
SecureIt v1.0 for OS/2
(C) Copyright 1997 Allan Mertner
Shareware Registration Protection for everyone

 *** DEMONSTRATION PACKAGE ***

Contents:
  Introduction         About SecureIt and what it does

  The Clock example    An example of SecureIt security in action

  FAQ                  The most frequently asked questions, and
                       answers to them

  Contact addresses    How to get support for SecureIt


Introduction

  There are a great many shareware programs that get used without the
  author ever seeing a penny in registrations.  The purpose of this
  program is to provide good and reliable protection against piracy for
  all OS/2 shareware developers.

  The widespread pirating of shareware is due mainly to the fact that
  good security is cumbersome and difficult to implement, and you would
  rather spend your time improving the application itself.  A very
  simple system is usually not enough, and why bother if it gets
  pirated anyway?

  Using the instructions and programs in the full SecureIt package, you
  can implement a very high level of security against pirating in your
  software. No protection scheme, whether it is implemented in software
  or hardware, is 100% secure - but SecureIt is about as close as you
  can get.

  SecureIt does not work by the principle of "security by obscurity".
  Information about what SecureIt does and how it works is available in
  the documentation of the full package, and it works even if a pirate
  has access to this information as well. In contrast, an obscure
  protection scheme is probably not very secure: If a protection scheme
  works by being so complex that even the programmer cannot figure out
  how it works, it is probably no good. SecureIt makes no secret of how
  it works - and it still does.

  SecureIt can make you sleep better at night, and hopefully help
  ensure that you get paid for your work:

  - Your program can NOT be cracked by someone who does not have access
    to a valid Name/Password combination,

  - This includes getting access to "registered only" functions, even
    if a potential pirate attempts to change the executable file itself
    by "patching" the code,

  - If the would-be pirate has access to a valid Name/Password set, he
    will be unable to produce valid keys for another user name.

  - The SecureIt algorithm for generating passwords ensures that the
    password for a given name is unique for each SecureIt registration.
    This means that two shareware developers can both use SecureIt for
    protection, and sell their software to the same person.  The
    password strings for one program will not work with the other.

  The one thing no protection scheme can safeguard against is simple
  copying of the key.  If a user gets the name and password from a
  friend, and can live with it displaying his friend's name every time
  the registration information is show, there is nothing anyone can do
  - not even SecureIt.

  For information on SecureIt, contact addresses and answers to
  Frequently Asked Questions, please refer to the FAQ section of this
  document.


The Clock example

  The included CLOCK program has been protected with SecureIt, and
  features a high degree of security (if not useability).  In the
  unregistered version, the CLOCK program can display the current time
  in analog format; only registered users will be able to see the
  Digital clock as well.

  CLOCK uses the SecureIt library, located in SECUREIT.DLL, and can be
  run simply by typing CLOCK at the command line.  If you wish, feel
  free to try to "break" it and make the digital clock appear without
  "registering".  Be warned that you will be wasting your time though.

  To register the CLOCK program, you can use the following valid name
  and password combination, generated by the MakeKey utility that
  comes with the full SecureIt product:

    Name       Allan Mertner
    Password   vVOJw0Q90HLNfafg-EuEQfzS6grAsTIntadU

  You can enter these values by pressing ALT-R or by selecting the
  Register menu item.  If you enter the values correctly (use cut and
  paste to do it easily), the values are stored in the Clock.Ini file
  and the program will be registered every time you run it thereafter.

  The full source code and documentation for the Clock example is
  included in the full version of SecureIt.


Frequently asked questions about SecureIt

  Q: Who can use SecureIt?

  A: Everyone writing shareware programs for OS/2 can use SecureIt to
     get good protection against pirating.

     SecureIt is written using Virtual Pascal for OS/2, and includes
     header files for both Pascal and C/C++ compilers that make
     integrating SecureIt into your program very easy.


  Q: What do I need to do to use SecureIt?

  A: If you have an existing program that you wish to protect, you
     first need to think about some of the issues discussed in the
     SecureIt technical document, and then of course implement them in
     your code.

     Changing a working program to work with basic (ie quite good)
     SecureIt protection can be done in less than half an hour, and
     implementing the highest level of security typically takes 2-3
     hours worth of effort.


  Q: How does SecureIt work?

  A: This is covered in depth in the documentation that comes with the
     full SecureIt package.  The truth is, that good software
     protection consists of about 50% technology and 50% common sense -
     SecureIt provides the technology, and comes with a document where
     the common sense issues are discussed as well.


