Combatting software piracy (e.g. Little Snitch, etc)

Discussion in 'Mac Programming' started by libraryrat, Aug 16, 2010.

  1. libraryrat macrumors newbie

    Aug 16, 2010
    It seems that a lot of Mac users use Little Snitch and similar products to prevent software from phoning home and use stolen serial registration numbers, etc.

    For an application, I am thinking about having a separate email/telephone registration process when it's discovered that Little Snitch is present on the user's Mac. I detect that Little Snitch is installed by checking whether the NSURLs returned by

    [[NSWorkspace sharedWorkspace] URLForApplicationWithBundleIdentifier:mad:"at.obdev.LittleSnitchConfiguration"]
    [[NSWorkspace sharedWorkspace] URLForApplicationWithBundleIdentifier:mad:"at.obdev.LittleSnitchNetworkMonitor"]
    [[NSWorkspace sharedWorkspace] URLForApplicationWithBundleIdentifier:mad:"at.obdev.LittleSnitchUIAgent"]

    are non-NULL or not. Could somebody who has Intego installed on their machine give me the bundle identifier for their outbound firewall product? (I can't remember what they call it exactly)

    What other popular programs are used by Mac users to prevent applications from phoning home?

  2. miles01110 macrumors Core


    Jul 24, 2006
    The Ivory Tower (I'm not coming down)
    Ambrosia had something where the registration key would expire after a certain length of time and required you to go to their website in order to reobtain it using the credentials you provided at the time of purchase. It seemed to work pretty well.

    Alternatively, you could concentrate on making your software worth paying for. If someone wants to pirate, they're going to pirate it. Changing how you obtain a registration key isn't going to stop them.
  3. HiRez macrumors 603


    Jan 6, 2004
    Western US
    That sounds like a terrible way to go about copy protection. Whether your program runs or not shouldn't depend on other apps the user is running. Little Snitch is useful for legitimate reasons, it's kind of like using an arc welder where some Krazy Glue would do.
  4. GorillaPaws macrumors 6502a


    Oct 26, 2003
    Richmond, VA
    You stand a bigger chance of really pissing off your paying customers by trying to get too cute with schemes like the one you propose. Unless you're making software that is selling for several thousand dollars per unit, it doesn't make a lot of sense to waste your time with anti-piracy measures. Spend that time improving your app and you'll probably see an increase in sales that significantly outweighs the bump you get by fighting pirates.

    You should make the effort to keep honest-people, honest. Trying to convince dishonest people to pay for your product is an inefficient use of your limited time/resources. I would certainly demand a full refund if I discovered an app was secretly scanning to see what other software I was running.
  5. gnasher729 macrumors P6


    Nov 25, 2005
    Anyone using some tools to avoid paying for software isn't going to pay for your software anyway. If they can't use it without paying, they won't use it. On the other hand, there will be people who were perfectly willing to pay for your software, but if you put any obstacles into their way, they are not going to use the software. You _will_ be losing money by doing this. And you wasted development effort that you could have used to release earlier, do more testing, fix bugs or improve usability.
  6. kernkraft macrumors 68020


    Jun 25, 2009
    I don't know what software you are developing, but hopefully, your paying customers outweigh the pirating ones. Whatever the situation is, I think it's better to please your honest customers and not to ruin the user experience (oh dear, I hate this impression!) just to make the pirate's job slightly more difficult.

    The most important thing is to remember that most pirates would never get your application if they had to pay for it. You are not necessarily losing as much revenue just because some people choose to use an illegitimate version of your software.

    Personally, I can't stand registering multiple times and for me, that just ruins the whole thing.
  7. Theclamshell macrumors 68030

    Mar 2, 2009
    i know barley anything about programming (even though i kind of had to do it for a year) but couldn't people use apple script to block access to the activation servers if it uses online activation?

    please excuse me if that post made absolutely no sense :eek:
  8. MorphingDragon macrumors 603


    Mar 27, 2009
    The World Inbetween
    A, If you're making a game I suggest using steam. They have anti-piracy stuff built into steamworks. If you're making a normal program, there are plenty of existing DRM schemes you could implement.

    B, You need to find a balance between protection and and transparency. A CD key will stop most wares but not determined crackers.
  9. yamabushi macrumors 65816


    Oct 6, 2003
    It would be trivial for a pirate to circumvent the type of spyware based antipiracy software you propose anyways. I can think of several methods off the top of my head and I'm not even the type of person who avoids paying for software and digital media. Really a waste of time and a good way to lose money by pissing off honest customers.
  10. Winni macrumors 68030


    Oct 15, 2008

    I think you're looking at the problem from a wrong perspective. You cannot prevent piracy, full stop.

