23

I'm not interested in getting version information. All I want to do is to make sure my application will only run on a legal version of Windows and not on a pirated version. Windows uses some trick to determine this but still allows pirated versions to continue to run, although with some limits.

So, is there a way to check if the application is installed on a legal, genuine Windows version? (Vista and better, at least.)

Let me clear something up: Microsoft isn't preventing users to use a non-validated or illegal version of their operating system. Thus I don't have any reasons to block my application on such a version either. But I do want my application to be aware of the illegal version and warn the user that his Windows version isn't validated. Maybe he forgot, maybe he doesn't want to validate. There could be plenty of reasons for this and I don't want to block them, just making them aware of a problem with their Windows version.

Also, when someone uses a non-valid version of Windows then I might want to do a more strict validation check of my own software, if it's a commercial product. In my free products, I just want an annoying popup, which will just appear once per day.

The main problem with non-validated Windows versions is that they might contain additional spyware and other malware and there's a chance that they don't get all required updates. These Windows versions have a weaker protection than validated Windows versions. Since several of my applications use sensitive data, I don't want any malware leaking away this sensitive data.

Plus, I consider pirated software harmful for any free alternatives. Linux and FreeBSD would have been much more popular if it wasn't for all those pirated Windows versions that are roaming around. People who use pirated software are unlikely to have bought the product in the first place but I would prefer them to use a free alternative instead. Pirated software does a little harm to Microsoft, but it does a lot more harm to the Free community since it keeps people connected to those commercial products...

