Let’s say, after the first installation of CPF, the key is successfully generated, passed on to Comodo, verified and OK’ed - will this process have to be repeated for successive installations of CPF?, or will the end-user have access to the key and be able to merely use the same key again for a future CPF installation (as they can now with the use of their Activation Code)? E.g., the hard drive had been replaced or re-formatted and everything had to be freshly installed.
Well the activation could be saved to a license file and during the installation process CPF would ask the user whether to activate it online or restore license information from a file.
By your last answer i must understand as: CPF will use the unique motherboard (CPU, etc.) numbers to generate the key. I know that some software vendors alreay useing a per unique pc (hm, fe. even some OEM softwares) but this mightn’t be too good because of private policy problems. What i want to say (or the competitors, etc.) that you might be able to identify the computers - and so the user.
As i see, you really can’t live without an online connection. What is the main reason you wouldn’t allow offline setups?
Internal code in the SETUP.EXE generates a unique key (based on date/time of install and the download session used to download the executable), but the key is not user or PC dependant. The key is written out to a file and CPF can then do a check for a net connection. If a connection exists, send the key. If the connection does not exist, do nothing except remind the user that the installation has not yet been activated but is still fully functional. When a connection does exist, offer the user the opportunity to validate the install.
This way, Comodo can accurately track the number of times each download is installed (from the download session key and the date/time of install, resolved back to GMT to get around time differences) and the user is not inconvenienced with faulty activations.
After i read the blog (a link was at this forum somewhere /download.com or what :)/) about how interessting ideas there are to stop wireless hacks and the case with MAC address hacking, it’s an interessting question. But anyway, the MAC address IS (or should be) an unique thing.
You should create a better licensing system, where i - with my own datas - can get a x quantity of licenses! So i’d be able to install the softwares faster then 1-1 user.
are you referring to a scheme where you need to install CPF into multiple machines?
if so, why can’t you simply install it (as per above system) and it will automatically activate.
we know exactly how many downloads take place from our website. We don’t know how many downloads have come from other sites, magazines etc. Majority of the downloads come from other sites and not our website.
That would work, and I wouldn’t worry but why the MAC address? Some people don’t like the thought of something physical indentifiable with them being used in authentication, and MAC addresses can be spoofed anyway.
Another unique identifier thiat is user of hardware independant is the location that the setup.exe is launched from. This could give you a third unique factor (along with date and time resolved to GMT).
Before you transmit such a number, I find it absolutely necessary (!) to have a pop-up window that tells the user
that CPF wants to transmit an activation number
that this number doesn’t contain any personal data and that no personal data whatsoever is transferred
what data from the computer will be transferred (MAC-address) [I hope that you won’t transfer anything hardware-related]
an option to view what is sent (creates a trustworthy feeling, although the software could theoretically display something totally different to what it actually sends).
a reason why you are doing this and that this is necessary for operation of the firewall.
Me personally, I don’t care. What MAC address would you like? LOL
But, people do get a bit leery about an authentication that includes some tangible details about something they can physically pick up and belongs to them - that it’s personally identifiable as their property.
What damage they think you can do with a list of disparate MAC addresses is beyond me - but the fear is out there.
Actually, creating a random number by the current date won’t make the users unhappy. I saw a program long time ago which generated the numbers by moveing the mouse pointer :).
MAC: it’s a simple thing, competitor can say “what if the bad guy tooks your serial number, tracks down the MAC address and he can hack into the computer with a fake MAC?” (i know that this might have around… 0,0000… 1% chance but so nice to say…). I also wouldn’t wonder if they, their fans here (i bet there are some) and some of us (users) disagree with the idea: without a good explanation.
Multiply install: Melih, actually, now as i’ve created around 30 pcs for our users, i really missed a good commandline parameter :).
