Fog Creek Software
Discussion Board

Software Licensing

I'm developing this small application which I plan to sell for several hundreds $'s per license. I'm debating whether its worth to do one of the following:
1. Use a commercial software licensing product (without any dongles, thank you) - Downside: Cost.
2. Design and implement my own software licensing module - Downside: It'll take some 16-yr old script kiddie about 10 minutes to crack it and put it on KaZaa.
3. Use no software licensing, just use some legalese stating that if you're using this for your personal use it's free, otherwise you need a license. Downside: no way to enforce that.
The product is aimed at the corporate market (R&D departments, to be specific).
What are your thoughts on this issue?

Yariv Zur
Tuesday, March 2, 2004

Actually script kiddies have a much easier time cracking the commercial licensing products that are out there, because they're all the same. is a whole book about the technology.

My philosophy is that the goal of licensing is not to prevent cracks, which will happen no matter what you do... it's to prevent legitimate, otherwise honest users from stealing additional licenses because it's more convenient than getting a purchase order approved. So the goal is just to increase the difficulty of hacking your software up to, and no further than, the point at which it's more convenient to pay than to hack. The goal is to 99% compliance from the people who are able to pay, without worrying about the people in third world countries and the kids at home who would never pay no matter what you do, because they just don't have the money.

Joel Spolsky
Fog Creek Software
Tuesday, March 2, 2004

And potentially those guys that would never pay (so no lost revenue) ar at least potential marketing sources. Sometimes it's worth just getting the product 'out there'

Tuesday, March 2, 2004

I don't think you'll find recent cracks for the Armadillo security package. You certainly won't find general "scripts" for defeating all Armadillo-wrapped products.

As well, you can get a free customized build that acts as a first line of defense.

Tuesday, March 2, 2004

The shorthand for what Joel said is "Keep the honest people honest"


Tuesday, March 2, 2004

Have you ever noticed that the people most interested in stealing "intellectual property" are those who make their living creating it?  Having worked with photographers, I think its no exaggeration to say that 95% of them have a pirated copy of PhotoShop.

So, how do you protect your software if your target market is filled with "filthy, thievesey hobbitses"?

Tuesday, March 2, 2004

"Have you noticed"

That's odd, my own theory was it was the opposite - that the noncreative types don't appreciate the work that goes into creating creative material - they think we just mndlessly press some buttons and it comes out, so why should they pay for it? Or that a painting is just throwing some paint on a canvas and their 3 yr old could do better. My experience is that it is teh creative types who buy licenses to creative software. it is not the noncreative types who buy it.

Ed the Millwright
Tuesday, March 2, 2004

(off topic sidebar)

The book Joel recommends has three reviews. One is a cut and paste of the book's slip jacket. The anonymous reviewer has nearly 16,000 reviews to his credit:

All of which are slipjacket rehashes, all of which give 5 stars and 'enthusiastic recommentations' or 'surely a must have', etc. There is no pattern to the reviews. For example, you would think someone recommending a book on software development would have many other software book reviews. Nope.

So what's the scam? Is he doing it to get free books? Is he a publisher's rep? Does he get money out of it somehow? Obviously this is a full time job for him so he must be making money out of it somehow.

Ed the Millwright
Tuesday, March 2, 2004

The Midwest Book Review seems to be a commerical service with multiple people contributing. Check out the profile:

Luke Francl
Tuesday, March 2, 2004

We publish two programs that are "crackable" and we've discovered hits from China and Russia. Shortly thereafter, we revisit the sites and find that there's a license key out there. We grab the key and add it to the software build invalidating future downloaders from using the illegal key.

One thing to note: we'd never sell to those people anyway.

I can let you know the program my developers use to handle licensing if you like.

Bill Dotson
Tuesday, March 2, 2004

Also be especially careful about bugs in licensing, because not being allowed to use software one has purchased is one thing that will REALLY piss off customers...

Dan Maas
Tuesday, March 2, 2004

So what are the options for third party licensing software?
Are there any free ones?
Are there any java-specific ones?
What does Fog Creek use?
What's the simplest method of rolling your own?

Wednesday, March 3, 2004

I agree that people who create IP are the worst offenders. I am a software developer and many of the "young kids" I work with would crack your head if they could burn your brain to a CD. It's part and parcel of the prevailing "I want it all and I want free" mentality.

John S. Dawson
Wednesday, March 3, 2004

Just go read JoS - I don't think a week goes by that someone doesn't ask "Where can I find a free program that does [x]?" It seems to me either you need to do something or you don't. If you do, then a tool will save you time or it won't. If it will, then your time is worth money, so pay for the tool.

I'm sure the only reason people don't ask for cracks is most know better than to ask, and Joel & Co probably nuke the rest.


Wednesday, March 3, 2004

Does anyone care to comment on their experiences rolling their own simple licensing scheme?

Thursday, March 4, 2004


I 'rolled my own' licensing scheme for my company (we sell software related to desktop publishing, and used by several large publishers and ad agencies).  It works on Windows, Mac OS X, and Mac OS 8/9.  It manages an 'encrypted' database ('encrypted' based on some elements of the computer's hardware) of locally registered products on the user's machine, and allows entries in this database via purchase codes or direct purchases (prompting the user for credit card information and so on).  It has provisions for expiration dates on licenses, different modes for licenses (eg: demo, full), reseller identification, promotional discounts, product upgrades, offline registration capabilities (if the user doesn't have an Internet connection to authenticate his/her purchase), and so on.

It's been very useful for us, and it has increased our sales for several products (I think that has mostly to do with the fact that it's easier for people to buy our products with this system).  I spent a bit over a month developing it, and a bit more time working out odd compiler/OS bugs related to certain subsets of the functionality (eg: connecting to our authentication server through a proxy under Mac OS 9, working out initialization problems for Mac OS 9 shared libraries developed with CodeWarrior, etc).

Please feel free to email me if you're interested in more details.

Thursday, March 4, 2004

Although software protection is often different per software, I really wish that some semblance of it exist as a bunch of base classes in your friendly Java or C# library space. Maybe not full implementation, but at least an architecture. Standardization will mean assembly line cracking (easier cracking) I am sure, but there must be a way to help avoid every little company from having to write their own.

Li-fan Chen
Friday, March 5, 2004

The de facto standard in the Electronic Design industry is Macrovision's FlexLM.  Easy to crack, but it keeps the honest people honest.  (And the sales droids at Macrovision admit that this is all it can do.)

Price?  Four figures to start, but cheaper than rolling your own for the same level of security.

David Jones
Friday, March 5, 2004

yea,kids can never afford expensive software-it sucks,every one else just smokes pot*sigh*

Thursday, April 29, 2004

*  Recent Topics

*  Fog Creek Home