While I don't require a dongle for any of my products I have a few thoughts on this topic …
First, I don't understand why anyone who works in the forensics industry is surprised with the requirement of hardware based tokens for using software. If we are honest with ourselves then we know that theft _is_ occurring in this industry. Vendors need to protect their intellectual property and business (utilities, employees, benefits, development, etc.), and if you are a vendor and you work in an industry where you know theft is occurring what are you to do - turn a blind eye? There _is_ a reason that vendors tie their IP into a dongle. It's not for no good reason. Just think about it.
Second, since we are used to using dongles from early versions of forensics software eight years ago and most other software thereafter, why would using one or five dongles make any difference? How many keys are on your key ring? How many key rings do you possess? Are you distraught that you have a car key, a house key, a safe key, a mail box key, etc.?
Third, are you frustrated that you have a unique key to operate each of your motor vehicles? That you have (hopefully!) different passwords for different e-mail and on-line personal accounts? Do you find yourself puckering over having to pack five AC/DC chargers now instead of just one seven years back?
Just brain droppings …
A tribute to the late George Carlin.
farmerdude
First, I don't understand why anyone who works in the forensics industry is surprised with the requirement of hardware based tokens for using software. . . .
I have no problem with dongles, and I think that we all understand their basis. I prefer them over hardware based license codes. What I don't like are invasive dongles that require third party drivers and software, run background tasks, use CPU, mount themselves as a volume, etc., while requiring a payment for the privilege of a using a "more secure" dongle for software for which I've already paid. I also don't think that anyone should have to call tech support to simply install a dongle. Web site promotions notwithstanding, I still haven't seen a documented case of counterfeit dongles, although I'm not so naive as to think that it's not a work-in-progress.
. . . why would using one or five dongles make any difference? How many keys are on your key ring?
It hasn't come to the point at which I've had to daisy chain hubs. If, however, you are out of ports and must switch dongles, it could be rather troublesome to pull out one and insert another (no pun intended), as doing so will halt an application that may be running. Each of my machines has about five dongles attached.
To play devil's advocate, here, I think that dongles are insulting.
According to case law and the Federal rules of evidence, anyone can challenge the admissibility of any evidence based on the use of unlicensed code. If the states and Federal government simply adopted the rule that would require that the investigator document that they were fully licensed to use all software used in the production of their analysis/report, there would be no issue.
Dongles are a poor solution to a problem more easily solved by other means.
My two cents.
Devil's advocate is fun )
But here's the kicker to your advocate thought;
1) People will use the unlicensed software to do their work, then recreate their findings with their licensed software if they need to (see below)
2) What is the ratio of case work that ultimately goes to court? If it doesn't go to court (doesn't matter why), then the software is used and never threatened.
3) What is the ratio of the work being processed using dongle protected software that has anything to do with the legal system and court cases versus data recovery, disaster recovery, and internal only analysis?
4) How do you prevent people from using beyond their license count (IE, they have purchased four licenses, but have 20 on staff, and without a dongle, now 20 folks can use the software that was previously limited to four because of the dongles)?
This advocate thought can be applied to other technology, such as automobiles. There is a reason that automotive keys have changed over the years to the degree where they are today. Long ago no key was required. Then the change to keys, but the cuts were not so unique that you couldn't open another's auto that was not your own based on same make and model. And now we are with laser cut keys and such.
So, are automotive keys a poor solution to a problem more easily solved by other means?
😉
Cheers!
farmerdude
…The other extreme is the WIBU, such as the Codemeter used by FTK. It requires a large installation package, consumes resources, and mounts itself as a volume, possibly wreaking havoc with pre-established paths. x
..
I agree 100% Codemeter is disastrous.. I still have 2.0 sitting in a box in the desk and have to have Codemeter tormenting my machine.. YUK!
The cost of forensic software is relatively high.
So it's really just a symptom of this bigger problem; expensive software tends to make the company who produced it paranoid enough to introduce technology like dongles.
And expensive software is really just a symptom of the greater community not understanding open source. 😉
Still, I can think of at least one vendor who are using dongles which don't require any driver to be installed; surely this beats someone who forces you to install one. -)
This was thread was drug up from the past, but a few comments
There are actually workarounds for many dongles, such as dongle emulators - that people can find out about within five seconds of using Google. No matter what limitations are placed into a program, there will always be a way around them, so such devices exist just to trouble the legitimate users.
Then again, as a developer, I also understand their need. The more expensive the software, the more elaborate the security. The smaller the niche for a product, the more expensive the software. With a small market for forensic software, they need to ensure that they can earn a good income on a small market. The story is the same across all fields. It's a necessary evil.
We have a few hundred dongles, and a number of "key keepers" - staff that are charged with handling dongle access. What really set me off was when I found that my R&D workstation was spamming the network with UDP packets every 30 seconds for weeks on end. I was evaluating one forensic product, that required a dongle. With the software uninstalled and the dongle returned, the program left a service running on the system. This service, sensing the lack of a dongle, kept repeatedly pinging out trying to find a key server - even though the product was no longer installed.
Still, I can think of at least one vendor who are using dongles which don't require any driver to be installed; surely this beats someone who forces you to install one. -)
As an FYI…
F-Response also uses a completely driverless USB HID(Human Interface Device) Dongle.
Thanks!
Matt