Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!gatech!bloom-beacon!think!ames!ptsfa!well!ewhac
From: ewhac@well.UUCP (Leo 'Bols Ewhac' Schwab)
Newsgroups: comp.sys.amiga
Subject: Software Theft Deterrents
Message-ID: <3576@well.UUCP>
Date: Sun, 19-Jul-87 05:55:09 EDT
Article-I.D.: well.3576
Posted: Sun Jul 19 05:55:09 1987
Date-Received: Sun, 19-Jul-87 19:42:31 EDT
References: <207@cc5.bbn.com.BBN.COM>
Reply-To: ewhac@well.UUCP (Leo 'Bols Ewhac' Schwab)
Distribution: na
Organization: The CIA.  Third-world Governments Destabilized While-U-Wait.
Lines: 146

[ O Great Line Eater, please accept this humble sacrifice... ]

	Ok.  I can squash this argument with logic or nonsense.  Your
choice.

	Right.  Logic it is.

	It has been suggested that the best of all copy-protection worlds is
The Gizmo (hereinafter referred to by its proper name, "dongle".).  It was
suggested that this method of protection is virtually unbreakable.

	I would counter-suggest that this is not so.  A dongle is plugged
into a hardware port.  This port always has a fixed address.  All I need to
do, as a pirate, is to look for all CPU references to this address.  I then
write some stub code in my debugger to check what the correct response from
the dongle would be.  I then NOP over the dongle-checking code, and patch
the branch to go to the correct location.  A good debugger will allow me to
do this easily.

	Some pirates are very dedicated.  Witness in the past:  Pirates
purchased 6502 in-circuit emulators and single-stepped through Apple ][
programs, discovering how the CP scheme worked.  I submit that all programs,
no matter how obfuscated, would submit to analysis under an ICE.

	It was also suggested that the industry needs to foster new forms of
software theft deterrents.  I would suggest the following:  A scheme that
does not impair the useability or copyability of the program in any way.
However, should the scheme detect that the copy was unlawfully obtained, an
inflammatory message from the author would appear.  Such messages might
accuse the user in no uncertain terms of being a thief, that s/he should be
ashamed of themselves, that their mother wears combat boots, etc.  The
vendor would decide what was appropriate.

	It was also satirically suggested in a long paragraph that software
piracy can be, in an obtuse way, be likened to car theft, after replacing
the stolen car with 2400 lbs of random steel.  I submit that this is not an
accurate parallel.  A more accurate parallel can be drawn by likening
software piracy with the Xeroxing of a highly specialized newsletter.  The
type of newsletter to which I'm referring is usually published on a
bi-monthly basis, quite small (under 20 pages), contains highly specialized
and field-specific information, and usually is sold at anywhere between
$75-$300 a year.  Piracy can be likened to Xeroxing a newsletter of this
type and handing the copy to a friend.

	I would also contend that software piracy has largely been a matter
of attitude on the part of the public.  As an innocent party to the birth of
the micro industry (I was only 12 then), everyone seemed to have the
attitude that software was free.  This seemed largely supported by the fact
that most people who owned computers were highly computer-literate.  They
generated their own software to suit their specific needs.  If a friend
liked it, they would make a copy for them (on cassette tape).

	There were some commercial packages available then.  In particular,
I remember the GAMEPAC series from Processor Technology, written by Steve
Dompier.  Very good software.  Widely pirated.  Everyone with a SOL-20 had a
copy of this program.  In fact, I think it was distributed with the machine.
Everyone also had a copy of a BASIC interpreter, either BASIC-5, EBASIC, or
Altair BASIC.  These were also widely copied.

	My point:  It is my belief that, in the "old days," people viewed
software as free.  I suspect this view was held because everyone who owned a
computer was competent enough to write his own software, and didn't need to
buy anything.  Therefore, anyone who was actually selling something other
than hardware was probably regarded with disdain.  There is probably some
question as to whether this view, in that time period, was justified (Bill
Gates certainly didn't think so).

