consulting question.... (DRM)

Jerry Leichter leichter at lrw.com
Fri May 29 10:43:33 EDT 2009 

On May 29, 2009, at 8:48 AM, Peter Gutmann wrote:

> Jerry Leichter <leichter at lrw.com> writes:
>
>> For the most part, software like this aims to keep reasonably honest
>> people honest.  Yes, they can probably hire someone to hack around  
>> the
>> licensing software.  (There's generally not much motivation for J
>> Random User to break this stuff, since it protects business software
>> with a specialized audience.) But is it (a) worth the cost; (b) worth
>> the risk - if you get caught, there's clear evidence that you broke
>> things deliberately.
>
> I think a far more important consideration for license-management  
> software
> isn't "how secure is it" but "how obnoxious is it for legitimate  
> users"?  I
> know a number of people who have either themselves broken or  
> downloaded tools
> to break FlexLM and similar schemes, and in every single case they  
> were
> legitimate users who were prevented from using their legally  
> purchased product by the license-mismanagement tools, or who after  
> spending hours or even days fighting with the license-mismanagement  
> software found it easier to break the protection than to try and  
> figure out what contortions were required to keep the license- 
> checking code happy....
I agree 100%.

The most important thing to keep in mind when doing license management  
software is that it has *NO* value to the *customer*.  The guys who  
sell this stuff will always claim that it "helps the customer keep  
track of licenses" or some such rot - but it's complete nonsense.  In  
fact, license management code has *negative* customer value.  That  
doesn't mean it doesn't have a legitimate role - the cash registers in  
the supermarket add a negative value to all the sold, but the  
supermarket wouldn't be there without them.  But unless you  
understand, deep down, that this is something that you're imposing on  
your customer and that therefore it needs to be as close to invisible  
and fail-safe as possible; and you act *effectively* on that basis -  
you're just going to encourage circumvention or a search for  
alternatives to your software.

                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list