More on Protecting Source Code

Cliff Wells LogiplexSoftware at
Fri Sep 20 09:47:09 EDT 2002

On Mon, 2002-09-16 at 21:50, Steven wrote:

> "Security through obscurity is no security against a determined attacker"
> So, someone who is willing to hacka nd hack and hack away at your code, can
> get at it, and this is true for things coded in assembler, C, Python or
> Befunge. Most people aren't determined attackers, they're simply Joe Average
> who needs to get a  job done.

And even Joe Average is able to download the cracked software from one
of the many sites that exist to distribute such software.  This is the
problem:  people think that they can protect their software from the
"average" user, and they could except that the "average" user has the
resources of the cracker community at his disposal.  

> An operating system is a complex beast, compiled into machine code its even
> more complex, how many people out there are using an unlicensed copy of
> Windows or Office? they didn't decompile, that would take skill, they just
> copied it bit for bit and posted the registration key.

True, but if skill is required and the software is worth it, someone
will take the time and they get no greater joy than posting their work
for others to see (and download).

> Do a very very simple risk analysis. Who is your target audience, what is
> the price of your software, will people bother going through your bytecode,
> or will they just post the registration key to a website? Will stolen
> software lead to a loss in revenue - or will those pirate users be people
> who would never have bought it in the first place? (yes, the pirate users
> are annoying, and you would feel ripped off, but OTOH you haven't lost
> money, and you've gained a bunch of users)

Very true.  Microsoft benefited greatly from this stance (not worrying
too much about unlicensed copies of Windows and other applications).  
Not enforcing a copyright is a quick way to get something to become a
"standard".  You can always enforce the copyright later, when everyone
is dependent on your software (again, see Microsoft).

Cliff Wells, Software Engineer
Logiplex Corporation (
(503) 978-6726 x308  (800) 735-0555 x308

More information about the Python-list mailing list