Hardware locking software to a particular computer - a new trend - and why my programs aren't locked

Hardware locking is a new trend in software licensing in the early part of the 21st century. If you have bought several programs in the last ten years or so, it is possible that one or two of them may be hardware locked, which ties the program down to a particular computer.

If you want to use one of these programs on another computer, then you need to get a new unlock key from the vendor. Usually each replacement unlock key is provided for free, though sometimes you have to buy a new key after a certain number of changes of computer.

I decided that none of my existing programs are appropriate for hardware locking. But the reasons for my decision might be of interest to other software vendors, and for that matter, for users of my programs too. Or maybe if you are considering purchasing other software and it is hardware locked, may be worth reviewing some of the pros and cons

Software vendors enthusiastic use of the feature

In the software developer's forums many vendors are really keen on hardware locking. Also there are tools available to make this a really easy thing for software developers to do. So, more and more programs now are hardware locked.

You can see why - it's a neat thing to be able to do technically - and it pretty much guarantees no more problems with lost or stolen license keys.

Disadvantages for both vendor and customer

But I think it has many potential disadvantages for both the user and the vendor in the medium term in many cases - so that one should take care before deciding to follow this path - and users also should decide carefully whether they want to use a hardware locked program - e.g. for important documents or files.

By medium term I mean just a decade or two, even less. However, the technique is so new that these problems aren't yet very prevalent. It isn't so good for the vendor to just be carried away with enthusiasm because it has now become so easy to do this thing, and because everyone else in the software forums seems to be doing it - it is new to them too, so they don't really have direct experience of the long term problems either.

Some situations where it makes sense to do it

There are some situations where it may not cause many problems at all - if the program is of only ephemeral interest and will be superseded in a year or two from the first release date, for instance. Some vendors may be selling such programs. But if you are a vendor - have you thought through whether your programs are ones that are appropriate to release in this format?

Things to check if you intend to purchase a hardware locked program

As a user, it is important nowadays to be clear when you purchase a program, whether your purchase is for a single machine, and just the lifetime of that machine, or for any machine.

  1. If you have several computers in your household, (maybe networked together) as is becoming increasingly common, you need to check if you can use it on only one of your machines or many of them.
  2. You should check that the vendor has a system in place for issuing new keys. Also is there a limit on the number of new keys you can get.
  3. If the program is of more than ephemeral interest, one also needs some reassurance that the system for generating keys will continue to work in the future if the original vendor goes out of business or the product line gets discontinued.
  4. If the program is your only means of accessing important files or a database, you need to get reassurances that those files can still be accessed later on if the vendor has gone out of business and you need to move the files to a new computer.

Remember, any computer hard disk may go at any time. If this happens you will probably need new keys for all your hardware locked software on the computer. I get many support e-mails from users who request new unlock keys because they lost all their data in a hard disk crash. Recently heard from a user asking for a new key who had several computers go all in the same year.

Issuing unlock keys for hardware locked programs

It is a fair amount of hassle to the user to keep asking for new unlock keys every time you want to use the program on a new machine. The first time you do it it doesn't seem so bad, but if you have to do it several times in short succession, it becomes a real pain.

Then if any misunderstanding arises in the process, or any delays in getting your key, the vendor can easily end up with one very unsatisfied customer, and no-one wants that! That's especially likely to happen if your software is something the customer relies on nearly every day.

Also - the customer pays once only, but the vendor is (normally) committed to supply new unlock keys for as long as the customer continues to use the product. Though some vendors may put a limit on the number of times you can ask for a new key.

Questions for the vendor to think about

If you are a vendor - have you really thought through all the implications of this commitment? Do you have some plan in place for issue of unlock keys in the eventuality of your business closing, or your death (if a sole trader), or a take-over of your product line by another company? Are you always going to be able to issue unlock keys within a day or so, for 365 days of the year? (Any longer and your customer may feel they have a long wait for the key).

Then have you thought about the more distant future (both user and vendor again). In 20 years time if someone wants to run a "vintage" XP machine, they simply won't be able to do it unless they can obtain an unlock key for XP for their new hardware. They will also find that none of the hardware locked programs from our era will no run any more unless they are still able to chase up the original vendors.

A vintage program is bound to have less polished GUIs than the latest ones, but you may have data that can only be accessed using the program, or it may do something unique which still makes it of value to some users maybe many years after it was originally written. Perhaps it makes a unique picture, or a unique sound, or does something that no other program does in quite the same way.

Lost and stolen keys may not be as much an issue as you think

So long as your software protection system has a method provided for invalidating lost or stolen keys - you just need to re-upload the software and add the keys to the list. In practise so far this has been a non-issue for my software anyway.

What is important is to make sure crackers can't extract a "keygen" from your code with dissassembly tools - as if that becomes public you have to change your whole licensing system for the program. That is best done using public key encryption so that the program itself can't generate keys, or even give the cracker any clue about how to generate them - only verify them.

There is more to it than that as another way a cracker can crack your software is to remove the key verification section from your code and upload a new version of the binary without it. That's most likely to be an issue with high profile programs. So - it is a good idea to securely pack your exe file so that the crackers can't access it via assembly debuggers.

Also of course, coding public key encryption into your software is a task that requires work and careful coding.

For both those reasons it seems best to go for a third party solution. I use Armadillo (as anyone can tell by inspecting the binary so not giving away any valuable information to crackers there). It works fine and is worth the price, and as far as I know, no cracks at all have ever been made for my software since I started to use their services. There are other solutions of course.

Is protection from crackers needed at all?

Well - maybe not strictly needed for a software metronome, and I think most of my customers would probably buy it anyway. But I do get occasional searches for "Bounce Metronome Crack" in the website stats, and I offer a "software crack" of my own, for 95% off for anyone looking for a crack for the software - and get occasional sales of it, see Bounce Metronome Pro 95% off Discount - from Software Author

It doesn't seem to be a big issue for Bounce Metronome. But in some cases historically, piracy has been a big issue for companies, and has put interesting companies out of business.

Particularly a fair number of computer game companies have gone out of business almost certainly as a direct result of pirated copies of the games - i.e. immediately after their cracker protection system got cracked. See Bruce on Games article: Game Piracy for a brief history. So though seems unlikely I'll be affected in the same way, seems worth protecting just in case. And there are other advantages of using a 3rd party solution - Armadillo is all set up for issuing of the unlock keys etc. and verification and so on, e.g. can easily do automatic issuing of unlock keys on completion of payment.

[Note to other software vendors - Armadillo is a legacy program that is no longer available for purchase - I still use it for backwards compatibility of unlock codes and indeed may well offer a small amount of protection to be using a secure system that is now ancient history for crackers :)]