Fog Creek Software
Discussion Board

Our software on a crack site

I just received an email from someone who was kind enough to let me know that my software is on a pirate/crack site and also sent me the link as proof.  Sure enough, there it was.

I expected this to eventually happen.  As there really isn't much one can do to 100% prevent their program being cracked and pirated by the elite groups.  But I would like to know from those with experience if I should even bother emailing the site and complaining or just let it go?  My other fear is that if I piss them off, I don't want to instigate some revenge from them where they DOS my site, spam my email to hell, etc.  A small company (and even large one's) don't want to waste time dealing with stuff like that.

As a side note, since my company went live about a month ago with this first product, I feel as if this can also provide some good general publicity.  Its a niche product in a very niche market.  The more people hear about it, the better.

Take the good with the bad.


Monday, September 1, 2003

That fight isn't worth. Put mild security in your software, and if somebody cracks your software, hey, at least they know it.

(On the other hand, it's not too polite to ask for advice and in the same post say "hey, check this out..." it's kinda suspicious. Eventually somebody will ask you about your product ;-)

Leonardo Herrera
Monday, September 1, 2003

There have been some really good (and extensive) discussions on this in the past.

Start here:

If the crack is "out there", it's going to stay out there, and getting the one particular domain knocked out probably isn't even a setback for those who are running the site.  I'd guess that it's mirrored all over the place already.

I hate to sound discouraging, but I think that's the way it is.

Jeff MacDonald
Monday, September 1, 2003

I knew this was discussed before.

Thanks for the feedback.


Monday, September 1, 2003

Your best bet is release new versions ALL THE TIME - but make damn sure the old keygens/cracks won't work.
All it takes is a few more lines of code to invalidate whatever changes a crack would make.

Also, keep in mind, that some of the guys are 'lazy'; that is, they'll say it works from 1.x when in fact it doesn't. Take advantage of this! All 'good' and 'popular' software products use this confusing versioning hell to their advantage; their product might not feature anything new(or even add fixes), but the changes in your registration algorithm would prevent the existing serials/keygens from working.

If you can't beat them at the race, make their life a living hell.

Mickey Petersen
Monday, September 1, 2003

Release cracks yourself. Lots of them. Make them seem to work at first, but fail after a few minutes of use. After people tried a few of those unusable cracks, they'll get fed up with the cracks.

Roel Schroeven
Monday, September 1, 2003

"Your best bet is release new versions ALL THE TIME - but make damn sure the old keygens/cracks won't work.
All it takes is a few more lines of code to invalidate whatever changes a crack would make."

Yeah, a crack is small compared to the full program, so make the program really large and keep releasing new versions... the crackers aren't going to host the whole program, so the new version someone downloads won't work with the old crack.
Monday, September 1, 2003

> the crackers aren't going to host
> the whole program

Unfortunately this is not true. :-(

There are 2 categories of crack sites. For a lack of better terms, I will call them level 1 and level 2.

Level 1 sites are known to a lot of people, and only carry cracks.

Level 2 sites are known to less people, and also carry full programs.

It is actually beneficial for the software authors to find and read level 2 sites.


Because they sometimes contain intelligent reviews and comments which can really help improve the software.

The users of these sites usually have a lot of energy and time to invest in using software. They also can use almost any software for free.

So, if such a user chooses program A instead of program B, he usually makes a very informed choice.

If you ask him why he uses program A instead of program B, you will usually get a very useful response.

I also always ask them politely to remove my software, and in about 20% of cases, they comply. They never DOSed my site or anything.

Monday, September 1, 2003

I remember reading about someone who claimed to release several "versions" of the same software - the key to their strategy was giving all the different binaries the same version #.  The only difference between the binaries was the point at which the software checked for the proper key.

In this scenario, the # of different binaries you release is inversely proportional to the % of people who will be able to use the crack with success....Release ten binaries, only a 10% chance that the crack a user will get will work.

This isn't a silver bullet, but I thought it was pretty creative.

Jeff MacDonald
Monday, September 1, 2003

Or, if you were really clever, you'd create a way for every download to have a different size and (of course) different CRC.  Good luck cracking that (I mean, apart from a full version).

But who would do a thing like that?

Grumpy Old-Timer
Monday, September 1, 2003

See the positive side: Free advertising.

Monday, September 1, 2003

vs. lost revenue - in most cases the latter exceeds the former, unless the anti-cracking tips are applied.

Mickey Petersen
Monday, September 1, 2003

The real question is this:

Are your potential customers the kind of people who look on crack sites in order to pirate the software they use?

Mitch & Murray (from downtown)
Monday, September 1, 2003

I agree with the people that suggest making it difficult for these sites to keep up with your current version. VueScan, for example, has a couple of new releases each *week*! It's definitely worth registering just to keep up.

