The legality of protecting your software

    For a long time, I haven’t gotten my hands on writing an article on how to make protection so that in the event of a software hack, sales are most likely not to suffer, or possibly even increase. However, it is difficult to advise people to make competent protection of their software because the Magadan programmer was given 2 years probation for deciding to protect his software. However, a considerable number of people claim that if you "figure out the issue" it becomes clear that the guy is guilty. I carefully studied the circumstances of the Zhukov case and asked his lawyer to give answers to questions that in my opinion should put all the points on i.

    What remains behind the scenes

    from son Zhukov

    I (the son of Zhukov, and his lawyer in court) want to clarify some questions about the Zhukov case.

    According to the results of the discussion of the Zhukov case, a significant part of the Internet community came to two conclusions:

    1. Users did not know that the program has an urgent license for a year, that is, there is a fraud
    2. The program at the end of the license term distorts the information and imitates malfunctions, which is terrible

    However, there are a number of important points in this matter, to which attention was not paid earlier and which allow a different look at the problem. I will try to clarify these points.

    1) Why is this time limit in general? To get users to buy the program again and again?

    A feature of accounting and payroll is the annual change of legislation, tax forms, algorithm for calculating taxes, fees, vacation pay, etc. In this regard, every year our company issues a new payroll program. The name of the version corresponds to the year for which it is intended (ZRP99 - for 1999, ZRP4 - for 2004 and so on).

    Historically, restrictions on the duration of the program appeared as follows: In the early 90s, the head of the city tax inspectorate, Pentyashin, turned to the developer with the words that he had been given tax reporting on the last year’s program that was not in accordance with the law, and that this should not be done. It was at that moment that a restriction was introduced that you can work on the ZRP program only in the Nth year. Those. BEFORE EVERYTHING, this was done to prevent new year reporting on the old program.

    That is, in fact, the purchase of a new version of the program is forced by the annually changing legislation in accounting. Therefore, each version of the program is STRICTLY for a specific year. And limitations in it have historically appeared to prevent the accountant from working on the old program that does not comply with the new legislation.

    Since then, this has become the standard operating procedure of the developer. Contracts were concluded with clients before the end of the calendar year, while it was explained that to work with the program next year, you need to conclude a new contract (although it is usually clear to the accountant that working on last year’s program under the legislation of the new year does not make sense). Confirming witness statements are in italics here .

    Thus, it is as if the developer was deceiving customers, hiding from them the deadline for providing the program - this is the MIF constructed by the prosecutor's office. The development company has almost 300 customers, many of whom are regular. In the case file there is a whole volume (!) Of positive feedback from customers. Despite the verdict, people are in no hurry to abandon the "malicious" programs, but on the contrary, they support the developer. Among the regular customers are the regional court (!), The judicial department, the police department (!) Of the city of Magadan ...

    Yes, and if the prosecutor so insists on the version of extortion and coercion to conclude contracts, then why was not a criminal case brought under these articles? There are articles in the Criminal Code for fraud and extortion. And here is article 273 of the Criminal Code: “the creation of malware”?

    AND ANOTHER IMPORTANT MOMENT. The user is in no way limited in working with information for the contract period. The information entered under the contract for the 2008th year is fully available in the 2009th and subsequent years, it is possible to compile reports for the 2008th year without any problems. Restrictions arise only if the program makes the transition to the 2009th year and starts working with reporting data for the 2009th year, which the program algorithms do not correspond to. This is evident in the examination - restrictions in programs starting with the ZRP4 version do not work according to the calendar date, but according to the current reporting month in which the work is carried out. That is, while the user is working with information for the paid reporting period, no restrictions arise, regardless of the current calendar date.

    2) So why do you still need restrictions? Indeed, one cannot work on an outdated program because of its inconsistency with the law!

    Of course, a qualified accountant understands that you can’t use the program last year because of its non-compliance with the law. To questions in court, “Could you work purely hypothetically on last year’s program?” accountants answer "No, because the way the calculation of taxes, social contributions, etc." has changed. However, unprofessional or inexperienced accountants sometimes work with the program. They do not attach much importance to annual changes in the legislation, believing that you can “skip” on the old program (“maybe it will cost”).

    Continuing to work on the old program in the new year, such accountants (not knowing about it themselves) will inevitably receive results in the program that are inconsistent with the new legislation. Moreover, it is discovered rather late - when submitting reports, when there is already not enough time for alterations. To prevent such cases, and there are time limits. It would be better if the program does not work at all than it does not work in accordance with the law, giving incorrect results (remember the tax inspector!).

