kjc1111
asked on
Product distribution questions
Hi all,
I have a product that was developed in VC++ and consists of an EXE file and several DLLs. I would like to distribute a stripped-down version of the product for free and sell additional features on a feature-by-feature basis (each feature being independent of the others). For example, if there are 10 features user A might purchase features 1, 2 and 6, user B might purchase features 3, 4 and 6, and user C might purchase all 10 features in a bundle. Can anyone recommend a product that can do this?
I'd also like to protect the code from reverse engineering after it is published. Can anyone recommend a product to do this? Ideally, this would be the same product as the one for my first question, but this is not strictly necessary.
Thanks,
Kevin
I have a product that was developed in VC++ and consists of an EXE file and several DLLs. I would like to distribute a stripped-down version of the product for free and sell additional features on a feature-by-feature basis (each feature being independent of the others). For example, if there are 10 features user A might purchase features 1, 2 and 6, user B might purchase features 3, 4 and 6, and user C might purchase all 10 features in a bundle. Can anyone recommend a product that can do this?
I'd also like to protect the code from reverse engineering after it is published. Can anyone recommend a product to do this? Ideally, this would be the same product as the one for my first question, but this is not strictly necessary.
Thanks,
Kevin
I am using the Unikey dongle ( http://www.esecutech.com/ ). It's an hardware dongle that can be programmed to enable / disable software function on various protection scheme. They can also be updated remotely by providing a digitally firmed file. And they also provide a wrapper that encrypts the exe to prevent reverse engineering.
But before choosing a protection scheme you must identify the risk and the cost you can support. If your application is cheap and have large distribution, maybe protecting it do not worth the cost - remember that no software can be completely protected, there will be always someone that is able to defeat your protection, the battle is between your cost and their cost.
I am happy with esecutech.com unikey dongle, they do not cost to much for the product I am selling (a single dongle cost about 30$) and the company gives a great support, i had various problems with their library under macosx and the supported me very quickly and with great kindness.
hope that help.
But before choosing a protection scheme you must identify the risk and the cost you can support. If your application is cheap and have large distribution, maybe protecting it do not worth the cost - remember that no software can be completely protected, there will be always someone that is able to defeat your protection, the battle is between your cost and their cost.
I am happy with esecutech.com unikey dongle, they do not cost to much for the product I am selling (a single dongle cost about 30$) and the company gives a great support, i had various problems with their library under macosx and the supported me very quickly and with great kindness.
hope that help.
Hi Kevin,
Your question has not made it clear whether or not you are a programmer, so I am going to give this answer assuming that you are.
You don't need to buy a product to do this. You need a webservice that your app can communicate with. Assuming the add ons are not to be downloaded individually (that might be an easier option - more on that later) - that is, all features are already in the product you ship to everyone, it is just that they are not "enabled", as it were - the webservice tells the app which products have been purchased (say via a nice separate website). The app then receives this information and writes away a registry key, perhaps an unsigned integer that uses "bit flags" for each feature. This unsigned integer can be encryped with some hardware unique value (say, the user's hard drive serial number) which gets unencrypted at runtime; if successful the features are unlocked. This is to prevent one user giving their registry to another, thereby sharing the features.
Of course, this is easier said than done, but again, I assume you are a programmer or have access to people which who code this for you.
Now, regarding shipping each feature in a DLL: if you have 10 features, strip each one into a separate DLL, and change the app so that it looks for these DLLs, and loads whichever it finds. You can then distribute "features" via DLL downloads or similar.
Anyway, that is what I would consider before going for a paid alternative...
HTH
Your question has not made it clear whether or not you are a programmer, so I am going to give this answer assuming that you are.