I know of people who have used a cracked version of a product, and then found it annoying trying to keep finding cracks for newer versions. Many of the cracks didn't work, either. But they liked the product. In the end, they figured it was cheaper to just register than to spend hours trying to get it for 'free'.

Darren Collins
Monday, September 1, 2003

An interesting aside...?

Can a signed managed .NET executable be cracked? 

Guy Incognito
Monday, September 1, 2003

I would say there are probably scum of the earth businesses that would intentionally go to a cracked site to get the freebie.

Most things are based on trust, so I sure hope most co.'s are not breaking the rules.  Most things seem to be free to demo and rely on trust if you are to use it in a business.  I would say most people follow the rules (if they know the rules), probably the overwhelming majority even (in the U.S., at least).

Brian R.
Monday, September 1, 2003

"Can a signed managed .NET executable be cracked" -- yes - a signature protects the user not the developer. It's there to prove "XYZ Corp created this" so you can feel safer running it. Signed (and strong-named) .NET assemblies can still be dissassembled/reassembled using ILDASM/Reflector etc.

Duncan Smart
Tuesday, September 2, 2003

Referring to the point made early about releasing your own cracks, but making them fail, crash the program, etc. I would question how good an idea this is (not totally sure if it was a serious suggestion, but I have heard it suggested seriously before).

The problem is that the average user does not know enough to attribute program instability to the fact that the program is cracked. They will therefore assume your software to be buggy, crash-prone, etc. and this will send out the worst kind of message on something which many people think of as "try before you buy" software licensing.

Myself I would tend to favour the sort of thing that is being seen more and more in high end software, where people simply create a free edition, provided you're not using it commercially. Most pirate issues do not represent lost sales as has been discussed at length before. You may as well at least give it to be people that would steal it but never buy it because they can't. At least that is marketing, it's a better use of your resources than prevention (see Maya PLE, et al.) You're even building a pool of skilled users!

Andrew Cherry
Tuesday, September 2, 2003

Another way would be crippleware altogether; of course, then you're up against distributed pirating.

Mickey Petersen
Tuesday, September 2, 2003

"I would say there are probably scum of the earth businesses that would intentionally go to a cracked site to get the freebie."

This is basically every business in Southeast Asia, then! I think many westerners grossly underestimate the scope of the cracking problem there (I certainly did until we started doing business there)... it's not teenagers cracking copies for their home use, it's businesses who have no choice because western prices are about 10x the cost in their economies where the typical engineer makes maybe US $4K a year. If your product is important to an industry but doesn't have a particular distribution and pricing structure for those countries, it will be pirated at the high level (shrink-wrapped boxes and translated docs even)... but if you make it available and properly priced I think most companies would certainly buy the legit copies instead of downloading or buying from the black market.

But usually legit copies are just way too outrageous for them, so it's done out of their necessity to stay competitive.

Tuesday, September 2, 2003


If they don't have enough money to pay, they are not customers. So what if they use cracked software, they aren't going to pay for the real version anyhow.

Sedwo, you can spend a lot of effort trying to thwart the crackers, or you can spend the effort making your software better for paying customers.

Tuesday, September 2, 2003

But you're better off getting $10 or $20 per copy of your $200 software than nothing at all... there's over a billion people in that area.

Tuesday, September 2, 2003

That doesn't necessarily work, though, because then the people in good ol' law-abiding western countries will want to pay only the $10 or $20 that you pay for a legal copy "over there".

Foolish Jordan
Tuesday, September 2, 2003

"That doesn't necessarily work, though, because then the people in good ol' law-abiding western countries will want to pay only the $10 or $20 that you pay for a legal copy "over there". "

This is hardly an issue for Western business.

1) You need to translate it back into your native language, a non-trivial task.

2) If you're seriously considering breaking the license terms of the software in order to save a few bucks(you'd better damn well believe that those copies are only licensed for use in Asia), then you're already looking at pirating the software anyways.

I can understand how businesses might be a bit annoyed at having to look at super-cheap asian prices, but you have 2 remedies for this:

1) make an asian-language section of the site, so that these businesses are unlikely to understand the pricing scheme, let alone what 4000 yuan means in USD.

2) have a totally separate asian-language site that sells and markets your software to the asian market. This is probably the better solution.

Wow...that was fairly insightful compared to the drivel I was going to write initially. I'll have to see about marketing *my* software(in who knows how many years) in Asia...

Tuesday, September 2, 2003

Well you translate all strings and set it to only work in that Windows locale, so if they bought it overseas for cheap then all the menus, buttons and text would be in Thai or Malay or whatever, and they'd have to reset and reboot (or reinstall) Windows to a different locale every time they wanted to run your software.