JasonMArcher
  • 12,386
  • 20
  • 54
  • 51
Wim ten Brink
  • 24,763
  • 19
  • 72
  • 138
  • 3
    +1 interesting question! – Dale Sep 22 '09 at 08:56
  • 37
    I will never buy a software like yours unless you force me to. – P Shved Sep 22 '09 at 09:06
  • 4
    Hey, it could even be open-source. :-) Anyways, I just want to encourage to go Legal. (Use Linux if you don't want to pay!) – Wim ten Brink Sep 22 '09 at 09:15
  • 25
    Why the hell should I **want** to pay a babysitter, that, along with keeping an eye on my kids, searches through all my drawers for drugs, guns and unpaid bills? – P Shved Sep 22 '09 at 09:24
  • 3
    In other words, you want to police the users about something that's none of your business. Good luck with that. – slikts Sep 22 '09 at 09:28
  • @Reinis, it is my business! Someone who pirates Windows will likely pirate my applications too! That is unacceptable. If you want to go legit, use Linux! – Wim ten Brink Sep 22 '09 at 09:32
  • 2
    @Workshop Alex: once upon a time... ugh, well, *my friend* had a pirated Windows and about 5 shareware apps he actually bought. Btw, their owners would certainly lose these money if they were checking for legality of Windows. – P Shved Sep 22 '09 at 09:40
  • @Pavel, of course those owners could lose some money that way. But I have a double motive here. I just want people to use more legal versions of software, even if that means they're going to use more open-source/free products! I don't care that much about Windows, just about my own products. And if people have better, free alternatives, good for them! (And I'd just have to adjust.) If it's up to me, everyone would be using free software and I'd be earning my money some other way. (E.g. by providing better support and better documentation.) I just don't like pirated applications. – Wim ten Brink Sep 22 '09 at 09:46
  • 9
    @Workshop Alex: did you hear about curious cases (mainly in PC gaming world) that people, having bought a license, used pirated game to play, because the original one had too annoying anti-piracy checking (that installed some high privileged system drivers etc)? While pirated version had all these checks ripped off. By using aggressive anti-piracy checks you only make your software more pirated, because, since the customer had already download a cracked version, he will hesitate to pay you. – P Shved Sep 22 '09 at 09:57
  • @Pavel, of course! Been there, done that. I don't want to block people from using my software, just make them aware that they're using something that hasn't been validated. Why do you think MS isn't so aggressive in it's checks? You can still use a pirated Windows version. It will just annoy you, nothing more. – Wim ten Brink Sep 22 '09 at 10:09
  • 1
    @Workshop Alex: Ah that sounds more reasonable and somewhat even funny. :-) But (a) I'm not buying your soft anyway and (b) God help you if you start annoying anyone who *already bought your software*. – P Shved Sep 22 '09 at 10:12
  • 1
    @Pavel, am not too worried about that. Basically, I care about having my application in a more secure environment. I just can't tell my users to drop Windows and move to Linux, though. It's a matter of making people aware of possible security issues. – Wim ten Brink Sep 22 '09 at 10:16
  • Arr, ye be one of those ninja-supportin' landlubbers now? – Mark Rushakoff Sep 22 '09 at 10:54
  • 1
    "Linux and FreeBSD would have been much more popular if it wasn't for all those pirated Windows versions that are roaming around." - that is not true since the average user with less technical expertise can still pirate, but most likely do not have the technical expertise to use Gnu linux/BSD style operating systems. /2cents – Chii Sep 22 '09 at 12:32
  • 1
    Unix derivatives are the core of what a normal user percieves as an OS. Try DesktopBSD or LinuxMint. My 50 years old computer illiterate mother has installed Ubuntu by herself on 3 machines with just assistance on how to make a backup on XP. – Esteban Küber Sep 22 '09 at 12:57
  • @Chii, but those who do have the technical knowledge would then be working on making Linux more user-friendly instead of pirating Windows! For a newbie, it's not that easy to pirate software. They need to know how to bypass the security, which is something experienced hackers will tell them. So why can't those hackers just help newbies with setting up Linux or FreeBSD? – Wim ten Brink Sep 22 '09 at 12:58
  • 2
    @Workshop Alex - if it's your own liability you're worried about (unsecure versions of Windows, malware etc) - then all you have to do is make the user accept an EULA waiving you of any responsibility if their data is compromised due to their own negligence. Nobody is going to side with the idiot who didn't protect his own computer. At most, you will be liable if and only if the sensitive information is not encrypted / stored securely (which is your responsibility since you created the software). – HalliHax Sep 22 '09 at 13:00
  • @TomFromThePool, I can create such an EULA but it still won't stop clients from filing a legal complaint. No one wins in a legal case, except the judge and lawyers. And yes, I am dealing with possible idiots. Most users are computer-illiterates and part of bigger companies. And administrators in at least two of those companies are extremely sloppy and deserve to be kicked out. I don't have the power to kick them out but I can send them a clear message. – Wim ten Brink Sep 22 '09 at 13:45
  • (Btw, a user of one large company left his company to work for another. He took the whole client database of himself with him and asked us to decrypt it and to make it work for his new employer. That's the kind of idiots I sometimes have to deal with...) (And no, we didn't help him but reported him at his old employer. Don't think we'll hear anything from him ever again.) – Wim ten Brink Sep 22 '09 at 13:47
  • 3
    The question title and fourth paragraph are legitimate here. Most of the question is editorializing, and I don't think that's appropriate. – David Thornley Sep 22 '09 at 14:55
  • @David, edited Q as you suggested. You're right, it could be simpler. :-) – Wim ten Brink Sep 22 '09 at 15:12
  • @Workshop Alex: Do you genuinely not understand the problem here? Your last point is completely false and you're deliberately annoying your customers with something that's not your responsibility to police. – CaptainCasey Sep 22 '09 at 23:04
  • @CaptainCasey, you're forgetting that I'm not dealing with consumers but with other businesses. (B2B) As a result, a lot of things that the software does and who is responsible are defined by contracts. These contracts are for additional support, not for the software itself. The software itself isn't expensive. We even give the occasional copy away for free. But then those users want support and that's where we make our profits. I understand the problem very well, but you have to understand the business model. – Wim ten Brink Sep 23 '09 at 08:13
  • Have you considered the case when your software is installed on a virtual machine? – sorin Nov 01 '09 at 08:14
  • Yes, I've considered that. It's not that our software won't work on an illegal Windows version. It will just tell the user that his version is illegal and therefore a possible risk. (Plus, we don't give support to our software if someone installed it on an illegal Windows version.) – Wim ten Brink Nov 01 '09 at 21:57
  • Never purchased that crap, and never will. It isn't worth the money. – Matej May 07 '13 at 21:29

9 Answers9

23

It's an interesting question but wrong attitude. It is not your business checking the affairs of the user.