	Then, thanks largely to Steve {Wozniak,Jobs}, computers became a
mass-market item.  People purchasing computers were no longer confined to
the population of the computer-literate.  Ordinary people were beginning to
buy them.  They had to learn about computers from someone.  They turned to
those who owned computers before them.  They learned from them that computer
software was "free."  However, because these new users could not effectively
write their own programs, this view was no longer accurate.

	In my view, trade is defined in terms of relative worth.  If I have
something that worth something to you, you may wish to buy it.  If, however,
you have the ability and resources to create the same thing on your own,
then its value to you is reduced.  The unsophisticated users are unable to
effectively create their own software.  Therefore, anyone who sells software
is satisfying the conditions of trade for unsophisticated computer users.
They are obliged to look upon my program as valuable to them, if they cannot
create the same or similar program themselves.

	Nevertheless, computer software was viewed as free.  I would surmise
that, eventually, someone who was selling software got irritated with all
the non-purchased copies of his program running around, and got the idea to
make his program difficult to copy, probably by creating a file on the disk
with control characters in the filename.  Unsophisticated users would be
thwarted by this method, since many of them probably had no idea what a
control character was.  I suspect that this was the audience our
hypothetical vendor was addressing.  The educated audience, however, would
probably scratch their head for a moment at the odd-looking disk catalog,
then quickly write a progam to reveal the true filename.  Unsophisticated
users would contact the sophisticated ones, asking what was going on.  The
sophisticated audience, being very forthcoming (as most hackers are),
explained what was going on, probably offering to make a copy of the disk
for them.  From here, no doubt, the protection technology escalated.

	One need only briefly look around them to discover the state of the
art in Software Theft Deterrents.  Zapped sector technology.  Encoded
manual technology.  Dongle technology.  Security code technology (There
exists a form of protection whereby the computer asks you for a clearance
code.  You punch a button on a hand-held pseudo-random code generator to
discover the code, and enter it in.).  This technology was developed in
response to the audience of unsophisticated users who erroneously believed
that software was free.

	Now then.  I also contend that attitudes (at least in the people I
associate with) are changing.  People are, in my estimation, beginning to
realize that the software they are using is indeed valuable to them.  They
use the programs every day, and know the anguish of having to live without
it (when the machine becomes unavailable for some reason).  They are
beginning to realize that they would be hard pressed to create a similar
program on their own.  They may still balk at some of the prices on some
programs, but I believe that they are more inclined to pay for it today than
they would have been, say, three years ago.

	It is also my contention that many software vendors are regcognizing
this trend, and starting to remove software theft deterrents from their
products.  As a member of FAUG, I see software vendors get applauded when
they announce that their software will be released without copy protection,
and I see vendors get resoundly hissed when they say that it has some form,
any form, of copy protection on it.

	I contend that people are beginning to view their software as
valuable tools, which is why they are pleased when a new tool becomes
available for their use that has not been made cumbersome to use by copy
protection.  I believe that people are beginning to foster respect for
programmers who produce quality products.  I hold that people are attaching
value to software, and are now more apt to buy their own copy of a program
rather than borrow or steal one.

	I would not suggest that this transition in attitudes is by any
means complete.  Indeed, we have quite a way to go.  However, I would, as my
final suggestion, ask that software vendors reeaxmine the attitudes held by
the computing public at large, where these attitudes are leading, and act
as they see fit.

	There.  How'd I do?

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Leo L. Schwab -- The Guy in The Cape	ihnp4!ptsfa -\
 \_ -_	 Bike shrunk by popular demand,	      dual ---> !{well,unicom}!ewhac
O----^o	 But it's still the only way to fly.  hplabs / (pronounced "AE-wack")
"Work FOR?  I don't work FOR anybody!  I'm just having fun."  -- The Doctor