Fog Creek Software
Discussion Board




Trial-ware expirations

What's the best way to manage trial-ware expiration dates? I want to create a 30-day trial application, but every method that I can think of has at least one loophole.

Any advice from the experienced?

Thanks

NNB
Saturday, November 23, 2002

You might check out XML Spy.  It comes with a license download manager, although it'll let you go through multiple eval periods as long as you keep feeding it new email addresses.

On first execution, generate a GUID and register it with your Web server via a spiffy Web service.  Then, leave a process running with a cleverly-disguised name like "Exxplorer.exe" or "nothing to see here, move along.exe".  Whenever the client PC connects to the Internet, the process can poll your server to see if it's expired yet.  If it has, it can delete the program's .exe, overwrite the MBR, whatever.

Frankly, I've never been convinced it's worth the bother to create a bulletproof enforcement scheme.  Probably better to decide what constitutes "good enough" and spend more time making your software better.

Sam
Saturday, November 23, 2002

There's no such thing as a bulletproof expiration scheme. Those who really want to break your demo *will* do so. The best you can hope for is to keep the honest people honest.

Don't waste a whole lot of time on gorilla proofing your expiration scheme - do something reasonable for your schedule and then go back to the fun stuff - your real product.

Chris Tavares
Saturday, November 23, 2002

Dear Sam,
                  I'm not even sure if what you are suggesting is legal but it will ensiure that any company that uses it goes bust. Do you seriously think anybody is going to buy a program from somebody that installs spy ware on his computer without his knowledge.

                  How is the program going to get through Zone Alarm, and not be detected by Adaware anyway?

Stephen Jones
Saturday, November 23, 2002

Dear NNB,
                  So much will depend on what your product is, but as a user I can advise you against certain things.

                  If  your app creates documents, don't make the mistake Smart Draw does, and waternark the documents with a "created by trial version of Smart Draw". The end result will be one highly annoyed customer who will not buy your product or use it  unless he feels he's wasted so much time learing it that he'd better go off and buy a pirate version.

                  Keep you installation as non-intrusive as possible; that means no icons on the desktop or folders in the root directory.

                    If the person has created things with your app, then you must still allow him read only access. At least that way you will have a running ad on his machine.

                      In general remember that although you may think your app the best thing since the invention of anti-biotics, you are going to be competing agansit a lot of alternatives. Annoy the guy trialling it and you are in trouble.

                      And make sure the user understands ALL the limitations of the trial version before you let him download it.

Stephen Jones
Saturday, November 23, 2002

"And make sure the user understands ALL the limitations of the trial version before you let him download it. "

Yes, that's very important.  Nothing annoys me more than websites that advertise some program, but don't tell you how much it costs until *after* you download it, and don't tell you the specific ways in which the demo version is crippled.

J. D. Trollinger
Saturday, November 23, 2002


Hm... I don't know about you, but I like trial programs that function under some "honor" system. Textpad, for example. The only thing it does is to put some nag screen for a few seconds.

Leonardo Herrera
Saturday, November 23, 2002

I agree with most everything that's been said.  But I don't want spy-ware, just mild nag-ware with the # usage days left shown on a splash screen.

When I started thinking about this issue, I asked myself, "What would Microsoft do?"  If any company would go to the effort to figure out how to bullet-proof their trial software, I figured it would be them.

So, I thought their methods might be well known and used by others. Also, I didn't want to put too much development into it either - the payback's not there.

NNB
Sunday, November 24, 2002

Given that most trial restrictions operate under the "Security through obscurity" banner, you probably won't find Microsoft leaking out its methods of protection. And regardless, even if you knew them, I think you'd find that the techniques they use are too much work for a small company.

Some day soon I'm sure we'll have consumer x86 chips that will support bulletproof trial-ware, but not yet.

Malcolm
Sunday, November 24, 2002

Hi all, if software is mainly used for business purposes use nag screens(don't forget a link to buy), only let files be saved as read only etc. If it is being used in a business sooner or later someone will ask if all company software is 'still' legal.

david
Sunday, November 24, 2002

"Hm... I don't know about you, but I like trial programs that function under some "honor" system. Textpad, for example. The only thing it does is to put some nag screen for a few seconds."

In practice, it works better to disable and/or cripple a feature, because more people will buy it that way. The difficult thing is to decide what to disable, because you still want people to notice 1) that the feature works great and 2) that they really need this feature and 3) that the program solves their problems.

