Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!spool.mu.edu!news.nd.edu!mentor.cc.purdue.edu!mace.cc.purdue.edu From: adf@mace.cc.purdue.edu (Brian Moore) Newsgroups: comp.protocols.nfs Subject: microsoft + networks + security = Pain Message-ID: <6874@mace.cc.purdue.edu> Date: 22 Feb 91 17:22:42 GMT Sender: adf@mace.cc.purdue.edu Distribution: na Organization: Purdue University Lines: 71 Microsoft + Networks + Security = Pain Could somebody "hint Microsoft" Please tell me how to protect your products on a NFS network (heck any network) from people copying them. My problems began when Microsoft (or the vendor of your choice) decided to make the overlay files embedded within the executable. Normally this wouldn't be a bad idea if it was going to be on a local PC hard drive or if you are not worried about people stealing copies of your software. But I work at a University where it is not possible to have a copy of a package for everyone on campus just a copy for each computer we have on the net. And there are many students who wouldn't think twice about taking an illegal copy of "Word for windows" home. The problem with these internal overlaid products we are having is they cannot be marked executable only. If you do you won't be able to read the overlays in the file. This is not a problem if the overlays are external you just mark the overlays readable and the program executable only and you have a secure product which nobody can copy. If you marked the internal overlay file executable only you can get some interesting errors and the program crashes. We have had the same problem with Novell networks and we were able hide the file but this is not very secure. I know of ways to copy the files still and you most likely do to (there is no reason to describe how to). But under NFS there is no UNIX way to hide a file on a PC and still be able to run the program. what we have done is: Set the program up on the NFS drive. Create a bin directory one directory up from the application directory Ex. \WORD \WORD\BIN In the BIN directory we place the overlaid executable. now we flag the home directory and the support files of the application as "chmod 755" next we flag the BIN directory as "chmod 711" Then we flag the application in the bin directory as "chmod 755" Lastly I get down on my knees and pray that there is a way to have the application know where to find the support files it might need. With word I have been able to do this but Windows applications have made me conceder buying stock in aspirin companies in order to get some of my money back. This still is not the most protected way to have an application but I can make it so you almost have to ESP to figure how to copy it. Oh by the way to run that application you have to write an launcher application which knows the absolute path of the program. If any body has any suggestions please contact me (adf@cc.purdue.edu). My suggestion would be if your a company who is going to write an application which needs overlays and might be placed on a network. You could make network administrators lifes much less stressful by keeping the overlays out of the applications. It's at the point now when I see a license agreement I want to hide. The moral of the story is, if you don't want people to copy your software make it easy for network administrators to protect it. Speaking of licensing what about software metering, Ack @#$!!!. Brian Moore |Phone: 317-494-1787 Purdue University Computing Center |FAX: 317-494-0566 ENAD BLDG |email: adf@cc.purdue.edu West Lafayette, IN 47906 | Brought to you by Super Global Mega Corp .com