You don't need to buy a product to do this. You need a webservice that your app can communicate with. Assuming the add ons are not to be downloaded individually (that might be an easier option - more on that later) - that is, all features are already in the product you ship to everyone, it is just that they are not "enabled", as it were - the webservice tells the app which products have been purchased (say via a nice separate website). The app then receives this information and writes away a registry key, perhaps an unsigned integer that uses "bit flags" for each feature. This unsigned integer can be encryped with some hardware unique value (say, the user's hard drive serial number) which gets unencrypted at runtime; if successful the features are unlocked. This is to prevent one user giving their registry to another, thereby sharing the features.
Of course, this is easier said than done, but again, I assume you are a programmer or have access to people which who code this for you.
Now, regarding shipping each feature in a DLL: if you have 10 features, strip each one into a separate DLL, and change the app so that it looks for these DLLs, and loads whichever it finds. You can then distribute "features" via DLL downloads or similar.
Anyway, that is what I would consider before going for a paid alternative...
HTH
ASKER
HappyCactus - Thanks for the reply. The product is designed for low cost / high volume and will not cost enough to justify a dongle.
mrwad99 - I'm a programmer but have little experience with web programming, which is partly why I was looking into 3rd-party software.
I am planning to ship all features in one app and enable them on purchase, rather than have separate DLL downloads. In theory I could probably change the code organization to use separate DLLs for each feature, but it currently isn't practical. So unless I hear of a better solution I might have to use the registry as you are suggesting.
In the meantime, can you point me to examples of how to implement the webservice (on the website and in the code)? Would the website code be something I would have to develop from scratch, or are there tools out there I could drop into my website to do it? I was just planning to put up a few pages using Google sites, would the process you are suggesting be possible?
Do you think it is worthwhile using a product like ASProtect to protect the code from reverse engineering. Assuming that the product is successful it seems like a fairly small price to pay. Have you heard positive or negative reviews about that product or similar products?
Thanks,
Kevin
mrwad99 - I'm a programmer but have little experience with web programming, which is partly why I was looking into 3rd-party software.
I am planning to ship all features in one app and enable them on purchase, rather than have separate DLL downloads. In theory I could probably change the code organization to use separate DLLs for each feature, but it currently isn't practical. So unless I hear of a better solution I might have to use the registry as you are suggesting.
In the meantime, can you point me to examples of how to implement the webservice (on the website and in the code)? Would the website code be something I would have to develop from scratch, or are there tools out there I could drop into my website to do it? I was just planning to put up a few pages using Google sites, would the process you are suggesting be possible?
Do you think it is worthwhile using a product like ASProtect to protect the code from reverse engineering. Assuming that the product is successful it seems like a fairly small price to pay. Have you heard positive or negative reviews about that product or similar products?
Thanks,
Kevin
There are many answer to your problem. You must balance the requirements with the cost for you and usability for your customers. For example, some protection scheme require an "always on" connection. It is not practical for all users. Keep in mind that what a customer buy is the functionality, not the protection scheme!
ASKER
Hi again,
Is the following a reasonable way to distribute and sell the product?
Thanks,
Kevin
Distribution
1. build product using VC++
2. protect code and set up trial version of software using ASProtect
3. set up install file (I'm currently using CreateInstall)
4. upload install file to various download sites (e.g. mywebsite.com, download.com, etc)
5. customer downloads trial version
6. application disables advanced features when trial version expires if those features have not been purchased in the interim (stripped-down version of the code will continue to run)
Sales
1. "buy now" menu item in application will direct customer to appropriate page on mywebsite.com
2. customer chooses features from mywebsite.com
3. customer is directed to payment processing website to handle payment
4. payment processing website notifies mywebsite.com when purchase is complete
5. a registration key is created by the payment website or mywebsite.com and is mapped to a set of features on mywebsite.com
6. email is sent to customer by the payment website or mywebsite.com with the registration key and customer is directed to a "register" menu item in the application where the key can be entered
7. application sends the key to the mywebsite.com webservice and the webservice notifies the application which features have been purchased
8. the application creates an encrypted value using the unique hardware id and feature id for each purchased feature and stores that info in the registry
9. a given feature is unlocked if the unencrypted hardware id matches the hardware id for the computer on which the application is currently running
Customer Support
If/when the user tries to re-register the application on a different computer is it reasonable to ask them to do so by email? Or should the registration be automatic if some reasonable amount of time has elapsed (say six months) or some other conditions apply?