Or you might as well:

  • Require their tax declaration before selling your software to them

  • A written proof from police they have no criminal record (or they may be inclined to break the law again and pirate your software)

  • Check if they have any torrent software installed (of course it can be used legally but the very fact they have it implies they may misuse it)

  • Check if they have antivirus software installed (to raise their social awareness and to help fight spam bot networks)

  • A credit history report (to be sure they have promptly paid their bills and will also not forget to pay for your software)

  • A proof from their family doctor they have no terminal disease (a person feeling condemned may break the law and pirate your software)

You see where it's going right?

One of the key rules for developing software - your software should be useful, make the users happy and build as few barriers as possible.

  • It is something I worry about since a user who uses a pirated Windows version could also be pirating my own software. – Wim ten Brink Sep 22 '09 at 09:18
  • 7
    @Workshop Alex: Who says we protest from using legal Windows? We protest against crappy software that imagines itself eligible to searching **my** computer! – P Shved Sep 22 '09 at 09:28
  • 2
    Well, don't use that software! We're not holding a gun against your head and force you to use it. Go find a free alternative instead and continue to support free alternatives. When the free alternatives are winning, any commercial product will sooner or later go bust. Pirated software just keep those commercial products in business simply because of the increased usage... – Wim ten Brink Sep 22 '09 at 09:37
  • +1 for reminding me that I can also check if they have antivirus software installed. :-) Basically, I want MY OWN application to be secure. – Wim ten Brink Sep 22 '09 at 10:53
  • @Workshop Alex: You have a more serious problem than you think. –  Sep 22 '09 at 10:55
  • @New in town, you don't understand the Q. I don't care if the user uses a legal version of Windows or not. But my software handles sensitive data and I need the user to be aware of security problems! It already has several security measures but in this case users will be made aware of the risk and can continue to use my applications if they're willing to take the responsibility. – Wim ten Brink Sep 22 '09 at 11:31
  • @Workshop Alex: You failed to communicate this need in your question. No need to blame us. –  Sep 22 '09 at 11:47
  • @Workshop Alex: Anyway, this level of checks by the application itself is very uncommon nor can be reliable. Try to think of it this way - what other software that you know works just as you wish? None? Right. There must be a reason for that. –  Sep 22 '09 at 11:49
  • 10
    (-1) This is a comment, not an answer. You haven't provided any help on accomplishing what he asked you how to accomplish. – DevinB Sep 22 '09 at 12:17
  • I did update the Q two hours ago to clear it up a bit, even though I already had accepted the answer. And other applications that do the same? I know one, which happens to cost about $250.000 and which deals with a lot of security issues. It handles financial transactions for international locations of a single corporation, to reduce the number of foreign payments, favoring localized payments instead. (An in-house banking application.) – Wim ten Brink Sep 22 '09 at 12:17
  • A company which uses a software costing $250,000 will probably not be interested in using a pirated copy of Windows. Even Windows 7 is for $299. – Alec Smart Sep 24 '09 at 04:13
  • 2
    Alex you should WARN the user that they should use legal versions etc. and make them tick a box that warranty will be void if they do not. You do not need to go ahead and do the check yourself. – Alec Smart Sep 24 '09 at 04:15
  • @Alec, that is part of the contract between us and the customers. In the B2B world, it's uncommon to see a user with illegal versions of Windows unless you're exporting to certain countries, mostly in Africa and Asia, where illegal software is more common. This serves as an extra reminder to them. – Wim ten Brink Sep 24 '09 at 08:34
7

You can't possibly know and you shouldn't care.

The legal status of an install is entirely unrelated to anything on the disk. The same install can be unlicensed now and licensed the next minute without any changes to the machine.

