Should I or should I not - "Licensing"? pls give me your opinion...

Hi Guys

Here is another should I or should I not question requesting your opinion pls.

In an effort to make our licensing process easier for the end users, the following is what we came up with:

User installs CPF.
CPF using internal algorithm generates a key
passes this key to Comodo
Comodo verifies and OK and hence product is activated.

This takes place on the background.

the advantage is no messing around emails, serial numbers etc.
everything is done automatically without even worrying about license activation…

What do you all think?


Hi Melih,

Let’s say, after the first installation of CPF, the key is successfully generated, passed on to Comodo, verified and OK’ed - will this process have to be repeated for successive installations of CPF?, or will the end-user have access to the key and be able to merely use the same key again for a future CPF installation (as they can now with the use of their Activation Code)? E.g., the hard drive had been replaced or re-formatted and everything had to be freshly installed.


Every installation (in this proposed scheme) would require the same process. But you raise an important point.


Well the activation could be saved to a license file and during the installation process CPF would ask the user whether to activate it online or restore license information from a file.

By your last answer i must understand as: CPF will use the unique motherboard (CPU, etc.) numbers to generate the key. I know that some software vendors alreay useing a per unique pc (hm, fe. even some OEM softwares) but this mightn’t be too good because of private policy problems. What i want to say (or the competitors, etc.) that you might be able to identify the computers - and so the user.

As i see, you really can’t live without an online connection. What is the main reason you wouldn’t allow offline setups?

the system will not use any Identifier you have on a PC.
it will simply have piece of code in cpf that generates a number thats all.


Can’t the install generate a txt doc placed in your program folder for future use?

How about a compromise.

Internal code in the SETUP.EXE generates a unique key (based on date/time of install and the download session used to download the executable), but the key is not user or PC dependant. The key is written out to a file and CPF can then do a check for a net connection. If a connection exists, send the key. If the connection does not exist, do nothing except remind the user that the installation has not yet been activated but is still fully functional. When a connection does exist, offer the user the opportunity to validate the install.

This way, Comodo can accurately track the number of times each download is installed (from the download session key and the date/time of install, resolved back to GMT to get around time differences) and the user is not inconvenienced with faulty activations.

What think?
Ewen :slight_smile:

well, that’s how it will work, but one difference that it will use the MAC address in its activation.


After i read the blog (a link was at this forum somewhere / or what :)/) about how interessting ideas there are to stop wireless hacks and the case with MAC address hacking, it’s an interessting question. But anyway, the MAC address IS (or should be) an unique thing.

You should create a better licensing system, where i - with my own datas - can get a x quantity of licenses! So i’d be able to install the softwares faster then 1-1 user.

are you referring to a scheme where you need to install CPF into multiple machines?
if so, why can’t you simply install it (as per above system) and it will automatically activate.


Sounds like a good idea :). Is it not possible to tell how many users have downloaded a product from your server(s) without activation?


we know exactly how many downloads take place from our website. We don’t know how many downloads have come from other sites, magazines etc. Majority of the downloads come from other sites and not our website.


I see :). I think your mentioned method is probably the best way then and will involve minimal setting up for the user.


That would work, and I wouldn’t worry but why the MAC address? Some people don’t like the thought of something physical indentifiable with them being used in authentication, and MAC addresses can be spoofed anyway.

Another unique identifier thiat is user of hardware independant is the location that the setup.exe is launched from. This could give you a third unique factor (along with date and time resolved to GMT).

what think?
ewen :slight_smile:

so what you are suggesting is don’t use MAC…


Before you transmit such a number, I find it absolutely necessary (!) to have a pop-up window that tells the user

  • that CPF wants to transmit an activation number

  • that this number doesn’t contain any personal data and that no personal data whatsoever is transferred

  • what data from the computer will be transferred (MAC-address) [I hope that you won’t transfer anything hardware-related]

  • an option to view what is sent (creates a trustworthy feeling, although the software could theoretically display something totally different to what it actually sends).

  • a reason why you are doing this and that this is necessary for operation of the firewall.

Then let the user click ok.


fair point weaker…


Me personally, I don’t care. What MAC address would you like? LOL

But, people do get a bit leery about an authentication that includes some tangible details about something they can physically pick up and belongs to them - that it’s personally identifiable as their property.

What damage they think you can do with a list of disparate MAC addresses is beyond me - but the fear is out there.

ewen :slight_smile:

Actually, creating a random number by the current date won’t make the users unhappy. I saw a program long time ago which generated the numbers by moveing the mouse pointer :).

MAC: it’s a simple thing, competitor can say “what if the bad guy tooks your serial number, tracks down the MAC address and he can hack into the computer with a fake MAC?” (i know that this might have around… 0,0000… 1% chance but so nice to say…). I also wouldn’t wonder if they, their fans here (i bet there are some) and some of us (users) disagree with the idea: without a good explanation.

Multiply install: Melih, actually, now as i’ve created around 30 pcs for our users, i really missed a good commandline parameter :).