[IP] Adobe Systems: How NOT to do demo security

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Adobe Systems: How NOT to do demo security
From: Dave Farber <dave@xxxxxxxxxx>
Date: Thu, 04 Dec 2003 10:43:10 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx

Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Wed, 03 Dec 2003 12:46:37 -0800 (PST)
From: Lauren Weinstein <lauren@xxxxxxxxxx>
Subject: Adobe Systems: How NOT to do demo security
To: dave@xxxxxxxxxx
Cc: lauren@xxxxxxxxxxxx

Dave,

With so many software firms offering "demo" versions of their
packages these days, I wanted to pass along this example of
how *not* to do demo security.

I was recently asked to evaluate for review the latest version
of Adobe Systems' "Premiere" video editing package ("Premiere Pro").
My last contact with Premiere is my registered copy of their
old Premiere 4.2 package.  Installing their supposedly almost
full-featured 30 day demo seemed like a reasonable alternative
to a full upgrade which I couldn't justify buying at this point.

For a few hours, I had a glimpse of what looked to be a fine
product.  Unfortunately, at that point I noticed that an NTP
server problem had thrown off the clock on the installed system.
So I set the clock back to the correct value.  Big mistake.

The Premiere Pro demo immediately declared its 30 day usage period
had expired -- only 29 days ahead of schedule!  Since the demo
had apparently scribbled "who knows what" around the system and
registry, attempts to clear the problem or reinstall the demo
of course failed.

Adobe's response?  "You're out of luck!"  Their suggestions
were to try install on a different machine (I don't have another
suitably configured XP system available) or "reformat your disk"
(uh, I don't think so...)

It is certainly expected that the security modules of demo packages would
take reasonable steps to avoid demo abuse.  But when a minor clock
correction triggers a demo's "self-destruct" mechanism (and of course,
there were no prior warnings about this) it at least suggests poor design,
and Adobe's response suggests a less than enlightened view of customer
relations.  So it looks like Premiere Pro will remain a question mark
to me for now!

If you're going to provide demos, at least do it right.

--Lauren--
Lauren Weinstein
lauren@xxxxxxxx or lauren@xxxxxxxxxx or lauren@xxxxxxxxxxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] "Baiting conmen new internet sport"
Next by Date: [IP] VoIP Mobile Phones Announced for Spring 2004 in Japan
Previous by thread: [IP] "Baiting conmen new internet sport"
Next by thread: [IP] VoIP Mobile Phones Announced for Spring 2004 in Japan
Index(es):
- Date
- Thread