    All copy protection and activation mechanisms achieve only one thing: They punish the customers who have actually paid for your software. Pirates usually don't even see those activation dialogs because they download and install patched versions of your software.

    Somebody who does not want to pay for software won't ever give you his or her credit card number just because your software requires activation.

    So... Why again do you want to punish those who paid for your product?

    I think the right way to approach this problem is to give your customers an incentive to pay for your product. Make them feel good about supporting you instead of giving them the feeling that you don't trust them. Add value to a legal copy. (See e.g. what Infocom did back in the day with their "feelies". Or just give outstanding support. Just think of something.)
  11. Peter Maurer macrumors member

    Oct 9, 2008
    This is some of the best advice I've seen on this board in months.

    libraryrat, you don't make money by hunting pirates. You make money by making people want to support your products and give you money to this end. (The latter is also much more fun, trust me.)

    Same here.
  12. xStep macrumors 68000

    Jan 28, 2003
    Less lost in L.A.
    I'm with the others on this. You can only fight piracy so much and pissing off your paying customers isn't good for your company's image.

    C4 had a panel where they discussed piracy for 6 minutes in this 50 minute video. It starts at the 15:40 mark. The talk is C4[2] Shipley: Panel where Wil is the host.

    In C4[1] Shipley: Monster Marketing, Wil mentions interesting things to this discussion. See "Be a Software Slut" starting at 25:40-32:00 and the mention of piracy at 44:00-44:56. The whole talk is very interesting.
  13. mlblacy macrumors 6502

    Sep 23, 2006
    the REAL Jersey Shore
    gee, why don't you try using a hardware dongle?

    as that worked so well for Quark, and a few of the other PAID apps that I have had. Frankly, clandestine snooping, and constantly calling "home" is a real annoyance/deterrence for me installing any software that does that. The advice here is good, heed it... although I have my doubts on that.

    Spend a LOT less time worrying about piracy, and subsequently degrading the overall experience for your PAYING customers, and MORE time trying to come up with a worthwhile, fairly priced product. Otherwise you make the PAYING customers feel like you don't trust them (and they did trust you enough to spend money on your product). We bought your software product to use. Thats it. If you want to "see" what other products we use, or how often/long we use your product, you are pushing it. We did not pay money and then give you that right as well. If you want to run an information gathering service, fine... GIVE away your software, and just let us know the deal ahead of time. We can opt in, or not...

    Overpriced applications, constantly shifting packages (like Adobe does), in my opinion would logically increase the odds of piracy (I would guess). Not sure what apps are the most pirated, or what demographic pirates the most, but I would make an agist guess the ages skews towards the younger. At one point some gaming software companies required the CD to be in, while the app was running from the computer. Better solutions would be requiring an activation key that you would generate and send back, and the enduser would PASTE the key into the activation dialog, as this is not an invasive/intrusive method.

    The skallywags & miscreants will always be there, and those folks will not care about your efforts to subvert them, as they will easily dodge most of them. Your legitimate customers however will be suffering from your misguided attempts. Misguided, in that is is a poor use of time/effort/money.
    Lookup the RIAA's efforts to stop music piracy online...
    -the amount of money spent is huge
    -the amount they are ACTUALLY recouping small
    -meanwhile they are throwing grannies and kids in jail or hitting them with huge financial judgements

    Apple has it right, however many companies do not...
    Lower the prices, and the incentive for piracy goes down. iLife sells for $45. Music sold for 99 cents (or did). And, most importantly their apps are worthwhile.

    So, what is the name of the application and your company? I want to stay as far away from it as possible.

    Sorry to be blunt, but I think you will find most of us here will find your efforts repugnant.

  14. libraryrat thread starter macrumors newbie

    Aug 16, 2010
    It looks like nobody wants to do me a favor and give me the bundle
    identifiers for Intego and other similar products?

    I really don't think that what we plan on doing imposes much of a burden
    on legitimate paying customers.

    In fact, what we do is no different than other companies. Users will be
    able to download a trial version from our website and enter a code to make
    the trial version a "full" version.

    The plan right now is that if the user has Little Snitch or other such
    products running, then they will need to complete registration by
    allowing the outbound network connection or can complete registration
    by phone/e-mail.

    Unfortunately, it is necessary to take some measures to combat piracy.
    We have no illusion that our measures can and will be bypassed.

    On our iPhone app, we use UDIDs to get an idea of how bad the piracy
    problem is, and for every legit purchase, there are about five pirated
    copies. We have talked with other iPhone developers at developer
    meetings and piracy in the Mac world is rampant and out of control.

    Out of all the people using our iPhone app, less than 20% actually paid
    for it. Our app only costs $0.99. We can't sell it for less.
    Amazingly, our app is supposedly on the low end of the piracy scale.
    I've had one developer tell me that for every person who paid $0.99
    for their app, they have more than 100 illegal copies. It's that bad.

    We don't plan on enumerating all the applications that the user
    has installed on their machines. We'll only check for the existence
    of Little Snitch and similar products, which was the point of my
    original post, i.e. getting a list of bundle identifiers for all such

    Thanks for all the video links.

    BTW, we won't be pissing off paying customers. After all, they only need
    to enter a registration code like other software. We'll just check that they
    don't use Little Snitch, etc. to block our application from phoning home and
    use a stolen registration code.

    That's all.


    This is a programming forum and I somehow doubt that "most" full-time developers will find basic countermeasures to be "repugnant."

    In my local iPhone developers group, a lot of people are seriously pissed off about app piracy.
  15. frankpuccino macrumors newbie

    Jul 24, 2010
    libraryrat, my company is in a similar predicament, although we plan to approach the problem differently. You can see some of my posts to this forum to get an idea of the lines I'm thinking along.

    We're also seriously concerned about software piracy. We display a EULA to the user and if the user agrees, they give us permission to pretty much do whatever the hell we want and that includes unloading the Little Snitch kernel extension.

    We'd rather not disable Little Snitch on the machine, so we're reverse engineering Little Snitch's .xpl format and our plan is to simply just add an always allow rule for our app without bothering the user and inconveniencing them by asking for permission. We may also just add a kernel extension whose soul purpose is to bypass Little Snitch by hooking ahead of it.

    I don't like the kernel extension approach because it's very much rootkit-style technology, but it might be necessary since the .xpl format might change in future version of Little Snitch.

    It's very risky to bring a Mac OS X product to market given its low market share compared to Windows and piracy only compounds this risk.

  16. mlblacy macrumors 6502

    Sep 23, 2006
    the REAL Jersey Shore
    a partial apology...

    Listening to your replies, your point sounds a bit more measured...

    However obviously you have touched a nerve regarding how much information is gathered, and what is done with it. You only have to read about the stories about the self-regenerating flash cookies (after deletion) to make some of a wee bit leery of "noble intentions". Remember when Google's motto was "don't be evil". lol. Also, lot of people run little snitch or turn to the activity monitor to figure out what the strange slow-downs or bottle necks are, and nothing more. I would think the average bear who routinely pirates software en masse, would rely only something more than little snitch to subvert detection.

    I am not claiming this is not an issue, but as an end user I get irked when as a paying customer I get a feeling I am not being trusted. A good example would be in the old days of Quark, when upgrading legitimate serial numbers was always treated with an air of suspicion, and oddly Adobe products were then seemingly unconcerned with copying and had little "safeguards" or schemes to prevent such. The mutual trust and good will between a company and a paying customer should rightfully exist, as those are the ones who ARE paying (so don't punish us for the acts of malfeasance of others). As a paying customer I want to be trusted to "do the right thing" (and am not a fan of "trust but verify" on the sly).

    Also, I am a believer in the power of the 99 cent app, or even the $4.99 one.
    Angry Birds sold an unbelievable 6.5 million copies with zero advertising. I am sure some additional copies were pirated beyond that, but there legitimate sales are impressive. I also don't mind paying for good software applications that provide value, as I make my living using them (and pay quite a bit for some of them).

    Also, pardon my ignorance, but wouldn't you need a jailbroken device to install a pirated app? (I don't know answer to that). Perhaps if the iPhone/iPad apps had demos, maybe the piracy numbers would less. Are we talking... tried it a few times.... or use it every day for years?

    Now my apology. I didn't realize that this thread was under programming, which is not a usual haunt for me. The topic was short-cutted to on the main page, and I had thought I was under a different thread topic. Until you pointed it out I didn't realize this was under programming. But even here I sense an initial gut lukewarm reception... and I am guessing that some of these folks are developers as well (unlike me an end user).
  17. mlblacy macrumors 6502

    Sep 23, 2006
    the REAL Jersey Shore
    yikes... this is disturbing (a case in point)

    And this is exactly why some of us are distrustful. Is a thief going to be bothered by your 8 page, 4pt type EULA? No. However your legitimate customers might indeed be bothered by your cavalier attitude that you can "pretty much do whatever the hell we want". If you are so comfortable with that position as a company perhaps you should include it on your FAQ...

    Not saying this is not an issue... but you might want to think about your response and what it says about you as a company.
  18. mdatwood macrumors 6502a

    Mar 14, 2010
    Denver, CO
    The problem is that you're assuming that any pirates would have really bought the application. I'm guessing many would have just skipped it. Be careful that you don't kill your user base who does pay trying to make people pay who will never pay.

    BTW, I don't let any application phone home from my machine and let Little Snitch block everything. If you're app requires that I'll simply throw it away and look for something else.

    Any software that I find that does what you're suggesting will never be installed on my machine, any machine of a person I know or any other machine that I have some sort of control over. What you're describing is basically malware at this point and is something that anyone who knows what you're doing will not tolerate. Also keep in mind that if you start silently turning off security measures on someones machine and it leads to them getting hacked and losing valuable information that you could end up being liable.
  19. frankpuccino macrumors newbie

    Jul 24, 2010

    Malware? To some extent, antivirus and security software can be viewed as rootkits, but I wouldn't describe them as malware.

    Antivirus companies do stuff like this ALL the time and in the United States at least, this is perfectly legal and fine as long as the user authorizes it.

    We ask for authorization before we do anything on the user's machine.

  20. Bernard SG macrumors 65816

    Bernard SG

    Jul 3, 2010
    I agree 200% with mdatwood:

    • That way of "protecting" software against piracy is basically making your applications behave as a spyware/malware, such applications have no business being on my computers no matter how functional and useful they may be; not mentioning that your software triggering an online connection is a potential security vulnerability that ill-intentioned hackers could use for an exploit.

    • The notion that pirated copies of your work are lost sales is bogus. IMO, at most 1% of pirates would have paid for the app if there were no way to pirate it. On the other hand your approach itself makes you lose sales to people who are concerned about online security.

    I fully understand that the 5:1 figure of pirated v. legit copies is upsetting, but there is a way to look at that positively: those 5 pirates actually dig your product, so instead of looking at it as a loss, there might be a way to turn it into an opportunity by providing them an incentive to pay for the product or some other product that you can offer. Your time and energy will be better used in identifying the opportunity instead of going for convoluted and questionable counter-measures.
  21. ARF900 macrumors 65816


    Oct 30, 2009
    I agree with this, I bet 80% of those people pirating your app would never have gotten your app if they couldnt pirate it.
  22. ranguvar macrumors 6502

    Sep 18, 2009
    Don't spend any time on copy protection. Even if you invent something really fancy it will piss off your existing user base and make it attractive for crackers to see if they can dismantle it. Instead, invest the time in making a good product.
  23. xStep macrumors 68000

    Jan 28, 2003
    Less lost in L.A.
    Well that isn't what you said above
    What you indicated is that you would just take an action without notifying your customer. Violating a customers security setting is a very serious issue. It should NEVER be done without notification and should have an opt out option. It is the customers machine, not yours.

    Frankly, if developers are going to start this kind of draconian action, I think they should hi-light this under their features propaganda. The customer should be made aware of these styles of coding before a purchase, along with negative consequences.

    One thing I'd like to here about is your fail over plan. What if your customer does not have an internet connection for a long period (days/weeks/months) of time, or not at all? Does your software fail to work when it can't phone home?

    This could be a benefit to competitors who could advertise that a feature of their similar product does not phone home to keep their honest customers continuously honest.
  24. Porco macrumors 68030


    Mar 28, 2005
    I actually hope you fail with any product that engages in such disgusting and pointless behaviour.

    I use Little Snitch for an extra layer of perfectly legitimate security and I can honestly say I haven't pirated ONE SINGLE APP on my mac in about 20 years of using the platform.

    Personally I agree with those who would consider any app that did what you are suggesting as malware.

    Can you please tell me what apps you make so I can avoid them altogether?
  25. AlmostThere macrumors 6502a

    You are asking posters for assistance in compromising the security of someone's machine, so no.

    Coincidentally, I am concerned about my machine getting hacked and am worried about potential buffer overflows in system libraries and services. Could someone please show me how to identify such vulnerabilities in these files (so I can protect myself)?

Share This Page