Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 9 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I currently use VMware workstation to create separate workspaces for various clients that I do work for. So for a given client I only install software needed for a specific job, and don't have to worry about software A for client #1 mucking up software B for client #2.
With an adequate sized hard drive this works well but I am not sure I am using VMware to its best advantage. The steps I go through when setting up for a new job are:
Do a windows update on a base VMware image that I have saved away.
Make a full clone of the base image and rename for the new job
Launch the new image and configure/install as necessary.
After doing this for a while I now have a collection of VMware images sitting around that are all at different levels of updates unless I manually go into each image and kick off an update cycle. And if there is some new tool that I want in all of my images I have to also go around and do multiple manual installs. But I feel secure in knowing that each image is self contained (albeit taking 10+Gb at a hit) and that if anything happens to a single image then an issue cannot propagate into any other image. (Note that I do do regular backups of all my images)
So my question is am I doing this the best way, or should I consider linked clones so that I only have to do a windows update or common application install on my base system? What are the pro's and con's of each way of organizing things?
In addition, although I try not to keep data files inside the Image's local disks I find that the share to my local hard drive seems very slow compared to the Images file system, hence I tend to leave work inside the image. Should I force myself to not leave data inside the image? Or put another way, how much corruption can a VMware image take before any single file in the images filesystem becomes inaccessible?
Edit
Some thoughts I have had since posting this question
With a full clone I can archive old work away and remove it from my primary hard drive
Link clones take up a lot less space than a full clone, but I am concerned about archiving a linked clone away somewhere else.
The time taken to make a full clone is not too significant (5-10 mins) and I am generally doing it on a weekly basis.
However I also tend to do a lot of "Lets see what happens with a clean install", especially when I am documenting how to install applications for the client.
I have found that my VMware images cause a lot of fragmentation on my hard drive, so I also end up doing a lot more defrag that before I used VMware. I am not sure if using linked clones would reduce this.
I'd stick with your current system. In this situation, having isolated images gives you a lot more flexibility. It might cost you some more time doing updates and installs, but it will be worth it. And that's mostly stuff that you can have going in the background while you do other things, so if you manage your time well the time spent on that should be negligible.
Also, it's probably a good idea to keep your images on their own disk or at least on their own partition. If you do that it shouldn't have any effect on fragmentation on the rest of your system.
This is really going to depend on what kind of and how many projects and clients you have. Building a new VM for every client doesn't scale well if you have dozens of clients, since you'll have to be keeping them all up to date.
I'd be wary of keeping files spread between the host and VMs as you mention though. It's better to keep all your dependencies in one place.
I'm interested to see others' VM strategies here too.
I work for CohesiveFT, the guys who make the Elastic Server platform - so I am biased - but we use the platform to deliver projects to partners and customers. It allows us to set up assembly-time components for different projects and then build them into VMs on the fly for VMware, Parallels, Xen and EC2. The service has a tagging feature so you can tag software packages, server specifications and templates and keep your assets straight.
You can also create assembly portals (think a content management system for assembling virtual servers) which you can control or even let customers have access to customizing their own virtual servers.
http://www.elasticserver.com
You can have a quick browse at virt-manager, just as an aside as to whats also there.. you never know, you might even like it..I think having such a tool can give you a bigger kick in performance and less disk defrag issues.
You would have to go for a steep learning curve and the conversion time to make it all work perhaps.
If updates is your main time spender, try WSUS, nothing related to VMs itself, but it helps with deploying windows updates.
Lastly, check Hanselman's blog on Invirtus, Virtual Machine Optimization at its best.
Related
I struggle with the licence of the software I wrote in C(the core) and C++(the GUI).
At the beginning I thought I'd use some crypto algorithm, but it was very easy to read the password stored inside the executable.
So to prevent hacks I decided to store all the valid serials inside the executable, my optimistic guess was there would be 1000 serials. No need to encrypt anything. But I read that it is possible to edit the executable, this means that if I write:
if(tb->is_demo)
{
//check limits
}
Somebody can by-pass it and write:
if(false)
{
//check limits
}
So, it becomes hard to protect my software, each solution that comes to mind, earlier or later there is a main if somewhere that can be bypassed.
The question are two:
Is possible edit an executable?
If yes, what can I do to avoid to get edited?
is possible edit a executable?
Without surprises, Yes.
if yes, what can I do to avoid to get edited?
You cannot completely avoid it. Big software development firms are working on the subject, yet their softwares (Professional software, games, ...) are hacked and used for free anyway.
What you can do is make the hack more expensive than your licence cost. You also can accept being "frauded". Or you can protect yourself by other means that technological ones (think law suits).