    If we talk about specific witnesses who said that you can work with the old program in the new year, these are Yakovleva and Ilyins. They are both interested in accusing Zhukov and that is probably why they made such statements. It should be noted that in the case file there is a letter from the head of the Ilyins, which says that in connection with the change of legislation in the new year, a program update is necessary. That is, there is a contradiction - on the one hand, the Ilyins need a new program, on the other hand, she claims in court that she is not needed.

    Read more about what security features are in the program, and why they are needed, is written here .

    3) And what kind of license does the program actually have? And what kind of escort agreement?

    A few words about the contracts. The development company has never had a separate lawyer. Therefore, legally, the contract was weak. For the developer, the first priority was always to do their job well (to deliver a quality product). Attracting a lawyer and developing a license agreement was a secondary concern. There was a term in the contracts, but what this term meant was not explained in the contracts themselves. In old contracts, there are no words like “the copyright holder does not allow the use of the program after the expiration of the contract”. However, as I said, the developer explained everything to the clients, so there was no misunderstanding on their part. It’s quite natural for accountants that the program is designed for a specific year and only for it. To people who are not familiar with the order of work, with the specifics of accounting programs, it may seem that there is a deception in

    Another weak point is that the contracts are called “for escort”. The fact is that, together with the program, the developer also provided all updates to it for the duration of the contract. We decided to call it “escort” or “implementation and maintenance” (in different agreements in different ways). As a result, there was an opinion (now in the Internet community, and not among customers!) That the developer enters into a program maintenance contract for a year, and the program itself is actually provided forever. But this is not so. All users knew that the program is designed to work with the data of that year, the legislation of which corresponds to its algorithms; next year it is impossible to work on this program. For payroll next year, you need to conclude a new contract. For accountants, this is quite natural. There was no deception. The “fault” of the developer is that he did not invite a lawyer in time to formalize everything in the text of the contract. Another point - the agreement has not changed for 15 years, since the beginning of 90 years. No one complained, no one appealed to the arbitration. We have always had a good relationship with customers. Therefore, they focused on what seemed more important. To finalize the software product under the endless changes in legislation. Bringing the treaties to a decent appearance did not seem so important. Well paid. Not without the intervention of competitors (about interested parties there is a separate page on the site) criminal prosecution for “malicious” programs was organized. no one went to arbitration. We have always had a good relationship with customers. Therefore, they focused on what seemed more important. To finalize the software product under the endless changes in legislation. Bringing the treaties to a decent appearance did not seem so important. Well paid. Not without the intervention of competitors (about interested parties there is a separate page on the site) criminal prosecution for “malicious” programs was organized. no one went to arbitration. We have always had a good relationship with customers. Therefore, they focused on what seemed more important. To finalize the software product under the endless changes in legislation. Bringing the treaties to a decent appearance did not seem so important. Well paid. Not without the intervention of competitors (about interested parties there is a separate page on the site) criminal prosecution for “malicious” programs was organized.

    In 2008, a lawyer was invited to draw up the contracts and the right to use for the duration of the contract was clearly spelled out in the contracts. At the same time, the transition to new agreements was painless, just because the essence of the relationship has not changed: the program was intended to work in a certain year, and until 2008 and after.

    All this is described in detail here . Links to examples of contracts (one new and two old) are available on the same page.

    4) This program distorts information - this is wrecking!

    There are 2 types of restrictions in the program:

    1. menu items do not work
    2. 80% of lines are displayed on the screen in reporting forms.

    These restrictions arise a few months (!) After the expiration of the contract, and ONLY if the user works with the data of the next year, the legislation of which the program does not comply with. Accountants at the interrogation confirm that every year the legislation changes quite strongly, so it makes no sense to work in the new year on the old year program. And then these restrictions apply only to the screen image. Accounting information does not change, is not distorted.

    2-3 months before the first restrictions, the user begins to receive a message about the need to contact the developer. This is confirmed by examination in the case file.

    5) And if the accountant submits such a report, then the company will receive a tax penalty!

    Only people who are not familiar with accounting may think so. The accountant went to the tax to submit reports in which there is no 20% of lines (including in the heading of the reporting form)? Yes, no accountant will go to submit reports in which 20% of the lines are missing! Their absence is visible to ANY accountant, although not obvious to a hacker. In addition, for 3 months the program asked to contact the developer, and the company itself warned that it was impossible to work on this program ... Therefore, the situation when the accountant went to submit a report without 20% of the lines in it despite all the warnings is purely hypothetical.

    6) Why do we need such a peculiar method of protection? To mock a user?

