I typically have not worried at all about piracy or copy protection with software however I currently find myself in a unique situation. I develop an application for repairing computers for a specific computer repair company. Recently an employee has decided to quit the company after only working there for one month, and took my toolset with her. She then started a computer repair company out of her home and is using my toolset to fix computers. I am not particularly concerned with this person as our lawyers are already in hot pursuit. My concern is with future instances of this where I may not find out about them.
What I would like are some ideas for ways to protect and or phone home without being too over-bearing. I hate software that is too protected and becomes annoying or worse yet, worthless. This application is never to leave the walls of the computer repair company as they do not do on-site repair and I think I can use this to my advantage.
I do have a couple of ideas about how to go about restricting usage to within the company but I would like to hear how others have dealt with situations like this. Currently I keep going back to checking the network for specific servers or ip ranges but does anyone else have any other ideas?
First i think you have to decide what you are protecting against, as game developers have learned over the years you cannot stop ppl from copying your app/game.
Assuming what you want to protect yourself against the above senario again, i can think of 2 ok solutions.And your app has access to the network “always” or normaly duing normal use.
Phone home:
Have the application phone home to some server software, either on the company network or via internet. Have the application send some information to the server, and have it respond with either OK or die command.
To prevent someone from stealing the server, hardcode the server application ( If its installed at the company) to accept 1 physical server ( IE requires the machines has X mac, Y CPU serial, L mainboard serial).
AppServer sending verification
Since you where thinking about sniffing the network from trafic thats posible, but might be better to have a server part that sends out a verficiation code ( IE some public,private key encrypted message with a timestamp?) at periodic intervals.
Depending on X server sends some network trafic every now and then does not seem logical, and could create issues ( IE that server gets removed, but nobody knows you app depends on it to respond to ping).
Also spending on being able to ping XXX.XXX.XXX.XXX and som MAC address in the network is fairly simple to fake.