Kristof Provost
  • 24,574
  • 2
  • 22
  • 27
  • I care because I don't want my own software to be pirated either. And someone who pirates Windows is likelier to pirate my own products too. – Wim ten Brink Sep 22 '09 at 09:23
  • 3
    But if someone has a pirated version of windows, but he buys a license for your software? – Ikke Sep 22 '09 at 09:38
  • If someone buys my software and has a non-validated Windows version, he just gets an additional popup warning him his Windows version isn't validated yet. That's basically all I want. – Wim ten Brink Sep 22 '09 at 09:54
  • You can't know - but you can detect if windows has been activated etc. Surely it is up to the OP if he should care or not? – Kramii Dec 14 '09 at 17:02
  • Your opinion is not an answer. – Corey Feb 04 '16 at 09:37
6

That's something for Microsoft to worry about. Not you.

wefwfwefwe
  • 3,154
  • 1
  • 18
  • 23
  • 11
    Thats an opinion, not an answer. – Frank Bollack Sep 22 '09 at 08:59
  • 16
    That's an opinion, not a comment. – wefwfwefwe Sep 22 '09 at 09:06
  • Actually, when users are involved in illegal software, they could also be pirating my own software. Thus it's my problem too! – Wim ten Brink Sep 22 '09 at 09:16
  • 6
    But what I or anyone else does outside of our business agreements is none of your business. – wefwfwefwe Sep 22 '09 at 09:30
  • No, but if you use an illegal Windows version combined with one of my application, you might be sharing all your information with the whole World because your non-validated and outdated Windows version contains a bunch of malware. Not my problem, just want to warn you about this possible problem when you use a non-valid Windows version. – Wim ten Brink Sep 22 '09 at 10:17
  • 1
    And that's something for me to worry about. Not you. – wefwfwefwe Sep 22 '09 at 10:33
  • Not if you use my application because then you might hold me liable if it's data is leaked. – Wim ten Brink Sep 22 '09 at 10:48
  • 1
    even legal versions of windows contain a whole bunch of malware. even a fresh installation has a bunch of malware, we’re talking about windows after all – knittl Sep 22 '09 at 12:12
4

Microsof offers a small API, but MSDN doesn't state anything about how the used DLL is installed at the client system. My guess is, that it comes with the SP2 or WGA utility from windows Update.

This is the MSDN page for the API.

Frank Bollack
  • 22,354
  • 3
  • 45
  • 56
  • It says how the API gets installed: "The WGA functions are available only on Windows Vista and Windows XP installations that have been validated by clicking Validate Windows on http://www.microsoft.com/genuine." Anyway, +1 for a good answer. Don't see why this had been downvoted. – Dirk Vollmar Sep 22 '09 at 09:15
  • 1
    Ah, thanks, must have missed that. About the down vote, maybe some people don't like the way MS forces their users to validate their installed software. And so the also don't like people, making use of this technique. – Frank Bollack Sep 22 '09 at 09:21
  • 1
    +1, also a good answer! Useful for WIN32 development. The previous answer works on .NET, so both are now covered. :-) Too bad I can't split the answer... – Wim ten Brink Sep 22 '09 at 09:22
  • 1
    @Workshop Alex: It goes without saying that you can use this also from .NET (using P/Invoke aka `DllImport`). – Dirk Vollmar Sep 22 '09 at 09:25
  • The Q itself is controversial already since some people just don't like to pay for Windows. If more developers start to check the legality of Windows, those people will start to become very isolated. (Besides, I wonder why they just won't use Linux instead. If more people are blocked from using pirated software, Linux will only become more popular.) – Wim ten Brink Sep 22 '09 at 09:27
  • @divo, of course. :-) But the answer gave me a solution that doesn't need DllImport or P/Invoke. Basically, both answers are good but he was first. – Wim ten Brink Sep 22 '09 at 09:30
  • @divo: I downvoted this answer because it's incorrect (a fair reason, right?). The correct answer for the original question is "None of your business to check it!". – P Shved Sep 22 '09 at 09:59
  • 1
    @Pavel: Do you mean wrong in terms of not fitting to your point of view??? – Frank Bollack Sep 22 '09 at 19:05
  • @Frank Bollack: what's the correct answer to "Have you stopped hitting your wife every morning"? The correct one is "Go to hell!" That's what I'm talking about. – P Shved Sep 23 '09 at 21:19
3

Why don't you also check to make sure they're not running a pirated version of Photoshop? Or Half-Life? How about Microsoft Office?

