On 27.12.2009, at 12:31, Houdah - ML Pierre Bernard wrote: > The bad news: most first and second page results are links to cracked copies. > http://www.google.com/search?q=houdahspot+2.6
That's definitely bad. You want to try getting your software covered on more sites (and have them link to you) to increase your rank in the search results. > I can't tell if the cracked copy actually works. RapidShare won't let me > download without a Premium membership. FWIW, cracks are dangerous. They're prime candidates for virus/trojan distribution (iWorkServices, anyone?), cracked applications may deactivate other important features by accident or introduce subtle bugs. I wouldn't worry too much about the existence of cracks for that reason. Leaked serial numbers are a much bigger problem, because they don't have these downsides. The worst are keygens, because once one of those is out, they can generate keys overlapping with valid keys of other users, and you have to start inconveniencing legitimate users to get rid of illegitimate ones (block both). *never* ship the code that generates a key in any way, especially if it is part of your SN check. > Yet I am quite shocked by how fast and how far this has spread. This happened > within hours of the release. Are you stripping symbols from your release executable? Have you made sure you don't have one method with an obvious name that does the SN check? ObjC is easy to crack (launch your app with F-Script if you want to know *how* easy -- all method names and class names are in there as clear-text, it's self-documenting -- give SN stuff non-obvious names). Also, unless you're a cryptology major, don't try to devise your own SN scheme instead of using more robust asymmetric encryption like libcrypto has it. You want to check the SN in several places, and set the "don't allow attaching GDB" flag. That's not much work, and all of this can be circumvented eventually, but it keeps out the script kiddies. Also, don't put your SN checking code in an easily replaced framework, link it into your app statically. > I have sent an email to RapidShare asking them to take down the file. But > they don't seem to be in a rush to react. Anyway I don't see this do much > good. The cracker will always be faster at uploading the file than I will be > at getting those sites take it down. It's always a good idea to ask for this. Yes, they will re-upload it, but there'll be so many broken links to old downloads out on the web that it'll get harder for the casual googler to actually get a cracked version. -- Uli Kusterer Sole Janitor http://www.the-void-software.com
