Microsoft to offer code protection, validation to other software developers

Microsoft to offer code protection, validation to other software developers

Summary: Microsoft is planning to deliver on October 1 to third-party software developers a set of technologies that will allow them to add code protection and activation mechanisms to their own software.

SHARE:

Microsoft is planning to deliver on October 1 to third-party software developers a set of technologies that will allow them to add code protection and activation mechanisms to their own software.

When Microsoft first unveiled its "Genuine Software" initiative three years ago, company officials said they planned to license to third parties some of the same anti-piracy technologies that Microsoft was baking into Windows and Office. Instead, Microsoft has decided to provide external developers with a separate, parallel offering, said Group Product Manager Thomas Lindeman.

Microsoft will offer third parties a bundle of "Software Licensing and Protection Services" (SLP) components, which are based on technology it acquired in January 2007 when it bought Secured Dimensions, an Israeli company that developed software licensing and IP protection technology. Microsoft currently is testing SLP with a hand-picked group of Technology Adoption Partner program testers, Lindeman said.

Microsoft's SLP platform will be comprised of three elements, Lindeman said, any of which can be licensed individually from Microsoft. The three:

* Code Protector Software Development Kit (SDK): A toolkit to allow developers to obfuscate their code to prevent it from being reverse-engineered. Version one of the SDK will work with .Net managed code; a forthcoming version also will support native Win32 code. The toolkit also will allow developers to mark specific features inside their code as "licensable entities" which they can control with various kinds of digital licenses. Microsoft plans to make the SDK available for download, as well as to include it as part of Visual Studio 2008.

If developers want code protection for non-Microsoft code, such as Java, "I'll partner with someone or find a way to get that covered," Lindeman said.

* SLP Server: A product that will allow ISVs to host their own servers and create software licenses -- machine-based, time-based (for software subscriptions and trials), user-based and/or feature-based -- for their products. The server will generate a key, which users will use to activate their software, via a digital license. SLP Server will come in two versions: Standard and Enterprise.

"You will be able to turn on different features and different SKUs for different markets without having to go back and touch the code," Lindeman explained.

(In terms of activation, the SLP products and services will allow developers to set their own licensing policy. I asked Lindeman whether he didn't simply mean "set their own DRM policy." He said Microsoft prefers the term "licensing policy," as "DRM is really a thing of the past.")

* SLP Online Service: An option allowing partners to do all their license management "in the cloud." Microsoft is planning to deliver three levels of service (Basic, Standard and Enterprise) to partners on a yearly subscription basis. The company plans to offer all Microsoft Developer Network (MSDN) Premium subscribers a subscription to the SLP Online Service Basic Edition.

Microsoft is encouraging developers to take the next step, and do not just activation, but also Genuine Advantage-style validation. But the new SLP offerings are not "Genuine Advantage" for third parties, Lindeman said.

"We are encouraging ISVs to think about doing validation like we do with Genuine Advantage. They can do that or their own thing," Lindeman said.

Lindeman hinted that Microsoft might be considering make some sort of "Open Genuine API" (application programming interface) available to third parties, but had no further details to share.

Any third party software makers out there interested in giving Microsoft's anti-reverse-engineering and/or software activation and licensing technologies a try?

Topics: Software Development, Microsoft, Software

About

Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

78 comments
Log in or register to join the discussion
  • Now even a small developer..

    Now even a small developer can provide the "genuine advantage" of false positives and lock you out of software that you paid good money for! What a deal! Of course, they probably run a MUCH greater risk of losing a customer forever because their little applet is probably less "required" than Windows or Office....
    bmgoodman
    • Say what?

      Tell me how this is different than any registration process???
      No_Ax_to_Grind
      • Registration?

        I've never registered any software. Why bother? It's a waste of time. Do you get anything for entering all the personal information and sending it off to the company? Nope. So I don't do it. If they want to fill it out they can pay me $200. Then I'll consider it.

        Now product activation, that's a different story. Had my share of horror stories with that. Not from Microsoft how ever but from Intuit.
        voska
    • people keep talking and talking

      about 'false positives' and getting 'locked out' of software they own, but never actually provide any facts about it. How often it happens, what the remedy was.
      Just FUD and BS.
      The only issue I have had was handled free of charge by MS.

      But back to the point. For years and years, I've had to type impossibly long keys into QuarkXPress (on the Mac) and call them up to activate it, or put dongles into serial or USB ports to assure that I paid for the software I am using.

      So now small developers can use something without having to shell out huge dollars. If it works, they will use it. If not, they won't.
      Funny how people like the 'free market' system until someone makes a choice they don't like...
      mdemuth
      • WGA is nothing more than user harrassment...