So it's not much of a problem, I think, as long as you plan from the start (e.g. unicode) to have localized versions.

Tuesday, September 2, 2003

Oops, that was intended as a reply to Foolish J -- xpander has good points.

Also, there are companies that will do all the translations for you, even as a resource DLL if you want, and others that will take your steaming pile of undocumented legacy source and magically re-engineer it into their language.

Tuesday, September 2, 2003

"businesses who have no choice because western prices are about 10x the cost in their economies where the typical engineer makes maybe US $4K a year"

Ah! Now I see! I was wondering how those overseas companies could afford to get by changing such low rates and putting Western developers out of work. It's not that they are more competitive or more skilled. It's that they are cheats and thieves.

Well, that's certainly not fair competition then is it? If they're not going to play on a level playing field, we will need to lobby for trade embargoes until they decide to respect the law.


On the issue of cracks, I report all sites to the FBI, in a signed letter stating that I am willing to travel as needed to testify against the crack site operators. Have had the privledge of putting a couple of these scuzzbags in prison where they belong.
Don't be a sissy wimp that lets thieves roll all over you while you whine about how you are being laid off because your firm can't make any money even though millions of nonpaying customers get tremendous value from your software. Stand up for your rights! It amazes me hov the folks in this thread all advocate just being a total pussy and letting people steal from you because you are afraid of hurting the poor darlings feelings if you turn them over to the authorities. What a bunch of weenies you are. Hey, if someone breaks in to your house and steals from you and your only response is there is nothing you can do because you don't want to upset the thieves, then you probably deserve to have your stuff stolen by criminals. Yeesh!

Dennis Atkins
Tuesday, September 2, 2003

It's kinda hard to spot a sense of humor in that post, Denis.

Johnny Bravo
Tuesday, September 2, 2003

Dennis, I think you missed the point, companies in those emerging nations don't WANT to cheat, they HAVE to cheat because their economies are stuck in a rut (Macro Econ 101 -- when prices are low, wages are low so prices have to be low so wages are low...)

If more software publishers priced their products appropriate to those economies instead of ignoring it and giving it away to crackers, they could make a ton more money just based on volume. Those billion people live in 3-story tin shanties but they have cell phones and PDAs and are connected to the net.

Tuesday, September 2, 2003

- and that makes you wonder WHY they have that vs. improving their living standard.

Mickey Petersen
Tuesday, September 2, 2003

Let me reinterpret Dennis' point:

Lets say there's a widget market, dominated by 'expensive' American manufacturers.

You want to undercut it in your developing country. You have a number of options on reducing your cost:
* Lower labor costs due to lower costs of living, exchange rate, whatever.
* Design a better widget-making-machine which has lower costs in some way.
* Steal the plans for the 'expensive' manufacturer's widget making machine, thus avoiding the expense of desiging a machine which the first guy is recouping in the product's price.
* Steal the 'expensive' manufacturer's widget making machine, thus procuring the device for almost no cost.

With software, a virtual good, piracy is somewhere between stealing the plans from the 'first world' which has invested in them, and stealing the actual device itself.

The point being that these things were expensive to create, and thus claiming 'I can't afford them, therefore I will pirate them to undercut you' is bogus, and also a bogus reason to sell at cut-rate prices.

This is not the whole story of course (especially for users whose primary software usage is outside the global economy), but an aspect to consider.

Tuesday, September 2, 2003

Thanks mb, much more eloquently put than my puerile screed.

"Design a better widget-making-machine which has lower costs in some way."

Yes - this is the scenario where capitalism/competition/the open market WORKS. Our competitors build a better widget. Example: Japanese cars in the 1970s-1980s were better bade and less expensive! So we had to respond by improving our own products. Everyone wins and competitions keeps us on our toes and prevents us from complacently producing low quality goods.

"Lower labor costs due to lower costs of living, exchange rate, whatever."

This scenario produces cheaper goods and is something we have to deal with. It doesn't encourage the development of higher quality cheaper goods though like the first one does, so the consemur suffers with poorly made cheap products flooding the market. There will still be a niche for quality but that's about it. For example, the US egg industry produces some pretty nasty tasting eggs for $0.99/dozen, which is far below the cost of producing normal eggs. You can go to the health food market and buy good tasting eggs for $3/dozen. Some people do, but not many are willing to pay for higher quality. In this case, the consumers do well since they have the choice of paying more to get higher quality.

The other cases, where manufacturers steal the equipment they need, involve unfair competition. The result is NOT higher quality products available for the consumer.

Dennis Atkins
Tuesday, September 2, 2003

Anti-cracking FAQ:
(How to make cracking your programs a little harder)

Wednesday, September 3, 2003

*  Recent Topics

*  Fog Creek Home