Some typically stated reasons not to pay for software:

• “Software is just too expensive. If it were reasonably priced I might consider paying for it….”
• “Software companies aren’t hurt if I use a cracked copy or a shared license, any more than they would be if I didn’t use their product at all.”
• “I don’t use it for any commercial gain, so I don’t feel bad about monkeying around with a cracked copy.”
• “Information wants to be free!”
• “If the software maker is unable to secure it properly then it’s their own fault.”
• “The universe is an illusion; software licensing doubly so.”

Alright, that last one was a paraphrase of the late great Douglas Adams and perhaps not the most common excuse, but I’m sure most of these thoughts have run through the heads of everyone who reads this post at least once, myself included.

The point here is that you can argue against any of these flimsy rationalizations until you’re blue in the face, but those hungry for cracked software or shared license keys will stop at nothing to get what they want.

Schemes that rely on Activation Servers and/or place magic in the key itself are vulnerable to Keygen and Host File Redirection attacks. You have a serious problem if are trying to sell your software and haven’t employed a licensing scheme that defeats License Key sharing.

While a big inscrutable key full of letters and numbers may be unguessable, it is also very anonymous. The sort of thing a person might not mind sharing with a friend. Once that friend has it, there is even less barrier to sharing, because the friend isn’t on the software maker’s license holder list and stands to lose very little if they let another friend share it. From there, it might as well be posted on a billboard in downtown LA.

Enter Zarqon

Zarqon is an Active License Control System built by Futurescale to combat this problem for our own product offerings, which are currently Adobe Flex and AIR based. In fact Zarqon is itself license-controlled using the same Zarqon API that you can use to secure your own app.

For AIR desktop applications, Zarqon defeats License Key sharing by requiring not only the License Key, but also the Name and Email address of the License Key Holder. If this is the same information associated with the payment that was made via Paypal or any other payments vendor, then you can be certain it is a verified Name and Email address that the individual will not want shared around the Internet with their license key.

Nevertheless, this information could be stolen or ’socially engineered’ from the individual and used without their permission, so there is still the possibility of a compromised license to contend with, though it is orders of magnitude smaller than a scheme where only a valid License Key is required.

And it is a simple matter to revoke and reissue a license with new user information when the user has reported it as compromised. All copies of software running the revoked license immediately cease to work when launched.

For Flex web applications, the License Key is combined with the website from which the application is served in order to ensure that the license key cannot be used to serve the application from a different website. This renders the License key useless to anyone other than the owner of the domain.