This is another way to protect your software - just ask politely. (Photo by penner42 on Flickr)

A friend of mine sent me this question by email today:

I have  a software written in visual C++ which is compiled into an .exe file and I wish to distribute (sell) it in a “secure” (anti pirated) way.  How can I “lock it” so it will be able to run on only one computer (the one of the person who purchased the software)?  Is there a software to turn .exe files into protected ones, or good tutorials on what to do from the coding side?

I thought that for the general good and in order to get more views on the topic, I will post my answer to him here:

I can think of mainly four ways to protect your software -

1. Some serial number authentication mechanism – this is the most traditional way and it fails big time. All of the documented techniques to protect yourself in such a way are already broken, and if you’re not in the field of software security you probably won’t find anything better. This might be a good way if you know that your target market is non-technical people who probably won’t bother breaking your authentication mechanism themselves and usually don’t know someone who can do it for them.
2. Serial number authentication and online check – this is what Babylon do. When their application connects to their server it verifies the serial number it has with their database, if they see some misuse they either lock your application or just stop providing you answers. Microsoft use similar technique with XBox Live accounts – whenever you connect to XBox Live they check if the games you run are legal – if not they take actions against you. In recent check they disabled 1 million pirated accounts. But not only they disabled their access to XBox Live, they also disabled the hard drive in their console. This is quite good method as long as your software requires constant communication with your server. If not there are ways to override this protections (like disabling access to the Internet from your application).
3. Good target market – like in mentioned in (1) a lot depends on your target audience. If you create a truly great product and price it in reasonable and achievable price, most people are likely to pay (unless your target solely to the Israeli market…).
4. Online service – if you convert your software into an online service (like the 37Signals products, ZoHo, GitHub and many more), you are fully protected up to the extent that people will use stolen credit cards or hack your system in some way. But this actions are considered as “real crimes” by most people and they will less likely use them or spread the knowledge about them.

This are the four ways I can think of. If you ask me what would I do, I would go with option #4 – all other ways (besides #3) require you to invest unreasonable time and money in protecting your software instead of improving it. While it can be a nice mouse&cat game, it highly unproductive.

That’s what I think, I’m not sure if it really helps my friend, but maybe one of the readers will offer some better insights & tips on the topic.

Arik