consulting question.... (DRM)

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>For the most part, software like this aims to keep reasonably honest  
>people honest.  Yes, they can probably hire someone to hack around the  
>licensing software.  (There's generally not much motivation for J  
>Random User to break this stuff, since it protects business software  
>with a specialized audience.) But is it (a) worth the cost; (b) worth  
>the risk - if you get caught, there's clear evidence that you broke  
>things deliberately.

I think a far more important consideration for license-management software 
isn't "how secure is it" but "how obnoxious is it for legitimate users"?  I 
know a number of people who have either themselves broken or downloaded tools 
to break FlexLM and similar schemes, and in every single case they were 
legitimate users who were prevented from using their legally purchased product 
by the license-mismanagement tools, or who after spending hours or even days 
fighting with the license-mismanagement software found it easier to break the 
protection than to try and figure out what contortions were required to keep 
the license-checking code happy.  I've experienced this myself with a software 
tool I use, there are some (as I found out after several hours of searching 
support forums) well-known problems with it that the vendor doesn't seem 
interested in fixing, and that you can eventually resolve either with some 
registry hacks and other low-level changes or by downloading haxor tools 
that'll achieve the same result with a few minutes work (just for the record, 
I took the multi-hour route).  So if your license-management software is 
sufficiently obnoxious that it turns legitimate users into DMCA-violators, you 
have a problem.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com