consulting question.... (DRM)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri May 29 08:48:57 EDT 2009
Jerry Leichter <leichter at lrw.com> writes:
>For the most part, software like this aims to keep reasonably honest
>people honest. Yes, they can probably hire someone to hack around the
>licensing software. (There's generally not much motivation for J
>Random User to break this stuff, since it protects business software
>with a specialized audience.) But is it (a) worth the cost; (b) worth
>the risk - if you get caught, there's clear evidence that you broke
>things deliberately.
I think a far more important consideration for license-management software
isn't "how secure is it" but "how obnoxious is it for legitimate users"? I
know a number of people who have either themselves broken or downloaded tools
to break FlexLM and similar schemes, and in every single case they were
legitimate users who were prevented from using their legally purchased product
by the license-mismanagement tools, or who after spending hours or even days
fighting with the license-mismanagement software found it easier to break the
protection than to try and figure out what contortions were required to keep
the license-checking code happy. I've experienced this myself with a software
tool I use, there are some (as I found out after several hours of searching
support forums) well-known problems with it that the vendor doesn't seem
interested in fixing, and that you can eventually resolve either with some
registry hacks and other low-level changes or by downloading haxor tools
that'll achieve the same result with a few minutes work (just for the record,
I took the multi-hour route). So if your license-management software is
sufficiently obnoxious that it turns legitimate users into DMCA-violators, you
have a problem.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list