Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu!bgsuvax!dnebing
From: dnebing@bgsuvax.UUCP (David Nebinger)
Newsgroups: comp.sys.mac.apps
Subject: Re: All Commercial Software Developers or Companies (pls read)
Message-ID: <7682@bgsuvax.UUCP>
Date: 27 Jun 91 18:30:57 GMT
References: <43742@cup.portal.com>
Organization: Bowling Green State University B.G., Oh.
Lines: 30

From article <43742@cup.portal.com>, by ts@cup.portal.com (Tim W Smith):
> < Spaudit does not look at files to see what made them and then determine that
> 
> I think you should reconsider on this point.  It could be very useful
> to know what applications are creating documents.  Remember, many
> applications can read the documents of their competitors, so you can
> get situations where the software is mismatched to the needs of the
> company.  Person A might make a document and give it to person B, who
> uses a different application to read it.  We then end up with person B
> having documents not produced by any application on B's machine.
> 

	This is also a possible work-around.  _If_ (this is purely
theoretical and does not represent my situation or any that I might
know of) I were to pirate software, it might be possible to get
around the audit by using ResEdit (or another similar appl) to change
the creator and the type of the document.  When I wanted to use such an
application, I'd just have to change them back.

	This just shows that there are holes in SPAudit that can be
worked around if someone wants to pirate something.  It may have other
holes in it also.  People have described using an encrypted partition 
on their hard drive to keep such items.  

SPAudit may look like a good answer from the outside, but upon
closer examination, it can be bypassed just like other protection
schemes.

David Nebinger
dnebing@andy.bgsu.edu