Like Tree5Likes
  • 3 Post By cyberfish
  • 1 Post By cyberfish
  • 1 Post By CornedBee

Seeking help identifying software development security tool

This is a discussion on Seeking help identifying software development security tool within the Tech Board forums, part of the Community Boards category; Hi, First, my apologies if you feel this is a mispost or that I’ve invaded the wrong “realm” (please don’t ...

  1. #1
    Registered User
    Join Date
    Nov 2011
    Posts
    4

    Seeking help identifying software development security tool

    Hi,

    First, my apologies if you feel this is a mispost or that I’ve invaded the wrong “realm” (please don’t flame me Also, this is posted to the C++ forum as well). I chose this forum (along with a few others) because I am seeking help from the C/C++ programming community. I am open to suggestions of places that might be better to seek this kind of help.

    I am involved with a stealth–mode startup and have been asked by my engineering staff to help them locate a particular kind of software development security tool for their C/C++ programming efforts. There is a mission to protect our intellectual property above and beyond licensing and activation requirements/restrictions. My engineering team has mentioned features that would include tamper-proofing, obfuscation, watermarking, among others. I’m a noob at this and still learning. However, I interpret this as an effort to protect our executable code.

    I would be very grateful for any help (and time) you can offer. I’ve created a short set of questions (I tend to like to be organized the answers to which would be a great help. However, I’m also very accepting of more “free form” responses, as well. You can reply to this post either publicly or privately (if that capability exists).
    Again, thank you for your time and any insight you can offer. If my research results in any information different from what I receive here, I’ll be happy to come back and post those results. Or, you can contact me directly and I’ll forward on a copy of my results.

    Cheers…Steph

    Questions

    1. What are the top 3 products/companies you considered for this software development security tool, the top 2 or 3 features you liked about the product (or company), and why?
    1A. Product/Company 1:
    Feature 1:
    Why:
    Feature 2:
    Why:
    Feature 3:
    Why:
    1B. Product/Company 2:
    Feature 1:
    Why:
    Feature 2:
    Why:
    Feature 3:
    Why:
    1C. Product/Company 3:
    Feature 1:
    Why:
    Feature 2:
    Why:
    Feature 3:
    Why:

    2. If you purchased the product, are you willing to share pricing information?
    2A. Product purchased:
    2B. Price: per (1 seat, 5 seats, 10 seats, unlimited, etc.)

    3. If you purchased the product, did it:
    3A. Exceed expectations: ( ) Yes ( ) No Why:
    3B. Meet expectations: ( ) Yes ( ) No
    3C: Fail to meet expectations: ( ) Yes ( ) No Why:

    4. For those products you did not select, what are the top 3 reasons you did not select them (and was there a common reason among a number of the products)?
    4A. Reason 1:
    4B. Reason 2:
    4C. Reason 3:

  2. #2
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,170
    Stop wasting time and money worrying about "protecting" your executable. It doesn't work. You'll just end up frustrating legitimate paying users with nonsense (like have to have a connection at all times, need to plug in a USB drive to run the program, have the program keep nagging you to activate even though you already have, and lock up your computer if you don't in 3 hours, etc), while illegal users still get what they want.

    Write good programs, and people will pay for it.

    Game companies have been trying to do this for the past 30 years or so. I don't think there is one single game that has not been cracked. If they (talented developers in many big companies in a billion dollars industry) can't do it, do you think you can?

  3. #3
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by stephr1 View Post
    My engineering team has mentioned features that would include tamper-proofing, obfuscation,
    Has your engineering team considered just shooting themselves in both feet now to save some time?
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  4. #4
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    Who has cracked Netflix? Who has broken WoW warden? You can't win theoretically, but you can make it pretty damn difficult. Consider, though, whether your product is really so fascinating and important as to make it worth the effort.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  5. #5
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by cyberfish View Post
    Game companies have been trying to do this for the past 30 years or so. I don't think there is one single game that has not been cracked. If they (talented developers in many big companies in a billion dollars industry) can't do it, do you think you can?
    While I don't disagree with you, it's probably not a good idea to rule it out as a possibility.

    Some of our greatest inventions have come out of people's garages and basements...

    Lawn Darts, Pet Rocks, Hula Hoops ... I rest my case!

  6. #6
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,170
    The only games I know that are successful at protecting themselves is by doing significant amount of computation on their servers. Eg. WoW.

    Activation requirement can be patched out, but having to rewrite a whole world simulator is a lot more difficult.
    MK27 likes this.

  7. #7
    Registered User
    Join Date
    Nov 2011
    Posts
    4
    Hi all,

    I appreciate you taking the time to respond. I was hoping for replies that would help lead me to viable solution options (as my original posting sought to do). However, your input provided some interesting insight and perspectives. Thanks.

    Cheers...Steph

  8. #8
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Software protection through technical means is worth it when each license of your product is sold for a 5-digit sum or more. The problem is the cost of deploying a good system.
    When you really want effective protection, you need a hardware dongle. Purely software-based systems are generally too easy to crack, leading to problems for legitimate users without any benefit.
    Hardware dongles mean: shipping a dongle to each customer (there's a license fee for that from the protection company), shipping license updates, offering support when users fail to correctly apply the updates (frighteningly common), offering support when the dongles don't work for another reason (e.g. firewalls), and of course the whole support programming you have to do. There is a pretty big cost associated with hardware dongles, and since quite a bit of it is per-customer, it's only viable when you ship to 100 customers for 50000$ each, not when you ship to 50000 customers for 100$ each.

    That said, we've had reasonably good experience with the Wibu CodeMeter hardware dongle system.
    laserlight likes this.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  9. #9
    Registered User
    Join Date
    Nov 2011
    Posts
    4

    Seeking help identifying software development security tool

    Thanks much for the suggestion. We are trying to avoid hardware dongles because of the logistics you mention. However, it is on our list. Appreciate your input. Cheers...Steph
    Quote Originally Posted by CornedBee View Post
    Software protection through technical means is worth it when each license of your product is sold for a 5-digit sum or more. The problem is the cost of deploying a good system. When you really want effective protection, you need a hardware dongle. Purely software-based systems are generally too easy to crack, leading to problems for legitimate users without any benefit. Hardware dongles mean: shipping a dongle to each customer (there's a license fee for that from the protection company), shipping license updates, offering support when users fail to correctly apply the updates (frighteningly common), offering support when the dongles don't work for another reason (e.g. firewalls), and of course the whole support programming you have to do. There is a pretty big cost associated with hardware dongles, and since quite a bit of it is per-customer, it's only viable when you ship to 100 customers for 50000$ each, not when you ship to 50000 customers for 100$ each. That said, we've had reasonably good experience with the Wibu CodeMeter hardware dongle system.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 1
    Last Post: 11-15-2011, 10:41 PM
  2. Software Development ideas!!
    By gaurav_13191 in forum Tech Board
    Replies: 2
    Last Post: 01-29-2011, 10:19 AM
  3. Seeking Software Audio Amplification.
    By DeepBlackMagic in forum Tech Board
    Replies: 7
    Last Post: 02-11-2005, 12:13 PM

Tags for this Thread


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21