See where I'm going with this? I don't particularly agree with piracy checks as it stands - but in order to perhaps save you a headache, I would suggest that you only worry about whether your own software is pirated, using whatever means you wish (licence keys, phoning home, whatever nefarious and intrusive method you so desire!). So someone who pirated Windows MAY be likely to also pirate your software too. If you intend to block usage of your software if you detect they're running a pirated copy of Windows - well, that's just bad practice. What if the validation software is buggy, or incorrect, or reports that the software is pirated because SOMEBODY ELSE used this person's legitimately bought licence key?

Aside from it being none of your business, Windows in particular has been known to falsely report that a legitimate copy of Windows was pirated. You should not trust anybody's validation tools but your own (and even then you might have coded a crappy validation tool!). There are so many things that could cause an incorrect piracy report - I would steer way clear of this approach.

HalliHax
  • 806
  • 2
  • 11
  • 24
  • I understand what you're saying but all I want is to make the user aware that his Windows version isn't valid, which might also introduce security risks. I could also warn him if he's not using a virusscanner to keep his system secure. That might actually be my next Q. :-) – Wim ten Brink Sep 22 '09 at 10:14
  • @Workshop Alex, I don't use an antivirus software as it slows down every disk access several hundred times; yet, I haven't had a virus problem in over a year (and that one minor) because I am careful about what software I use. If your software would nag at me I'd completely remove it without question. – CMircea Jul 05 '10 at 11:55
  • 1
    @Workshop Alex, and what about people running your software inside Wine? Wine doesn't validate as genuine Windows (as it isn't Windows!) and doesn't need antivirus programs (most won't even run anyway). – CMircea Jul 05 '10 at 11:56
  • @iconiK, Wine is not supported and will not be supported since the software uses some special Windows features that aren't supported by Wine. – Wim ten Brink Jul 06 '10 at 10:59
  • @iconiK, not using antivirus software isn't smart, even if you only use Linux. Then again, experienced professionals will be able to keep their system clean even without antivirus products. But the users of my software are handling sensitive personal and financial data and they cannot take any risks with this data. (And some seem to have similar mental capabilities as a well-trained chimpanzee...) – Wim ten Brink Jul 06 '10 at 11:04
3

Not even Microsoft can do this reliably. It is a constant arms race as Microsoft updates WGA against people who seemingly have to do very little to bypass it. This is exacerbated by the needs of OEMs who (rightly) need to have preinstalled and prevalidated copies of OSs so they don't annoy their customers, whom may well be business customers. I think that a lot of the "hacks" around this have to do with OEM master keys.

Basically, pirating software (including Windows and your software) is a social problem not a technical one. The worst thing you can do as a software vendor (imho) is to annoy your legitimate customers in the quest to stop pirates to the point that you make your legitimate customers pirates. Example: some games have gone so far as to install rootkits as well as limiting the number of activations (eg Spore).

Limiting activations in particular is an evil practice. People have an innate sense of fairness about these things. If they have two activations of something, are running Windows XP and switch to Windows 7 RC and will then switch to a real version of Windows 7 when released then they've just gone over the limit. As in the case of Spore, you can request additional activations over the phone but this kind of thing just rubs people the wrong way. Some to the point that they'll feel quite justified in bypassing such restrictions.

As for downvoting your question, I suspect it's because people don't like your intent, probably for reasons that are similar to the ones I've listed above.

cletus
  • 578,732
  • 155
  • 890
  • 933
  • Basically, I just want my software to check how secure the OS is. If it has potential security problems, I warn the user, forcing him to acknowledge the security problem before he can continue. Takes away some of the liability. In no way do I want to block users. But some users don't understand this security aspect behind the Q. – Wim ten Brink Sep 22 '09 at 11:27
  • 1
    But by doing the check, you open yourself to be held liable when a legitimate Windows copy with Norton Antivirus lets a spyware to release all of your app's data! Leave the computer's security to the computer owner. – Esteban Küber Sep 22 '09 at 13:19
  • Not in the Netherlands. But it also depends on the EULA and the contract between the clients and my organisation. Most are B2B contracts since the software has no features usable by consumers. – Wim ten Brink Sep 22 '09 at 15:30
2

The way I see it, I won't ever trust someone else's verification system to be accurate enough that I would be willing to lock people out of using my software.

