Protecting Software from Piracy

Hi,
I have an ASP.Net application and I'd like to know about how to protect it
from Software Piracy. Are there some alternatives to do that?

Thanks a lot

LucasC

re: Protecting Software from Piracy

I kind of like InstallShield Express - it's cheap and gets the job done. It
creates a "One click" install that you can put on the web and then control
the password on your own. It creates IIS virtual directories and
everything. However, that doesn't stop one user from distributing the
password, but it's better than nothing. You may be able to do something
more advanced with the scripting that accompanies it.

You could also build a web service on your end and let your deployed
application "call home" periodically. This would be especially great for a
subscription based model. I like this best because if you notice two
different server IP's requesting the same license code (assuming static ip's
here), then you can contact the original purchaser, give them a new code,
and wack the old one, thus killing the pirate. There is a possibility that
they could deploy multiple instances behind a firewall, but for that you
could maybe get the servers mac address... or something that identifies it.
If you are providing a EULA you should put something in about that...

:)

--
Jerry Boone
Analytical Technologies, Inc.
http://www.antech.biz
Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
Access



"Lucas" <msdn@rmya.com.ar> wrote in message
news:uDZOuGJyDHA.3220@tk2msftngp13.phx.gbl...[color=blue]
> Hi,
> I have an ASP.Net application and I'd like to know about how to protect it
> from Software Piracy. Are there some alternatives to do that?
>
> Thanks a lot
>
> LucasC
>
>[/color]

re: Protecting Software from Piracy

Thanks a lot. What about Hardware Keys?

"Jerry Boone" <jerry@antech.biz.killspam> escribió en el mensaje
news:qqEFb.89$Na4.55865452@newssvr11.news.prodigy. com...[color=blue]
> I kind of like InstallShield Express - it's cheap and gets the job done.[/color]
It[color=blue]
> creates a "One click" install that you can put on the web and then control
> the password on your own. It creates IIS virtual directories and
> everything. However, that doesn't stop one user from distributing the
> password, but it's better than nothing. You may be able to do something
> more advanced with the scripting that accompanies it.
>
> You could also build a web service on your end and let your deployed
> application "call home" periodically. This would be especially great for[/color]
a[color=blue]
> subscription based model. I like this best because if you notice two
> different server IP's requesting the same license code (assuming static[/color]
ip's[color=blue]
> here), then you can contact the original purchaser, give them a new code,
> and wack the old one, thus killing the pirate. There is a possibility[/color]
that[color=blue]
> they could deploy multiple instances behind a firewall, but for that you
> could maybe get the servers mac address... or something that identifies[/color]
it.[color=blue]
> If you are providing a EULA you should put something in about that...
>
> :)
>
> --
> Jerry Boone
> Analytical Technologies, Inc.
> http://www.antech.biz
> Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
> Access
>
>
>
> "Lucas" <msdn@rmya.com.ar> wrote in message
> news:uDZOuGJyDHA.3220@tk2msftngp13.phx.gbl...[color=green]
> > Hi,
> > I have an ASP.Net application and I'd like to know about how to protect[/color][/color]
it[color=blue][color=green]
> > from Software Piracy. Are there some alternatives to do that?
> >
> > Thanks a lot
> >
> > LucasC
> >
> >[/color]
>
>[/color]

re: Protecting Software from Piracy

Sure - I think Sentinel is the best...

http://www.rainbow.com/

--
Jerry Boone
Analytical Technologies, Inc.
http://www.antech.biz
Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
Access