  Q: What makes you think SecureIt is any good?

  A: SecureIt rests on a solid foundation that is in essence
     uncrackable.  I have many years (about 12 to be precise) worth of
     experience in copy protections - both breaking them and writing
     them - and SecureIt implements most of what I have learned during
     that period.


  Q: So... it takes a really good pirate to crack SecureIt?

  A: Not at all.  It takes a very, very lucky pirate. *I* cannot crack
     a program properly protected using SecureIt, even if I set my mind
     to it - and I even have the source code for it.  The algorithm is
     safe, and no amount of guesswork or clever code tracking and
     patching will suffice to break the protection.


  Q: How has SecureIt been tested?

  A: I know a few people who enjoy removing copy protections, just for
     the sake of doing it.  I used to be one of them myself, actually;
     this is probably my main qualification for writing SecureIt! Three
     of these people have tried to crack the simple Clock example for a
     couple of weeks, but have given up and say that it is probably
     impossible to crack it...


  Q: What overhead is involved in using SecureIt?

  A: You need to include the 9kB SECUREIT.DLL with your program, and
     you need to make some calls to some of the entry points in it.  No
     other overhead in terms of run-time or files is required.


  Q: Why hasn't this been done before?

  A: People who know how to break software protections are usually not
     in the business of writing them.  If they are, they work for
     companies that do not produce shareware, but commercial software.
     And shareware has the advantage that it can be personalised with a
     name and a password required to unlock it - something that is not
     feasible when selling off-the-shelf commercial software.

     In other words, it probably has not occurred to anyone in a
     position to write a good security product that there might be a
     market for it.  I myself wrote the first version of SecureIt in
     1992 (It was called AMKey back then :) but never released it.  It
     was used to protect my first shareware program, AMOS, which to my
     knowledge has never been cracked.


  Q: Will there ever be a Windows 32 version of SecureIt?

  A: Probably.  Provided the OS/2 version of SecureIt sells moderately
     well, I expect the Win32 version to be ready in June 1997.  This
     version will work with 32-bit Delphi as well as the major C/C++
     compilers.


  Q: Where do I buy SecureIt?

  A: BMT Micro, http://www.bmtmicro.com, sells SecureIt online and
     SecureIt will be available for purchase through the CompuServe
     SWREG facility as well.

     Unless you send me cash (either Danish Kroners or UK Pounds), you
     cannot register the software directly from me, since the UK banks
     system charges unreasonably high fees for cashing cheques and
     handling money transfers.


  Q: What does it cost?

  A: SecureIt costs US $149.  Thus, if your program sells for $30, you
     have to sell just 5 extra copies in order for your investment in
     security to have paid off.


  Q: What do I get for my money?

  A: First and foremost, you get the means for implementing a very high
     degree of security against piracy into your shareware program.
     This means, that if your software is being used, you will get paid
     for it!

     You also get...
       access to free support and upgrades to SecureIt via e-mail.  I
       will gladly answer both general security and protection questions
       as well as more specific questions about how to best protect your
       software using SecureIt,

       a comprehensive document on shareware security and how to best
       implement it in your program,

       the source code and documentation for 6 examples of using
       SecureIt, including the Clock example included in this
       demonstration package,

       the right to use and distribute the SECUREIT.DLL in all of your
       programs as well as a program for generating valid passwords for
       your SecureIt-protected software.


Licence and warranty

  SecureIt is shareware. You are allowed to test the demo version for
  as long as you wish.

  Electronic bulletin board system operators and webmasters are
  encouraged to make the SecureIt demo package available to their
  users, if no special fee is necessary to access the SecureIt files,
  although a general fee to access the BBS or www page is acceptable.

  SECUREIT IS PROVIDED AS IS AND COMES WITH NO WARRANTY OF ANY KIND,
  EITHER EXPRESSED OR IMPLIED. IN NO EVENT WILL THE COPYRIGHT HOLDER BE
  LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE.

  All trademarks are recognised.


Contact addresses

  You can contact the author on any of the addresses below - Internet
  e-mail is preferred.

  Snail Mail:   Allan Mertner
                Flat 2, St Elmo Mansions
                Gondar Gardens
                London NW6 1HB
                United Kingdom

  Internet:     mertner@ibm.net (preferred)

  CompuServe:   100327,2035 or 100327.2035@compuserve.com

  FidoNet:      2:235/100.1 or 2:254/283

  WWW:          http://www.bmtmicro.com/catalog/secureit.html