Frederik Slijkerman
Sunday, November 24, 2002

When I started thinking about this issue, I asked myself, "What would Microsoft do?"

Microsoft "Trial" software works this way.

First you pay the full price for the product.

Secondly you try it to see if it works

Thirdly the trial tells you it doesn't work so

Fourthly Microsoft brings out an "upgrade" and charges again you two-thirds the price you've already paid.

Fifthly you try out the new product and

Sixthly yu find that doesn't work either because there are a load of new bugs so

Seventhly ......

Stephen Jones
Sunday, November 24, 2002

Or, just get an Evaluation product from Microsoft. Includes pretty much all of the Windows OpSys stuff and tools:

http://msstore.datacom.com.au/stor_prod_scrn.asp?shop_id=AU&dept_id=90

There is probably a similar program for the US market.

Microsoft make it very easy to evaluate their products.

Evan
Sunday, November 24, 2002

I thought Microsoft had recently changed the way their trial software works? I understand that now you pay them a large sum of money up front in exchange for the right to evaluate any trial versions they may or may not bring out in the next two years.

Andrew Simmons
Sunday, November 24, 2002

<quote>
Hm... I don't know about you, but I like trial programs that function under some "honor" system. Textpad, for example. The only thing it does is to put some nag screen for a few seconds.
</quote>

Of course you like it!

But the real question is - have you paid for it yet? ;-)

Seeya

Matthew Wills
Sunday, November 24, 2002

There is a good article on why you need a expiration here:

http://www.ambrosiasw.com/cgi-bin/ubb/newsdisplay.cgi?action=topics&number=14&forum=*The+Ambrosia+Times+Newsletter&DaysPrune=25&article=000052&startpoint=

Tony E
Monday, November 25, 2002

Whatever you do, do not disable the save function.

Rather have it with a watermark.

Nothing pisses me off more than non-trivial software that makes it impossible to save your work.... One rarely has an eight hour session to'evaluate' a piece of software.

You want to be able to try doing the same thing in a number of applications, returning to tweak here and there, and also to compare the results....

I remember not buying Case Studio because it was crippleware. The trial version does not expire, but it does not allow you to save. You cannot even save a DB schema and send it to the suits to argue for the licence fees.  There is only so much you can do with a screenshot.

tapiwa
Monday, November 25, 2002

Stephen -

Guess I forgot to clearly mark that as sarcasm.  Thought it was obvious enough when I got to the part about deleting the MBR...

Sam
Monday, November 25, 2002

Anti-piracy has a few perfect uncrackable methods almost as effective as perfect encryption (which usually involves some well-thoughtout hardened usage of one-time keys) but damn it they are just as hard to implement (it's hard to implement a system that properly uses one-time keys too!) and ridiculously hard to get a shareware to make use of it.

[One of uncrackable service idea is to:

A) write your shareware to constantly use a web service.

B) Have the web service kick you off if you are using a duplicated license key rendering your shareware useless.

C) Ensure cryptographically/mathematically that users can't make up valid unique keys without authorization.]

* First most of us don't know how to create unique keys properly.. that's best solved by checking out a book call Building Secure Software where there's an C example of how to do this: http://www.buildingsecuresoftware.com/ *

* Second of all, it's terrible to force a user to be online 24/7 just to get their shareware working. This limits the software that can use this system to those that 1) depend on fresh media or info that aren't cachable in nature (the minute these info are stale.. you invite crackers to setup caching servers to get around your key protection.. so if you have a dictionary shareware.. people will simply buy one key, copy the dictionary data.. and share that data against your wishes.. this works even with live data that more one one people will share unformatted.. like stock data) 2) can be afforded by users who are online 24/7 on DSLs and @HOME networks 3) doesn't hurt the user because the network is unreachable.. this depends on the user usage pattern and the pattern of the problem/solution the software is trying to solve.

* Third.. it's slightly more time consuming to write webservices.. but the real kicker is writing SECURE web services. You have key secrets you must keep secret or your entire licensing scheme breaks down. So you can't store the secret at home or at a co-hosting server. Yet you can't validate these people without such keys. That's why services like Microsoft passport exist and could one day help you make these validation components less tedius to write and maintain.

David Chen
Friday, November 29, 2002

*  Recent Topics

*  Fog Creek Home