    The program “SLV-Salary” was repeatedly hacked and some even distributed on their own (!) Behalf. It is written in the Clipper language, programs in which it is easy to open (using the Valkyrie decompiler). Therefore, in order to confuse hackers, the author put in many defenses of a different nature. It’s one thing if the program simply writes “it is impossible to work with this year, sign a new contract” and no action is provided for in the unlicensed program - then the hacker will very easily remove such protection. (according to some reports, even in less than an hour (!). To understand that a report does not display only 20% of lines, a hacker probably will not succeed without an accountant. He is not an accountant, and does not know how the report should look form. Also, in some cases, the program window is painted in different colors. And go, hacker, sort it out,

    I repeat that this is all "mockery" NOT at the accountant. An accountant warned a thousand times will not face these limitations. This is all a fight with hackers, with hacking.

    And, by the way, such hacker-resistant defenses are not Zhukov's “invention”. The specialist in the case materials gives an example that the Project Expert program, when suspected of illegal use, begins to issue incorrectly calculated business plans.

    7) What about blocking information? It takes place to be. They condemned it for that.

    With this conclusion, too, do not rush. From an everyday point of view, an act can be called a law, it is not so important, however, in court, the substitution of words is of great importance. It should be understood that there is a blocking of information in terms of article 273 of the Criminal Code of the Russian Federation.

    Типичный пример блокирования информации — это вирус WinLock. Он ВМЕШИВАЕТСЯ в работу операционной системы, в результате стандартными средствами ОС пользователь уже не может получить свои данные. В судебном заседании специалист Юрин привел другой пример — вирус, который ВМЕШИВАЕТСЯ в работу почтового клиента препятствуя работе с почтовой информацией.

    Если же программа сама согласно своему алгоритму перестает работать, то в этом случае уже нет стороннего вмешательства. К примеру, программа DrWeb после окончания лицензии прекращает проверять содержимое компьютера, однако говорить о вмешательстве и создании программой препятствий своим собственным действиям не уместно. Отсутствие стороннего вмешательства — это важное отличие функциональных ограничений в программе от поведения известных вирусов, блокирующих информацию.

    Three experts in court stated that the program itself cannot interfere with the unity of purpose of the program. Therefore, the statement about blocking information in terms of article 273 of the Criminal Code of the Russian Federation is not correct in this case (the co-author of article 273 of the Criminal Code of the Russian Federation, Karelina, is of the same opinion). On the correct interpretation of the word “blocking” Zhukov’s defense in court was based.

    8) But there is no smoke without fire! The thing didn’t appear from scratch.

    Yes, it is necessary to mention where the "legs grow". Only three girlfriends and one separate person testified against Zhukov in court. ALL THEY ARE EXTREMELY interested in the charge. The remaining ~ 15 witnesses spoke either for Zhukov or neutral (“I don’t know anything, everything seems to work fine, we don’t complain”). The message from the prosecutor’s office seems to be solid - 11 episodes. But three episodes are creating and making changes to the program. Three episodes - distribution of the program in the judicial department, which the prosecutor’s office has already refused to appeal. Two more episodes of distribution (at a blood transfusion station) are as meaningless as in the judicial department, because users confirm that there were no restrictions on the use of the program, but there were malfunctions due to equipment malfunctions that stopped after the computer was repaired (Putilov’s testimony, Shkurat this is confirmed). There are “witnesses of harmfulness” in three episodes at two enterprises with the same accountant. But this is the very three friends and one woman who threatened the developer with her connections - V. Yakovleva. (witnesses in the interrogation of October 4 speak of her threats). About these three friends and Yakovleva here .

    It is likely that the initiator of the case is the current competitor of the developer (and former employee) Sereda L.I., who announced her connections with the prosecutor's office. So, documents disappeared from the case of her friend Bobrova about theft of programs, and a case was opened for the developer for malware (the author of which Bobrova called herself when she distributed them from herself - funny, right?). Her second friend is the Ilyins, an accountant of those two, as if “affected” enterprises.

    So the state has become a tool in business showdowns. Directing the law enforcement system to your competitor is an effective method of unfair competition, since the statistics of acquittals in Russia are less than 1% .

    My comment

    Those. my understanding of the situation is this: The
    guy, of course, did not attach any importance to the “right” agreements in vain, but this was not condemned for him. Incorrect contracts, and all that is connected with them are all other articles or even another code of the Russian Federation.
    They condemned him precisely for the “malicious" code inside his own software. Those. if you follow the logic of the accusation, at a minimum, you cannot create code in your software that forces users to update - because this will turn out to “block” the program. I’ll ask you to note that judging by the materials of the examination, it doesn’t matter whether this update will be paid - the examination in the case determined “harmfulness” only due to one parameter “the inexorability of the passage of time” - and as a result, the blocking of information from any user ...

    Also popular now: