30 day Free Trial  
Author Message
furjaw





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

I am adding "30 day Free Trial" code to my app.

I want to write out a file to a secret location with the first run date, etc.

Would C:/Windows/System be a good place to put it



Visual Studio Express Editions8  
 
 
nobugz





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

No, don't mess with the system folders. C:\Documents and Settings\All Users\Application Data\Your name\Your app is hard to find too. Consider using the registry...


 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

even then users still will be able to modify it.

 
 
DMan1





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

Instead of using a secret location you would be better off using an encrypted binary file that is located in the startup path of your app....Create a dependency to the file and during app startup if the file does not exist or contains invalid data then shutdown the app

 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

there's actually been quite a few topics about this, do a forum search and you will see a few hits

Even Dman1 solution has a flaw and is not a real answer - the user can easily reflect the assembly, find the encryption algorithm and then decrypt the encrypted file and set whatever date they want back in the file encrypted - the app would be fooled in thinking it has only ran from the current date for example



 
 
ReneeC





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

Clearly Dman had the right answer.

Try the SecureString class. You'll be a little challenged in researching them.

Securestrings are one of the classes I won't illustrate. Everything I have that uses securestrings are ...well... a secret.



 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

actually ReneeC I had stated why it would still be a security flaw

 
 
DMan1





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

Even Dman1 solution has a flaw and is not a real answer - the user can easily reflect the assembly, find the encryption algorithm and then decrypt the encrypted file and set whatever date they want back in the file encrypted - the app would be fooled in thinking it has only ran from the current date for example

For your knowledge ahmed, there is no such thing as perfect security! And I very seriously doubt that the user can "easily" find the encryption algorithym...in fact I would challenge you to do what you say is so easily done...If you would like I can send you a file and you can send it back decrypted...If you can!



 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

Oh I know no security is perfect but its better to have some strong security in place.

Once again, I guess we have to agree to disagree :-)



 
 
jwooley





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

If you want to avoid allowing the end user to reflect on your code and want to avoid the security setting issue, you could always use a webservice that you are hosting to check registration status. Check out the Shareware Starter Kit (http://msdn.microsoft.com/vbasic/downloads/starterkits/default.aspx) for one sample example.

Jim Wooley
http://devauthority.com/blogs/jwooley



 
 
DMan1





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

 

Oh I know no security is perfect but its better to have some strong security in place.

Once again, I guess we have to agree to disagree :-)

 

SO please tell us what your solution is and what you are disagreeing with!

I guess decrypting wasn't as easy as you told the user!



 
 
spotty





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

Trying to write stuff into this location would fail on Windows Vista , although thats looking to the future as its a protected folder.


 
 
furjaw





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

>Trying to write stuff into this location would fail on Windows Vista , although thats looking to the future as its a protected folder.

THANKS FOR TELLING ME THAT!

I was planning to write out a file to c:\windows\system!

I have to write out a file to a secret location, because if the file does not exist that means that it is the start of the 30 day free trial. Otherwise, uninstalling the program and re-installing it would start the free trial all over again.

It is only the presence of the secret file that prevents use beyond the 30 days.


 
 
helperman





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

i suggest putting it in the program its self and make several codes that do nothing around you main code that regulates the trial!


 
 
SJWhiteley





PostPosted: Visual Basic Express Edition, 30 day Free Trial Top

As an alternative, create a 'demo' version with limited or restricted functionality - they can use it as long as they like. If it is truly useful, provide a mechanism within the program for obtaining the 'full' version (with license number, user name, etc. However much information you feel will keep people 'honest').

There's o way to prevent a user taking the full version and copying it to ther machines short of web authentication (with it's obvious and annoying flaws) or a hardware key (with the added expense).