limit number of installs

[ajetrumpet]

does anyone have any experience limiting the number of installs of an access solution to one computer with their install packager?

i have something called "advanced installer" that I got from the internet download and I'm wondering how people detect the number of installations that have been done through a package. is this something i can find out in this program that I downloaded or is it windows knowledge that i just don't have? thanks!

 

[Atomic Shrimp]

I can't see any way of doing it without phoning home or some kind of external validation/activation.

An installer on a CD can't possibly know by itself whether it has been run previously, and a downloaded installer, even if it stores some data, could just be downloaded again, or copied before first install.

A registry key or hidden file could prevent a second install on the same machine (for example to prevent reinstallation after expiry of trial period), but will not prevent additional installs on different machines.

I think it's going to need to talk (directly, or by human proxy) with a database of install attempts held by the supplier (i.e. you)

 

[Galaxiom]

Besides, schemes involving writing a registry entry are easily uncovered by even amateur hackers.

I used to do it myself partly because it was so easy to monitor an install. Some of them were so naive it was really quite amusing. For example storing the date in the registry in a plain string. To my defence I can say that I never divulged a hack to anyone.

These days there are so many good free tools I don't bother to hack any more. Just remember the best reward for a programmer is to have a tool they made recognised as a nice peice of work that everyone uses because it is so good. Just ask Linus Torvalds.

 

[ajetrumpet]

i assume that one of your responses could be linked to how microsoft does this? it has to be possible. and it has to be done too....otherwise, what's to stop people from sharing your application?

the only other way I suppose to stop this is to do onsite installations. but that is not possible in my situation.

 

[Galaxiom]

Microsoft uses a "phone home" key verification.

The essence of the hardware is somehow incorporated into the verification code. A different code is required when the software is applied to different hardware.

Recently Microsoft was ordered to pay something like half a billion dollars to an Australian software engineer because they used his patented system without paying licencing. He actually demonstrated the system to them in the 1990s and they said they weren't interested. They then copied the idea.

 

[Atomic Shrimp]

That's right - MS activation works by (something like) generating a hash value based on various properties of the hardware (such as MAC addresses and internal serial numbers), tied up with the license ID, which is sent to a server at MS, which calculates and returns the appropriate key to trigger the activation process for that license on that hardware.

If you try to repeat the install on different hardware, the server at MS (in theory) refuses to issue a key, because it knows that license has been installed once already

I don't think there's any way to do it in a self-contained method without referring to some external authority, until and unless someone develops a secure installation media designed for the purpose (which may well be circumvented before it even hits the market, if history is any guide).

A few of the commercial applications I work with use dongles - that is, a small piece of physical hardware that plugs into the computer, without which, the application is crippled or flatly refuses to run. This is a bit of an old-fashioned and unpopular method nowadays, for all kinds of reasons, but it's still out there.

 

[Banana]

I'm also under the impression that if you do ultimately use a kind of 'phone home' activation, you have to notify this to the users- phoning home without telling the users could place you in legal hot water, but I could be mistaken.

 

[speakers_86]

Microsoft uses a "phone home" key verification.He actually demonstrated the system to them in the 1990s and they said they weren't interested. They then copied the idea.

Not a whole lot of good it's done them either!

I don't think it does phone home. When you enter the key, it usual accepts it right away, there is no delay from what I have seen. Plus you can also enter the key without an internet connection without an issue.

 

[ajetrumpet]

Not a whole lot of good it's done them either!

I don't think it does phone home. When you enter the key, it usual accepts it right away, there is no delay from what I have seen. Plus you can also enter the key without an internet connection without an issue.

I'm laughing at this. and then of course there are key generators that you can get from the Pirate Bay website.

 

[Galaxiom]

Not a whole lot of good it's done them either!

Considering Windows7 was released by Chinese pirates before the official MS release I would have to agree.

I don't think it does phone home. When you enter the key, it usual accepts it right away, there is no delay from what I have seen. Plus you can also enter the key without an internet connection without an issue.

With the XP Operating System it certainly connects to MS servers. If you don't have an internet connection you can phone the server and enter a long code which is then translated to a verification key and read back.

Without this the OS won't run after 30 days. I know because we had a rollout and one of the last machines was installed after more than thirty days without being registered. Unfortunately it had to be installed at a different site and the gateway was still set for our head office.

Oh my that phonecall is a painful way to register.

With MS Office the registration happens the first time it is run.

 

[speakers_86]

Pirate Bay was taken over by the government in April. It may not be wise to use that site anymore. I just found out that mininova.org is also gone. That is the one I have used for about four years now.

 

[ajetrumpet]

Pirate Bay was taken over by the government in April. It may not be wise to use that site anymore. I just found out that mininova.org is also gone. That is the one I have used for about four years now.

I just checked out the mininova site. I didn't know that was out there. How sad that the government is stopping that stuff. Probably a lot of tracking going on nowadays huh?

 

[Galaxiom]

I just checked out the mininova site. I didn't know that was out there. How sad that the government is stopping that stuff. Probably a lot of tracking going on nowadays huh?

Hmm? Sad that a software hack site has been shut down but you started this thread looking to stop your own work being pirated?

 

[speakers_86]

HeeeeHeeeeHeeee. That's ironic.

 

[speakers_86]

Stopping it? Oh, there are plenty of other torrent sites. Just finding a decent one that has many torrents and not loaded with adds can be tricky.

 

[speakers_86]

Back on topic, I have an idea for you. Just trying to help get the brainstorm going. What if on the first time the db is opened, it retrieves some value unique to the user's computer (even if it is just the computer's name), and stores that value in a table in the db. On future opens, it can compare that value stored in the table, and if the value is different than the user's machine it can give an error.

 

[ajetrumpet]

that's a good idea jack, but the database will be packaged in an installer. how do I deal with THAT? i can't open the db inside of an installer...

 

[speakers_86]

I have never used an installer for a db, so I am not sure how that complicates this. If you cannot have that happen behind the scenes for some reason, then you could always prompt the user at the first start up. Or you could ask that end user for their identifying info yourself, and code it manually.

 

[Galaxiom]

The only subtle but outwardly accessible property of an installer file would be the file creation date. You could rewrite that at install with some algorithm that reflected a hash of the computer's hardware.

Of course it won't work on read only media. Also the pirate could have kept an original copy or obtain another.

 

[Atomic Shrimp]

With the XP Operating System it certainly connects to MS servers. If you don't have an internet connection you can phone the server and enter a long code which is then translated to a verification key and read back.

Without this the OS won't run after 30 days. I know because we had a rollout and one of the last machines was installed after more than thirty days without being registered.

I think there are some OEM builds of XP that do not require online activation - in fact, I'm pretty sure my old Acer desktop has one. They only work this way when installed on the appropriate hardware though, I think.