View previous topic :: View next topic |
Author |
Message |
Javier
Joined: 09 Oct 2009 Posts: 215
|
Posted: Mon Sep 19, 2011 6:08 pm Post subject: Unauthorized installations |
|
|
I sold a couple of licenses to a company. A friend of mine that works in that company told me that some of the employees installed my software in their home computers, just by changing the computer name to match the office computer name.
Any ideas to prevent this? |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Mon Sep 19, 2011 10:35 pm Post subject: |
|
|
It is possible to lock licenses to hardware characteristics (such as MAC address) that may help prevent some isolated copying such as this (see http://www.infralution.com/phpBB2/viewtopic.php?t=1407). However we don't recommend it because we think that locking licenses to the computer name provides a reasonable level of license security (it prevents blatant copying within an organisation) while ensuring that your legitimate customers will always be able to run the software they have purchased (even they change their hardware or you are no longer in business).
One possible enhancement you could make is to include the network domain name in the Computer name (by overriding GetComputerId as described in the FAQ above). Unfortunately this is not currently possible using pure .NET code (hence we don't do it by default). See this blog for details on how to get the domain name using pinvoke. _________________ Infralution Support |
|
Back to top |
|
|
Javier
Joined: 09 Oct 2009 Posts: 215
|
Posted: Tue Sep 20, 2011 1:47 pm Post subject: |
|
|
Yes, the issue of locking licenses to the MAC address has been extensively discussed in this forum. Unfortunately, the computer name lock is sometimes too flexible. Something in between is required.
Quote: | One possible enhancement you could make is to include the network domain name in the Computer name. Unfortunately this is not currently possible using pure .NET code. |
Is the network domain name something more flexible than the MAC lock? What is necessary to implement this approach? Pros and cons? |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Tue Sep 20, 2011 10:44 pm Post subject: |
|
|
Including the network domain name would mean that to get a license to work with another computer the user would have to get both their computer name and network domain name to match.
To implement this you would derive a new class from AuthenticatedLicenseProvider and override the GetComputerID method to add the domain name to the computer name (using the link I posted before to get the domain name).
Even MAC address and other hardware characteristics can be faked. It is worth reading this article on code project - if you haven't already - about the pros and cons of different licensing solutions. We think that locking to the computer name provides a reasonable deterrent to license copying without many of the drawbacks listed in the article of other activations schemes. _________________ Infralution Support |
|
Back to top |
|
|
Javier
Joined: 09 Oct 2009 Posts: 215
|
Posted: Wed Sep 21, 2011 12:16 pm Post subject: |
|
|
Quote: | Including the network domain name would mean that to get a license to work with another computer the user would have to get both their computer name and network domain name to match. |
What happens if the computer is not part of a network, for example a home computer? What would the network domain name be? Or what happens if the program is installed in a laptop and you connect to different networks when you travel? |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Wed Sep 21, 2011 11:16 pm Post subject: |
|
|
From the blog link it looks like the call returns the Workgroup name if the computer is not part of a domain.
The laptop joining different domains would probably be a problem I think - so this may not be a viable suggestion. _________________ Infralution Support |
|
Back to top |
|
|
Javier
Joined: 09 Oct 2009 Posts: 215
|
Posted: Thu Sep 22, 2011 3:06 pm Post subject: |
|
|
Well, the only other thing that could help to avoid this kind of unauthorized licenses is the company name embedded in the license, as discussed at the end of this thread: http://www.infralution.com/phpBB2/viewtopic.php?t=1821
The problem that I see is that you would need to know the company name for every new customer, then create a checksum of it in the license, and then internally check the company name match. Of course the unscrupulous employee will know the company name as well, but at least the company name will show up in every screen and printout, not his name.
At the end of the above thread you concluded that this was not a good idea. Of course collecting the company name in advance is an additional task to do, but in addition to that, do you see any other drawback? |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Thu Sep 22, 2011 10:38 pm Post subject: |
|
|
I don't see any other drawbacks in including the company name if you believe that will give you some extra security. _________________ Infralution Support |
|
Back to top |
|
|
FusionDigital
Joined: 25 Jul 2009 Posts: 2 Location: Auckland, NZ
|
Posted: Wed Nov 02, 2011 7:13 am Post subject: |
|
|
Couldn't you use Environment.UserDomainName to include the NT domain name? It won't work for workgroups, but it has the advantage that it will be very frustrating to get a license to validate without having an NT domain named the same as the company domain (because Environment.UserDomainName returns the computer name if there's no NT domain, and Infralution uses that for the other part of the validation). |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Wed Nov 02, 2011 9:23 am Post subject: |
|
|
The only problem with using the UserDomainName is that if the computer is a laptop that sometimes is connected to a domain and other times not the UserDomainName will return different results and so your license would only work when connected to the domain. _________________ Infralution Support |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Thu Jan 26, 2012 10:47 pm Post subject: |
|
|
Another alternative to locking to the Computer Name is to lock to the Windows Serial Number. See the following blog on obtaining the Windows Serial:
http://july-code.blogspot.com/2008/08/how-to-get-windows-serial-number-and.html
This is a bit harder for users to change to obtain a license. However it does have the disadvantage for your users that if they install a different OS their license will no longer work. I think this is still better then locking to hardware characteristics. _________________ Infralution Support |
|
Back to top |
|
|
Javier
Joined: 09 Oct 2009 Posts: 215
|
Posted: Fri Jan 27, 2012 2:30 pm Post subject: |
|
|
Yes, this looks a little bit more flexible than MAC lock, but still quite rigid. Locking to hardware vs locking to software. With the current pace of the technology, instead of installing a new OS in your old computer it's cheaper to buy a new computer which includes the new OS. If this is true, then this solution is the same as MAC lock. |
|
Back to top |
|
|
|