"Lucas" <msdn@rmya.com.ar> wrote in message
news:%23mfzyQKyDHA.3116@TK2MSFTNGP11.phx.gbl...[color=blue]
> Thanks a lot. What about Hardware Keys?
>
> "Jerry Boone" <jerry@antech.biz.killspam> escribió en el mensaje
> news:qqEFb.89$Na4.55865452@newssvr11.news.prodigy. com...[color=green]
> > I kind of like InstallShield Express - it's cheap and gets the job done.[/color]
> It[color=green]
> > creates a "One click" install that you can put on the web and then[/color][/color]
control[color=blue][color=green]
> > the password on your own. It creates IIS virtual directories and
> > everything. However, that doesn't stop one user from distributing the
> > password, but it's better than nothing. You may be able to do something
> > more advanced with the scripting that accompanies it.
> >
> > You could also build a web service on your end and let your deployed
> > application "call home" periodically. This would be especially great[/color][/color]
for[color=blue]
> a[color=green]
> > subscription based model. I like this best because if you notice two
> > different server IP's requesting the same license code (assuming static[/color]
> ip's[color=green]
> > here), then you can contact the original purchaser, give them a new[/color][/color]
code,[color=blue][color=green]
> > and wack the old one, thus killing the pirate. There is a possibility[/color]
> that[color=green]
> > they could deploy multiple instances behind a firewall, but for that you
> > could maybe get the servers mac address... or something that identifies[/color]
> it.[color=green]
> > If you are providing a EULA you should put something in about that...
> >
> > :)
> >
> > --
> > Jerry Boone
> > Analytical Technologies, Inc.
> > http://www.antech.biz
> > Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server,[/color][/color]
and[color=blue][color=green]
> > Access
> >
> >
> >
> > "Lucas" <msdn@rmya.com.ar> wrote in message
> > news:uDZOuGJyDHA.3220@tk2msftngp13.phx.gbl...[color=darkred]
> > > Hi,
> > > I have an ASP.Net application and I'd like to know about how to[/color][/color][/color]
protect[color=blue]
> it[color=green][color=darkred]
> > > from Software Piracy. Are there some alternatives to do that?
> > >
> > > Thanks a lot
> > >
> > > LucasC
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

re: Protecting Software from Piracy

Thanks a lot

"Jerry Boone" <jerry@antech.biz.killspam> escribió en el mensaje
news:f2GFb.475$4r2.425@newssvr24.news.prodigy.com. ..[color=blue]
> Sure - I think Sentinel is the best...
>
> http://www.rainbow.com/
>
> --
> Jerry Boone
> Analytical Technologies, Inc.
> http://www.antech.biz
> Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
> Access
>
>
> "Lucas" <msdn@rmya.com.ar> wrote in message
> news:%23mfzyQKyDHA.3116@TK2MSFTNGP11.phx.gbl...[color=green]
> > Thanks a lot. What about Hardware Keys?
> >
> > "Jerry Boone" <jerry@antech.biz.killspam> escribió en el mensaje
> > news:qqEFb.89$Na4.55865452@newssvr11.news.prodigy. com...[color=darkred]
> > > I kind of like InstallShield Express - it's cheap and gets the job[/color][/color][/color]
done.[color=blue][color=green]
> > It[color=darkred]
> > > creates a "One click" install that you can put on the web and then[/color][/color]
> control[color=green][color=darkred]
> > > the password on your own. It creates IIS virtual directories and
> > > everything. However, that doesn't stop one user from distributing the
> > > password, but it's better than nothing. You may be able to do[/color][/color][/color]
something[color=blue][color=green][color=darkred]
> > > more advanced with the scripting that accompanies it.
> > >
> > > You could also build a web service on your end and let your deployed
> > > application "call home" periodically. This would be especially great[/color][/color]
> for[color=green]
> > a[color=darkred]
> > > subscription based model. I like this best because if you notice two
> > > different server IP's requesting the same license code (assuming[/color][/color][/color]
static[color=blue][color=green]
> > ip's[color=darkred]
> > > here), then you can contact the original purchaser, give them a new[/color][/color]
> code,[color=green][color=darkred]
> > > and wack the old one, thus killing the pirate. There is a possibility[/color]
> > that[color=darkred]
> > > they could deploy multiple instances behind a firewall, but for that[/color][/color][/color]
you[color=blue][color=green][color=darkred]
> > > could maybe get the servers mac address... or something that[/color][/color][/color]
identifies[color=blue][color=green]
> > it.[color=darkred]
> > > If you are providing a EULA you should put something in about that...
> > >
> > > :)
> > >
> > > --
> > > Jerry Boone
> > > Analytical Technologies, Inc.
> > > http://www.antech.biz
> > > Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server,[/color][/color]
> and[color=green][color=darkred]
> > > Access
> > >
> > >
> > >
> > > "Lucas" <msdn@rmya.com.ar> wrote in message
> > > news:uDZOuGJyDHA.3220@tk2msftngp13.phx.gbl...
> > > > Hi,
> > > > I have an ASP.Net application and I'd like to know about how to[/color][/color]
> protect[color=green]
> > it[color=darkred]
> > > > from Software Piracy. Are there some alternatives to do that?
> > > >
> > > > Thanks a lot
> > > >
> > > > LucasC
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

re: Protecting Software from Piracy

Hi Lucas,


Thank you for using Microsoft Newsgroup Service. As for your problem:
"Protecting Software from Piracy", I quite agree to Jerry Boone's
suggestions. Especially using "webservice" to provide a constantly
checking. It'll make full use of the advangages of the webservice in your
ASP.NET web app.


Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

re: Protecting Software from Piracy

Yes, Jerry's suggestions are very good. The problem I see is due to possible
installation on a Production Server without External access. I think it
won't be easy to get Internet access from a Production Server with a high
level of security.
What do you think?

Thanks a lot Jerry and schang.


"MSFT" <v-schang@online.microsoft.com> escribió en el mensaje
news:aO6gj7PyDHA.3564@cpmsftngxa07.phx.gbl...[color=blue]
> Hi Lucas,
>
>
> Thank you for using Microsoft Newsgroup Service. As for your problem:
> "Protecting Software from Piracy", I quite agree to Jerry Boone's
> suggestions. Especially using "webservice" to provide a constantly
> checking. It'll make full use of the advangages of the webservice in your
> ASP.NET web app.
>
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>[/color]

re: Protecting Software from Piracy

First, it's nice to answer questions to those that appreciate it.

I doubt you will have any problem getting access on production servers. I
think every admin on earth deploying Microsoft solutions ensures that they
can update servers with Windows Update and AntiVirus. You could put a flag
in a reg key or a settings file, read it, then determine if this server
should bypasses doing the webservice query.

--
Jerry Boone
Analytical Technologies, Inc.
http://www.antech.biz
Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
Access



"Lucas" <msdn@rmya.com.ar> wrote in message
news:uGYZJaVyDHA.1912@TK2MSFTNGP09.phx.gbl...[color=blue]
> Yes, Jerry's suggestions are very good. The problem I see is due to[/color]
possible[color=blue]
> installation on a Production Server without External access. I think it
> won't be easy to get Internet access from a Production Server with a high
> level of security.
> What do you think?
>
> Thanks a lot Jerry and schang.
>
>
> "MSFT" <v-schang@online.microsoft.com> escribió en el mensaje
> news:aO6gj7PyDHA.3564@cpmsftngxa07.phx.gbl...[color=green]
> > Hi Lucas,
> >
> >
> > Thank you for using Microsoft Newsgroup Service. As for your problem:
> > "Protecting Software from Piracy", I quite agree to Jerry Boone's
> > suggestions. Especially using "webservice" to provide a constantly
> > checking. It'll make full use of the advangages of the webservice in[/color][/color]
your[color=blue][color=green]
> > ASP.NET web app.
> >
> >
> > Steven Cheng
> > Microsoft Online Support
> >
> > Get Secure! www.microsoft.com/security
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >[/color]
>
>[/color]

re: Protecting Software from Piracy

Hi Lucas,


Thanks for your response. As for the security you mentioned on the internet
access to a production server, yes, "security" is always a solid problem
with the internet based web application. So in ASP.NET, we provided a
complete web security architecure for both intranet based or extralnet
based application. Include the IIS server level's authenitcation and the
ASP.NET applciation level's authentication and athorization... As for the
webservice, you can applied some of the security model on it. Also, other
security techs such as SSL, IPSec also can provide the data infomration
between the client and serverside secured.
For more information on building secure web application, you can reference
the tech articles on the MSDN site, here is the weblink for it:
http://msdn.microsoft.com/library/en...etwebapplicati
onsecurity.asp?frame=true

If you have any questions, please feel free to let me know.

Merry Christmas!!

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

re: Protecting Software from Piracy

OK. Steven, but we where talking about Protecting Software from Piracy.


"Steven Cheng[MSFT]" <v-schang@online.microsoft.com> escribió en el mensaje
news:EHfiWaeyDHA.2284@cpmsftngxa07.phx.gbl...[color=blue]
> Hi Lucas,
>
>
> Thanks for your response. As for the security you mentioned on the[/color]
internet[color=blue]
> access to a production server, yes, "security" is always a solid problem
> with the internet based web application. So in ASP.NET, we provided a
> complete web security architecure for both intranet based or extralnet
> based application. Include the IIS server level's authenitcation and the
> ASP.NET applciation level's authentication and athorization... As for the
> webservice, you can applied some of the security model on it. Also, other
> security techs such as SSL, IPSec also can provide the data infomration
> between the client and serverside secured.
> For more information on building secure web application, you can reference
> the tech articles on the MSDN site, here is the weblink for it:
>[/color]
http://msdn.microsoft.com/library/en...etwebapplicati[color=blue]
> onsecurity.asp?frame=true
>
> If you have any questions, please feel free to let me know.
>
> Merry Christmas!!
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>[/color]