Encrypted data sample

Richard Gaskin ambassador at fourthworld.com
Fri Apr 11 15:15:01 EDT 2003


miscdas at boxfrog.com wrote:

> At first glance, this doesn't seem to explain crackers and phreakers.
> However, their "payoff" is often no more than "Look at me, I did it!" which,
> for some personality types, is an extremely powerful driving force.

I'm not sure that Shari's comments were meant to address the more
experienced crackerz, but to present the problem as one of trade-offs
requiring some subjective evaluation.

Developers of major games spend a _lot_ of their resources on security, and
even with everything they can throw at the problem they understand that it
will merely slow, not prevent, cracking efforts.

For vertical market apps of the sort most likely to be made with Rev, the
number of people with sufficient experience to cracks a good scheme is
significantly smaller, buying you more time with less effort than a
developer making an internationally-famous game.

Leaving your door unlocked and open is the metaphor for true shareware:  no
restrictions, relying fully on the honor system.  Shareware in this purest
form has largely fallen out of favor as the 'Net becomes more gentrified;
today's audience is not merely technically-savvy people who respect the
effort it takes to create a useful program, but is comprised of a broader
demographic more representative of the population as a whole, which will
always contain a criminal element.  Moreover, one could argue that shareware
temps otherwise honest people to act dishonestly by providing no incentive
for keeping their karmma clear.

On the other extreme we have the metaphoric Fort Knox, a multi-billion
dollar security system with heavily-armed soldiers protecting it (on a
relative scale equivalent to the effort put in by large game developers).
Very few of even the most ambitious criminals would dare consider it a
target.

In between we have options we could characterize as ranging from "locking
your house doors" security (basic reg scheme that might be easily crackable
but would dissuade the majority who are basically honest people), and "bank"
security (much harder to crack but still done by sufficiently motivated
people every week).

Choosing a security model appropriate to your market is a tradeoff:  every
hour you spend working on security is an hour you're not spending on feature
development or marketing.

You have to ask yourself which activity is losing more sales:  crack users
who in large part may never purchase the software anyway, or legitimate
users who can't buy the product because they never heard of it since you
compromised marketing to focus on crack users.

For the products I manage, I've found it much more cost effective to set up
a "bank" level of security, with an emphasis on being able to change scheme
frequently.  This means you need to be able create and deliver new reg codes
easily and quickly for your existing customers, but the effort to create
such an upgrade system is a one-time expense best seen as amortized over the
life of the product.

No matter what level of security you employ, the availability of crackz for
wares from the major vendors suggests you'll need to change reg schemes
often no matter what level of security you develop; the only difference is
how frequently.

I'll leave Fort Knox to the game developers, and focus my efforts on
reaching potential customers with compelling features, competitive pricing,
and broad marketing.

-- 
 Richard Gaskin 
 Fourth World Media Corporation
 Developer of WebMerge 2.2: Publish any database on any site
 ___________________________________________________________
 Ambassador at FourthWorld.com       http://www.FourthWorld.com
 Tel: 323-225-3717                       AIM: FourthWorldInc




More information about the metacard mailing list