Is the following a reasonable way to distribute and sell the product?
Thanks,
Kevin
Distribution
1. build product using VC++
2. protect code and set up trial version of software using ASProtect
3. set up install file (I'm currently using CreateInstall)
4. upload install file to various download sites (e.g. mywebsite.com, download.com, etc)
5. customer downloads trial version
6. application disables advanced features when trial version expires if those features have not been purchased in the interim (stripped-down version of the code will continue to run)
Sales
1. "buy now" menu item in application will direct customer to appropriate page on mywebsite.com
2. customer chooses features from mywebsite.com
3. customer is directed to payment processing website to handle payment
4. payment processing website notifies mywebsite.com when purchase is complete
5. a registration key is created by the payment website or mywebsite.com and is mapped to a set of features on mywebsite.com
6. email is sent to customer by the payment website or mywebsite.com with the registration key and customer is directed to a "register" menu item in the application where the key can be entered
7. application sends the key to the mywebsite.com webservice and the webservice notifies the application which features have been purchased
8. the application creates an encrypted value using the unique hardware id and feature id for each purchased feature and stores that info in the registry
9. a given feature is unlocked if the unencrypted hardware id matches the hardware id for the computer on which the application is currently running
Customer Support
If/when the user tries to re-register the application on a different computer is it reasonable to ask them to do so by email? Or should the registration be automatic if some reasonable amount of time has elapsed (say six months) or some other conditions apply?
ASKER
Just to clarify something - If each registered version of the application is hardware-locked to a specific computer, then would that eliminate the need to use an elaborate key generator?
For example, say I assign the first customer the key 00001. If/when the customer enters that key into the application, and the application sends that key and a hardware id to my webservice for verification about which features to activate, then I'll immediately know if the key is valid (e.g. it is entered in my customer database as registration pending), invalid (e.g. it is not entered in my customer database at all) or if someone is trying to use a copied version of the product (e.g. it is already registered in my database with a different hardware id). Or am I missing something?
Thanks,
Kevin
For example, say I assign the first customer the key 00001. If/when the customer enters that key into the application, and the application sends that key and a hardware id to my webservice for verification about which features to activate, then I'll immediately know if the key is valid (e.g. it is entered in my customer database as registration pending), invalid (e.g. it is not entered in my customer database at all) or if someone is trying to use a copied version of the product (e.g. it is already registered in my database with a different hardware id). Or am I missing something?
Thanks,
Kevin
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Jim,
Thanks for the pointer to Armadillo, it seems to have a lot of nice features. I've downloaded the trial version and will check it out.
Regards,
Kevin
Thanks for the pointer to Armadillo, it seems to have a lot of nice features. I've downloaded the trial version and will check it out.
Regards,
Kevin
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mrwad99 - I like the process you've suggested and think it will support what I want to do. Thanks!
HappyCactus - Good point about the hardware locking. However, I think I can support a situation like the one you describe with a virtual machine by auto-enabling the features for the first hardware id, and asking the user to send an email to add additional hardware ids. Not ideal, but I think it will work for now.
All - Thanks again to everyone who answered my questions. I'll close the thread and try to distribute the points equitably.
Regards,
Kevin
HappyCactus - Good point about the hardware locking. However, I think I can support a situation like the one you describe with a virtual machine by auto-enabling the features for the first hardware id, and asking the user to send an email to add additional hardware ids. Not ideal, but I think it will work for now.
All - Thanks again to everyone who answered my questions. I'll close the thread and try to distribute the points equitably.
Regards,
Kevin
Glad to help :)
ASKER
Thanks,
Kevin