In this feature, we talk to Jud Cole, president of SOCK Software, makers of the SOCKShell Windows enhancement utility and the CodeHealer program analysis tool for Delphi (see The Bitwise Review) about the pros and cons of setting up a company – and how to protect your products from the software pirates…
http://www.socksoftware.com

Huw: What are the biggest pitfalls to watch out for when setting up a software company?

Jud Cole: Make sure that you are doing it for the right reasons:
 That you REALLY want to do it - That you REALLY believe that it is a viable business model
 Make sure that you (and your family, if applicable) are ready to commit yourself to the business on a 24 by 7 basis, at least for the initial period, and probably for the first few years at least.
 Make sure that the idea is not too ambitious, i.e. that it will not be too long before you can release an initial version.
 Ideally make sure that there is a sufficient market for the product, but sometimes this is not feasible or practical, or you may be looking to create a new market if you are extremely rich, brave or confident.
 Get some real user feedback as early in the development process as possible, and listen to it.

Perhaps I’m paranoid, but one of my biggest concerns is always whether I am surrounded by "Yes Men" who are encouraging the idea because they think that it is what I want to hear, they think that it is what would make me feel better, or they have a short term vested interest in it that is independent of the eventual success of the company.

Huw: So what have been your biggest mistakes?

Jud Cole: The worst was probably being too ambitious on the feature list for an initial release, thus taking far too long to bring the product to market.

Another related one was a situation where I avoided an easy "shortcut implementation" of a major feature and insisted on a "proper implementation" which took far longer, and it made very little difference in the end product because of external events such as the rapid fall in the price of disk space.

Huw: If you did it all over again, is there anything you would do differently?

Jud Cole: I’ve started a few companies now, either to sell development tools or software development consulting services, but each one was different and in a different enough business climate that I find it very hard to generalise what I would do differently.

I can say that I’d make sure that I kept referring back to my list above on a regular basis though!

Huw: What do you do in order to protect your software from being illegally distributed? Have you had any problems with software piracy?

Jud Cole: I work on the principle that ’what man can do, man can undo’, so I strongly believe that it is basically impossible to prevent someone from copying and distributing a piece of software if they really want to.

Based on that assumption, fighting software piracy is a never ending battle that software developers can never win, so it is not worth spending more than a small portion of your development effort on attempting to prevent it.

Along with that, I have always felt that I would rather that someone was using a pirated copy of my software than my competitor’s software, although it is sometimes hard to stick to that when you see your ’baby’ being copied freely!

I do feel that anyone using our software, licensed or copied, is a salesperson for us, so even if the copier does not buy, and possibly gives a copy to other people, we are still reaching more people, many of whom may not otherwise have seen or tried the software. I also believe that at some point the third, fourth or fifth person in the chain may well purchase a licensed copy, even if the first few don’t.

In addition, it would seem likely that if they continue to use the product then they must like it or at least find it useful, so they are much more likely to speak well of it than badly, which is obviously good for us.

I also believe that the majority of the pirates (initiators or receivers) are not in the market for the kind of software that we produce anyway, so it is difficult to classify it as ’lost income’, and could even be counted as a marketing expense for the reasons described in the previous paragraphs!

Having said that, I would advise taking a number of basic precautions that do not require a large amount of effort, but that are likely to be effective against the majority of ’casual’ pirates and hackers.

The measures that we take include:
 Compressing the final .EXE file to (help) prevent reverse engineering.
 Having a separate .EXE and distribution file for the licensed version.
 Requiring a validated serial number in order to use the licensed version.
 Providing a demonstration version with as few restrictions as possible to allow people to try using it in a production environment.
 Requiring a valid serial number for all technical support queries and update downloads, although we also provide technical support on the demonstration version for an initial period of use.
 Don’t make the price prohibitively expensive, and make sure that it offers good value for money so users can see the savings and cost justification.

We currently use our own serialisation and licensing code, rather than an "off the shelf" product, because it is relatively un-ambitious in scope and we like to keep updating it.

If a more ambitious scheme or mechanism is required, however, I would advise using an "off the shelf" product and spending the development effort on improving the product that is being protected!

We also try to provide updates and enhancements on a regular basis, with many of them being free of charge, to provide extra value.

Most updates include accompanying (simple) changes in the precautions just described to keep the pirates busy and on their toes, so at some point there is a good chance (or so we hope) that they will lose interest and look for newer challenges elsewhere.

Huw: I gather you plan to support .NET language. Will you be creating a .NET version of CodeHealer? If so, which obfuscator will you use?

Jud Cole: We expect to fully support the analysis of one or more .NET based languages, starting with the imminent release of support for Delphi for .NET, as well as enhancing and expanding our support for Win32 based languages.

We do not, however, expect to be creating a .NET version of CodeHealer in the foreseeable future, mainly because we feel that the potential benefits to be gained are currently outweighed by the extra effort of creating and maintaining a .NET version as well as a Win32 version.

Huw: How important do you think obfuscation is for .NET software? Have you any views on how effective obfuscators are at preventing really dedicated software crackers from stealing your code?

Jud Cole: The need for obfuscation is certainly one of the major factors that I take into account when assessing the benefits and detriments of a .NET version. I do feel that the use of obfuscation is almost essential in highly specialised tools such as ours, particularly as they are more likely to be the subject of reverse engineering and copying because of the scarcity of free and open source alternatives.

That said, the commercial gains to be made from pirating development tools as opposed to generic application software are obviously proportionally smaller because the potential market is smaller, which may reduce the risk or likelihood of someone stealing the code.

By the same token, however, the added exposure of our technology to reverse engineering and copying that would occur in an unprotected .NET version would present a higher risk of significant impact to our revenue stream and therefore the long term viability of our business model.

As I mentioned previously, we work on the principle that ’what man can do, man can undo’, so it is expected that some pirates will always be able to overcome the obfuscation through the use of advanced tools, but it should at least prevent the majority of people from doing anything too serious.

Although I have used obfuscators in the past, and even considered developing one or adding the capability into one of our products, I have not yet evaluated any of the current generation so could not comment on which one (if any) that I would use.

Huw: How do you licence your software? What measures do you take to make sure that each product you sell can only be used by the registered purchaser?

Jud Cole: We license our software on a single developer/user basis, and each licensed developer can install the software on up to two machines in order to allow them to use it on both a laptop and a desktop, or both at work and at home.

Our protection mechanisms are listed earlier, and they basically rely on preventing the majority of ’casual’ piracy through the use of personalised serial numbers and a fully functional demonstration version that we encourage people to copy freely instead of copying the licensed version.