You may ask how to "make the hack more expensive than your licence cost?". This is off-topic on Stackoverflow. But be sure libraries answering that need exist. Now is the time to make your google skills pay ;)
Anyone can easily edit your executable so I would advise not to store all the valid serials in your program.
You could look into this open source project Open license manager
Another option is to store all your valid serials in a database on some server and create an API that you can make requests to whenever you want to check if a serial is valid or not.
You could use python and flask to create the API and the server
Yes, an executable can be edited. Many software have been cracked through this method. There are however two ways of doing this:
Hash editing
Through third-party software
It is possible to "avoid" them. You can either encrypt these files or you can lock the data from being streamed out.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
We plan to give access remotely for one of our users to Solidedge as he is working from home and other users into our offices. Currently, he has is own PC at home and has to come regulary here.
I already tried XenDesktop, XenApp (but not the lastest release at it is not available for demo purposes, only the 6.0 release that I will try today).
Also, regarding XenApp coupled with OpenGL, because of Solidedge, is the setup process 'complex' because I could not find any specific documentation regarding that usage.
The main factor is the bandwidth: XenApp doesn't seems to provide bandwitth compression features like XenDesktop do, that can dicrease the bandwith usage to 2M/Bits: from our LAN, I have doubts it will be usable.
Well, do you see an other easier way to do what I would like to set up?
Could you provide me we some details that could help me?
If on Windows I'd suggest simple plain VNC on desktop machine. Yes I know it sounds stupid. For a terminal server kind of access NVidia provides apropriate combinations of hard and software.
On Linux there's another possibility: Xpra. Simply spoken Xpra is a special kind of compositing manager, that uses a different display as the composition surface. It can operate over low bandwidth links by using efficient video codecs for compression. Usually Xpra uses a virtual framebuffer X server to run the clients on. But is can also be used in combination with a X server using a GPU.
However each user uses it's own X server for this. So if the system's GPU is used only one user can use Xpra at a time (actually since the NVidia drivers claim supporting hybrid graphics now, it may be possible to exploit that somehow – I haven't researched into that yet, though).
So the user starts Xpra using
xpra --start-child=xterm --vfb=/usr/bin/X start :100
And can then connect to the remote machine
xpra attach ssh:remote-host:100
I am trying to create an executable that will only run on one machine. What is the easiest way to achieve this? A license file? Or is there a machine address much like the MAC for network connections I could hardcode into the executable?
If it will run on only one machine, then... simply secure the machine and only store the executable on this machine.
That's, unfortunately, about the only reliable method.
Longer answer:
bits can be copied
programs can be dissassembled
dissassembly can be reverse engineered (though it's sometimes long)
the cost of reverse engineering can be made higher than the value produced by the program, possibly at a higher cost that the value produced by the program.
If you look long enough at the software industry:
DRM: fail
Licenses: fail
Licenses with web activation: fail
If it's worth cracking, it'll get cracked.
The easiest way would be to make it illegal via licencing. Trying to enforce this technically is impossible, and only hurts your users (user?): What if they reinstall the OS, or change their network card, or upgrade their CPU?
There is no solution that is 100% effective, and there is no solution that is "easiest" and also "highly effective." There typically is a continuum of "effective" and "drives users crazy" that you need to be very careful about.
The MAC address is not a horrible place to start. It's not that difficult to change your MAC address, but if you have multiple instances of the same MAC on the same subnet, their machine won't work, so it's good for keeping many people on the same subnet from running your product without licenses. The problem with MAC is that on desktops, the MAC changes if the network card changes; that ticks off your paying users.
A license file is generally better than modifying the binary. You should sign the license file, however, so that it can't be easily modified.
Your application itself is always the weakest link. A dedicated attacker will just remove the test from your application. There is no universal solution to this problem. A good approach is always around "keeping honest people honest" by making it easy to license your application correctly, and easy for the user to determine if they've done so. You can easily spend huge amounts of money trying to annoy people who will never pay you anyway.
I think my answer to another question applies here.
This is a legal issue, not a technological issue. Your goal should be to make it easy for people who want make sure they have valid licenses to your software. Rather than securing your code against people who want to steal it, you should focus on helping customers that are worried about accidentally using it without a proper license.
I'll also repeat my comment from yet another question:
I think "keeping honest people honest" is the right mind set to
approach this problem. Nothing can be cryptographically secure, but
having some sort of unique key or number for each license can actually
make it easier for business customers to account for their software,
and that adds value to your product. Onerous DRM (that doesn't work)
aimed at thwarting criminals (who'd never pay anyway) is just an
obstacle to paying customers.