        Every time I try to do something Microsoft, I have to deal with it. It's one big pain in the ass.

        If it would just INSTALL, RUN and do it's thing and then leave me the hell alone, I would not care.

        It's plain old bullshit. Period.
        BitTwiddler
      • You're right

        Searching the entire Internet, it is impossible to find documented instances of WGA's false positives. Every story that you read is made up. WGA has never inconvenienced a single legit user anywhere... and the moon is made of cheese.
        bmgoodman
      • Not BS, I've been there

        Sure eventually you get your software working but it's a pain. It certainly doesn't make me want to buy software from that company again. Microsoft can get away with that since all my software runs on Microsoft but 3rd party company with competition is asking for trouble. If I'm choosing between one company and another for software I will run on Windows then WGA works against getting me to buy the software.

        As for my experience I had a tax software program that activated. I changed some hardware then went to use the software and it assumed I was pirating. So I call the company and had to fax them a photo copy of my receipt and scanned image of all six sides of the box the software came in and the CD in it's case. Then I had to phone back after 3 business days and finally got my new authorization code with warning that I am not to swap any hardware out my system if I expect this software to work. They said they will not renew the authorization. I stopped buy their product after that and today you can buy it with out product activation.
        voska
    • It's not the false positives that bother me

      It's the fact that MS does not take care of their legitimate customers once a false positive occurs. If a proprietary software company insists on keeping their code secret and insists on putting locks on its software, they need to take complete responsibility of their paying customers needs with that software, from proper validation to fixing bugs to making their software secure. Otherwise the proprietary model breaks down and people start clamoring for another model, like free software.

      One would hope that a small developer using validation would take care of their paying customers should there be a problem. In fact, I don't think they could afford not to.
      Michael Kelly
      • re: It's not the false positives that bother me

        Me neither. Its the false negatives that keep me up at night!
        davidr555
  • Heaven help us...

    NT
    BitTwiddler
  • Yes, I will test it.

    Will I adopt it? That depends on the test results.
    No_Ax_to_Grind
    • Re: Yes, I will test it.

      [i]Will I adopt it? That depends on the test results.[/i]

      If they can't see your code they can't laugh at it. That's an improvement, isn't it?



      :)
      none none
      • A Mild Critique and Then Champagne! There's Gold in Them Thar Customers

        I guessed you happy faced it, but my first reaction was that it was a mean thing to
        say.

        While false positives would be a concern, I'd be also concerned that I'm now
        deciding that, due to license monitoring tactics, my product is Windows client
        bound. I know that the argument is made today that since Windows are the most
        technologically advanced desktop and server operating systems (in a couple of its
        SKUs) and, when counting all the flavors of Windows (advanced and otherwise -- I
        saw some folks working with Win98 the other day [not because they don't know
        better, but because the money is small and has to go elsewhere]) installed base
        hits about 95% of personal computers, its an easy decision to say my products and
        my customers are XP Professional/Vista Professional/Server 2003/2008 users and
        that's the way it's going to be forever.

        Well nothing could go wrong with that and there's no need to worry about
        competitors who can sell to Windows and the other os users who can't even look
        at my product. Oh, and these new monitoring tools that will convert all my
        pirating customers into gravy train passengers, they don't cost me a penny. Or will
        there be some licensing fees, so Microsoft can get an ongoing cut of my success?
        DannyO_0x98
    • Youre a software developer too?

      Your unverifiable feats apparently have no limit...along with your supposed facts.
      DonRupertBitByte
      • Please stop trying to judge

        me based upon your limitations. You will only ruin what little self respect you have.
        No_Ax_to_Grind
    • Delusions of grandeur

      Auntie Em? Toto?

      One of these days we're going to find out No_Ax is a nym for Ballmer, posting anonymously ala Whole Foods CEO.

      Certainly delusional enough to be him. No grasp of practicalities and absolutely no clue what business customers are actually implementing.

      That either means he's posting from the mental ward, smokes too much weed or he's Ballmer.
      Chad_z
  • A question...

    Will it allow the ISV to place the reg keys in Vista's "Digital Locker"?
    No_Ax_to_Grind
  • after 'IP' protection comes 'code' protection!

    The M$ mobsters don't lack imagination when it comes to spreading FUD. All give them that!
    But there is no need to protect FOSS since the code is out in the open, so there is no 'protection tax' for M$ to collect.
    Linux Geek
    • No one wants to protect something thats useless.

      How hard is that to figure out?
      No_Ax_to_Grind
      • RE:No one wants to protect something thats useless.

        " Microsoft to offer code protection..."

        So why bother?
        ruped24