Protecting Software from Piracy

  • Thread starter Thread starter Lucas
  • Start date Start date
L

Lucas

Hi,
I have an ASP.Net application and I'd like to know about how to protect it
from Software Piracy. Are there some alternatives to do that?

Thanks a lot

LucasC
 
I kind of like InstallShield Express - it's cheap and gets the job done. It
creates a "One click" install that you can put on the web and then control
the password on your own. It creates IIS virtual directories and
everything. However, that doesn't stop one user from distributing the
password, but it's better than nothing. You may be able to do something
more advanced with the scripting that accompanies it.

You could also build a web service on your end and let your deployed
application "call home" periodically. This would be especially great for a
subscription based model. I like this best because if you notice two
different server IP's requesting the same license code (assuming static ip's
here), then you can contact the original purchaser, give them a new code,
and wack the old one, thus killing the pirate. There is a possibility that
they could deploy multiple instances behind a firewall, but for that you
could maybe get the servers mac address... or something that identifies it.
If you are providing a EULA you should put something in about that...

:)

--
Jerry Boone
Analytical Technologies, Inc.
http://www.antech.biz
Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
Access
 
Thanks a lot. What about Hardware Keys?

Jerry Boone said:
I kind of like InstallShield Express - it's cheap and gets the job done. It
creates a "One click" install that you can put on the web and then control
the password on your own. It creates IIS virtual directories and
everything. However, that doesn't stop one user from distributing the
password, but it's better than nothing. You may be able to do something
more advanced with the scripting that accompanies it.

You could also build a web service on your end and let your deployed
application "call home" periodically. This would be especially great for a
subscription based model. I like this best because if you notice two
different server IP's requesting the same license code (assuming static ip's
here), then you can contact the original purchaser, give them a new code,
and wack the old one, thus killing the pirate. There is a possibility that
they could deploy multiple instances behind a firewall, but for that you
could maybe get the servers mac address... or something that identifies it.
If you are providing a EULA you should put something in about that...

:)

--
Jerry Boone
Analytical Technologies, Inc.
http://www.antech.biz
Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
Access
Click to expand...
 
Hi Lucas,


Thank you for using Microsoft Newsgroup Service. As for your problem:
"Protecting Software from Piracy", I quite agree to Jerry Boone's
suggestions. Especially using "webservice" to provide a constantly
checking. It'll make full use of the advangages of the webservice in your
ASP.NET web app.


Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Yes, Jerry's suggestions are very good. The problem I see is due to possible
installation on a Production Server without External access. I think it
won't be easy to get Internet access from a Production Server with a high
level of security.
What do you think?

Thanks a lot Jerry and schang.
 
First, it's nice to answer questions to those that appreciate it.

I doubt you will have any problem getting access on production servers. I
think every admin on earth deploying Microsoft solutions ensures that they
can update servers with Windows Update and AntiVirus. You could put a flag
in a reg key or a settings file, read it, then determine if this server
should bypasses doing the webservice query.

--
Jerry Boone
Analytical Technologies, Inc.
http://www.antech.biz
Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
Access
 
Hi Lucas,


Thanks for your response. As for the security you mentioned on the internet
access to a production server, yes, "security" is always a solid problem
with the internet based web application. So in ASP.NET, we provided a
complete web security architecure for both intranet based or extralnet
based application. Include the IIS server level's authenitcation and the
ASP.NET applciation level's authentication and athorization... As for the
webservice, you can applied some of the security model on it. Also, other
security techs such as SSL, IPSec also can provide the data infomration
between the client and serverside secured.
For more information on building secure web application, you can reference
the tech articles on the MSDN site, here is the weblink for it:
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetwebapplicati
onsecurity.asp?frame=true

If you have any questions, please feel free to let me know.

Merry Christmas!!

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Back
Top