using Windows Product Key to fingerprint an installation?
-
How bad of an idea is it to use the customer's Windows Product Key to fingerprint an installation? I would ask them to run a 'registration utility' that would display their Windows Product Key, and ask them to email it to me. Then provide a version of the application that only works with that key. A quick search did not provide instance of attacks via Windows Product Key. (I guess I should encrypt it prior to displaying and asking to send). Please advise the newbie, thanks
-
How bad of an idea is it to use the customer's Windows Product Key to fingerprint an installation? I would ask them to run a 'registration utility' that would display their Windows Product Key, and ask them to email it to me. Then provide a version of the application that only works with that key. A quick search did not provide instance of attacks via Windows Product Key. (I guess I should encrypt it prior to displaying and asking to send). Please advise the newbie, thanks
First, create a product worth stealing...
-
How bad of an idea is it to use the customer's Windows Product Key to fingerprint an installation? I would ask them to run a 'registration utility' that would display their Windows Product Key, and ask them to email it to me. Then provide a version of the application that only works with that key. A quick search did not provide instance of attacks via Windows Product Key. (I guess I should encrypt it prior to displaying and asking to send). Please advise the newbie, thanks
There are installations out there that all use the same product key, i.e. corporate installations and Ghosted copies. It's definately NOT a fingerprint for Windows.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008
But no longer in 2009... -
There are installations out there that all use the same product key, i.e. corporate installations and Ghosted copies. It's definately NOT a fingerprint for Windows.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008
But no longer in 2009...Dave, thank you for your response. The app has a small (no corporate licenses) and vertical market and I just want to make it hard enough to beat the ubiquitous 'viral cd with magic markered key'. Users who beat Microsoft (if I understand ghosting), will certainly beat me. If you have pointers to another fairly easy way to protect small projects, or other insights, I'd appreciate it. thanks again
-
Dave, thank you for your response. The app has a small (no corporate licenses) and vertical market and I just want to make it hard enough to beat the ubiquitous 'viral cd with magic markered key'. Users who beat Microsoft (if I understand ghosting), will certainly beat me. If you have pointers to another fairly easy way to protect small projects, or other insights, I'd appreciate it. thanks again
The way we did it, was to have an online license generator, which generates a response key. That key is then stored in a file, so we can check for it. It's a checksum based on their license key and a unique id generated from the machine processor, network card, etc. If the app requires the web, you could make it check online every time, but the core point is, our software is disconnected from the license keys ( we can just bulk produce DVDs ), but, each key we give out will only work for a certain number of machines, so your licenses are secure so long as no-one reverse engineers your app and removes the license check altogether.
Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
-
Dave, thank you for your response. The app has a small (no corporate licenses) and vertical market and I just want to make it hard enough to beat the ubiquitous 'viral cd with magic markered key'. Users who beat Microsoft (if I understand ghosting), will certainly beat me. If you have pointers to another fairly easy way to protect small projects, or other insights, I'd appreciate it. thanks again
was8309 wrote:
Users who beat Microsoft (if I understand ghosting),
Ghosting is not a "beat" of Microsoft. it's actually a legitimate, and Microsoft supported, deployment method. Ghost itself is not supported by Microsoft, but the idea of it is.
was8309 wrote:
If you have pointers to another fairly easy way to protect small projects, or other insights, I'd appreciate it.
I could tell you outright, but that would expose where I get my licensing data. I can tell you that I dig around in Windows and find data from various points, from the Registry to the Hard Drive to some rather not-so-well-known portions of Windows internals. You don't pickup a couple of points of data. You use as much as you can come up with. IIRC, I use some 18-20 points of data. Some of the data can be the same from machine to machine, but not all of it can be, even if the machine is ghosted. It all gets compiled into a nice little pacckage, encrypted, then sent to the licensing server. From there on, I really can't tell you what I do, for obvious reasons.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008
But no longer in 2009... -
How bad of an idea is it to use the customer's Windows Product Key to fingerprint an installation? I would ask them to run a 'registration utility' that would display their Windows Product Key, and ask them to email it to me. Then provide a version of the application that only works with that key. A quick search did not provide instance of attacks via Windows Product Key. (I guess I should encrypt it prior to displaying and asking to send). Please advise the newbie, thanks
-
How bad of an idea is it to use the customer's Windows Product Key to fingerprint an installation? I would ask them to run a 'registration utility' that would display their Windows Product Key, and ask them to email it to me. Then provide a version of the application that only works with that key. A quick search did not provide instance of attacks via Windows Product Key. (I guess I should encrypt it prior to displaying and asking to send). Please advise the newbie, thanks
-
was8309 wrote:
I would ask them to run a 'registration utility' that would display their Windows Product Key, and ask them to email it to me.
I don't think I would be too happy sending my Windows Product Key to a stranger.
From the other responses, it seems its common for apps to get all kinds of information from user's machines, but I see you point and so while I plan to try to implement the suggested solutions, I will not come right out and ask them to send any info. thanks
-
How bad of an idea is it to use the customer's Windows Product Key to fingerprint an installation? I would ask them to run a 'registration utility' that would display their Windows Product Key, and ask them to email it to me. Then provide a version of the application that only works with that key. A quick search did not provide instance of attacks via Windows Product Key. (I guess I should encrypt it prior to displaying and asking to send). Please advise the newbie, thanks