust, you'd never dream of doing it yourself.

Topics: License Management, dongles, CodeMeter, software copy protection, software piracy, Copy Protection, FAQ, tools