I see where you're coming from, but I suggest having MS worry about Windows validation.

In addition, there's really no way to know the true legal status of an install through the machine itself. Sure, there's "validation" and all that jazz, but that's nigh meaningless in context of the truth.

phoebus
  • 13,661
  • 2
  • 30
  • 35
  • 1
    Microsoft is doing the validation, and I'm just interested in this result. Does Windows think it's legal or not? – Wim ten Brink Sep 22 '09 at 09:17
  • 1
    Again, it's just a question of whether it's been validated or not. It doesn't come anywhere near the question of legality at that point. You need to stop conflating "illegal" with "not validated". – phoebus Sep 22 '09 at 09:25
  • Basically, it's a matter of trust. If someone uses a validated Windows version, I consider him more trustworthy. If Windows is not validated, there could be a legal reason for that. I don't need to block the user, just make him aware that his Windows version isn't validated yet. If M$ doesn't bother blocking non-validated Windows versions, why would I bother about that myself? Just annoying the user with an additional popup is already good enough. – Wim ten Brink Sep 22 '09 at 09:53
  • 1
    Why do you think that annoying your users is a good thing? If they are not trustworthy, they won't buy your program anyway, especially not if you bug them with annoying popups that may or may not be legit. Trust your users instead, those that are willing to pay will pay you if your program is good and don't annoy them, the others won't pay whatever you do to them. All you will accomplish is turning users away from your program. – Runeborg Sep 26 '09 at 16:57
  • @Workshop Alex, as a matter of fact, I can easily buy Windows, it's $100, but your software is $2000, I'm way more likely to get an illegal copy if I can't afford it. A real example is Windows and Photoshop or even Creative Suite. – CMircea Jul 05 '10 at 11:58
  • I'm not worried about people using an illegal version of my software. They need a subscription to a secondary service to practical use it. Without the subscription, the user will just end up with outdated data and will be missing some important features. Still allows them to try the software and check if it's okay, though. – Wim ten Brink Jul 06 '10 at 11:07
1

Just asking the technical part, leaving out your reasons/philosophy would have given you direct answers.

ThisIsMeMoony
  • 362
  • 1
  • 6
-1

If you prevent pirating your own software (i mean prevent it running on pirated windows) then probably your software will not be as sucsessfull as it could.

Just make your client pay fair price for your software.

Janis Veinbergs
  • 6,868
  • 5
  • 44
  • 75
  • 1
    My clients do pay a fair price for my software. No complaints there. But some clients don't want to pay at all and I'm better off with them using a free alternative instead of something illegal. There are plenty of free alternatives for commercial software so why would anyone use pirated software? Just give more support to free software instead! – Wim ten Brink Sep 22 '09 at 09:34
  • 1
    Well i mean just price your software accordingly. For games and other services that have to do something online, it's a good thing to just add extra value for paying the price. For example, you could provide only 1 client account per cd-key to do something online. In that way, it's more likely someone will buy your software. – Janis Veinbergs Sep 22 '09 at 10:41
  • Much of my software is cheap or even free. But it allows the user to handle data from other persons including creditcard information, social security numbers, NAW+DOB and much more. If this data is exposed then I might be held responsible, unless the application told the user that he has security problems. Popping up this warning will force the user to be aware of this security problem. If he ignores it and his data leaks out, it's his fault, not mine. (And yes, my software has plenty of other security measures.) – Wim ten Brink Sep 22 '09 at 10:51
  • 1
    @Workshop Alex: there is where you are wrong. You can't be held liable for the users' machines security. By *doing* this validation you open yourself to that liability. – Esteban Küber Sep 22 '09 at 13:14
  • @voyager, I don't want to take any risks. Besides, liability differs per country. In some situations, companies can be held responsible for damage caused by their applications, especially when using weak or no encryption. Fortunately, my company is insured for any legal problems that can arise from the software we create, including possible legal damages. When talking to one of their advisors, I considered adding this feature, which he told me could even further reduce liability. I do consider this insurance agent an expert at this level. – Wim ten Brink Sep 22 '09 at 15:26