If you want to create only one copy of your executable file and if you have access to the machine on which you have to install the executable file, then it is okay to hardcode the MAC address into your executable file. In case you want to distribute more than one copies of your executable file and if you don't have access to all the machines, then you might code the executable file to demand a license file which is generated form the MAC address of the machines. It is a sort of software activation.
I am writing a piece of software in C++ which is targeted at a market in which software is traditionally heavily cracked (or at least, attempted to be). I realise that nothing can be completely protected, however I feel that trying would be a good idea and also I think some of the specifics of the situation that I'm in might be helpful.
Firstly, it would not be annoying to the user that they must have an internet connection to use the software. I hate it when games etc. do this too, but the software requires an internet connection to function anyway due to its purpose, so this wouldn't hinder a normal user.
Secondly, it depends fairly heavily on external scripts written by me and/or supplied by third-parties, so I can have these stored on some website somewhere meaning that people who crack the software will have to also track down new copies of the scripts, which may annoy them into becoming legit.
Thirdly, new versions will, by definition due to what the app does, have to be released very often, weekly or every two weeks max. The program will obviously have an autoupdater, but since I am churning out (required to function) updates so often, any sort of key-based encryption or whatever could possibly have the keys/method change every update, and I am capable of breaking existing cracks when they do happen.
Does anyone know of any available solutions or techniques I could implement which fit the bill?
If you application is doing some sort of data processing or analysis, you can protect it by putting that part into a web service (maybe in a cloud) that your client application connects and authenticate to and then receive results from. So even if your client application is reversed engineered, it would be missing that important piece of processing.
If your application is web based, you get the same effect too.
I've previously used CrypKey successfully.
I'm going to guess that older copies of the software are far less useful than the latest copy.
If that's the case, then you already have a powerful anti-cracker technology in place: your update mechanism. When you become aware of a hacked version of your software, then you can immediately check for it, and cause trouble for users of the hacked software.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
I need to create an application which will be reading and writing to files(C++/MFC). but I need the process not to appear in process monitor (which comes with SysInternals).
From the reactions of others, I now confirm that this seems "illegal". but that is the request of the client I'm dealing with. so, I guess I just have to satisfy the client's request.
One of the uses of Process Monitor is to find and remove malicious software that tries to hide from the user:
Process Monitor is an advanced
monitoring tool for Windows that shows
real-time file system, Registry and
process/thread activity. It combines
the features of two legacy
Sysinternals utilities, Filemon and
Regmon, and adds an extensive list of
enhancements including rich and
non-destructive filtering,
comprehensive event properties such
session IDs and user names, reliable
process information, full thread
stacks with integrated symbol support
for each operation, simultaneous
logging to a file, and much more. Its
uniquely powerful features will make
Process Monitor a core utility in your
system troubleshooting and malware
hunting toolkit.
I am not saying that what you want to do is impossible, rather that you are trying to do something that feels a bit dishonest.
That being said I would like you to consider the fact that you are trying to hide a process from a utility that was written to find anything and everything by folks that are a lot smarter than you and me.
I'll assume you're not planning to do anything malicious. If that's the case, it's important you don't hide your application from diagnostic tools. You can't guarantee your application is bug free. Even if it is, you can't predict its interaction with other applications. Because of that, you should leave it visible so other technical people can troubleshoot if something goes wrong.
Regarding your comment, "so, I guess I just have to satisfy the client's request" - not if it's illegal or technically dangerous for them. You need to protect yourself and them from bad judgment.
PM reads data at a very low level so to hide from it you have to actually take over certain NT kernel structures and methods to report different information to PM than what Windows itself sees. Doing this is platform and version dependent ( ie. Windows XP SP1 is different than Windows XP SP2 is different than Vista x64, etc.). It's nearly impossible to do correctly without creating an incredible number of system instability issues.
While it's not strictly illegal, every company that has done it and been discovered (which you will) has enjoyed lots of backlash and criticism from users and security professionals. Again while not explicitly illegal, the kinds of changes required can open severe security holes on the end users' machines. Should they have major system crashes or be exposed to hackers/viruses you may be legally liable for the damage.
Possible semi-legitimate (though I wouldn't want my name associated with them) applications you would want to keep people from seeing are DRM enforcers and nanny-cam style monitors for kids and errant spouses.
That said, I don't think your client really wants you to subvert such an important system. They likely want something less rootkit-like but they picked up the vocabulary watching "24" and have failed to adequately express what it is they want done.
My advice would be to go back to them for clarification. If they do indeed want something to be completely undetectable then you need to decide based on your own conscience whether to proceed or leave the client.