we are developing an anti-virus, I'm trying to find out how can we tell the operating system -windows XP in this case- that our software is an anti-virus. I want that the OS recognize our software as an anti-virus and the security center list it.
You have to sign an NDA to get the information. Quoth MSDN forums:
To register an antivirus product:
Must be a member of the Microsoft
Virus Initiative.
OR
Must meet the following three
requirements:
Must have a standard NDA with Microsoft.
Must be a member of AVPD or a member of EICAR or must sign and
adhere to a code of ethics relating to
malware research and malware handling.
Must meet independent testing requirements:
a. If you are using your own antimalware engine, you must pass
VB100 and meet at least one of the
following:
ICSA Labs - Pass
West Coast Labs - Pass
AV-Test.de – 90% or higher
AV-Comparitives – 90% or higher
b. If you are packaging an antimalware engine from another
company:
The company who developed the engine must meet the
above requirements.
In order to be able to register an AV product with Windows Security Center, you need a private API from Microsoft or, starting with Windows 10 build 1809 you need to register a Protected Service. In order to do both these things, you need to be member in the MVI.
Just for the record, a few years later now, the requirements have changed a bit.
First of all, this is the new link:
https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/virus-initiative-criteria
The criteria have also changed and they are more complex.
Assuming you have a product build with a 3rd party SDK, here are the requirements to become a member:
Offer an antimalware or antivirus product that is one of the following:
Your organization's own creation.
Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
Have your own malware research team unless you build a product based on an SDK.
3. Be active and have a positive reputation in the antimalware industry.
Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT or Gartner.
Be willing to sign a non-disclosure agreement (NDA) with Microsoft.
Be willing to sign a program license agreement.
6. Be willing to adhere to program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
7. Submit your app to Microsoft for periodic performance testing.
8. Certified through independent testing by at least one industry standard organization.
The most hard to achieve requirements are marked bold.
If you want more details what these things require, check here.
Best,
Sorin
Related
I found that the Visual Studio Code FAQ answer says we can use vscode for personal of commercial use (see: https://code.visualstudio.com/docs/supporting/faq#_is-vs-code-free) with link to the product license: https://code.visualstudio.com/license that contains following:
INSTALLATION AND USE RIGHTS
a. General. You may use any number of copies of the software to develop and test your applications, including deployment within your internal network corporate network.
b. Demo use. The uses permitted above include use of the software in demonstrating your applications.
Does item "b. Demo use." limits the item "a. General."? So is it allowed to use Visual Studio Code for DEMO purpose only, without right to develop commercial applications, provide service to create commercial code based on the Visual Studio Code IDE?
Not a lawyer, but I'd say that 1b is specifically singling out using VSCode for demos as a use case that they permit, in addition to the above use cases. If I had to guess what motivated it, I'd assume:
People doing commercial screencasts of demo libraries
Those people who develop apps and publish a fast-forward of them coding it on youtube
Generally anyone using the image (legal term, not executable) of vscode in a commercial way that could be construed as microsoft endorsing their product in any way.
I think they're including this clause because demoing your app to (potential) customers, clients, students, etc. isn't necessarily a development concern, so it's not covered by 1a.
Another thing that makes me think that it's a permissive clause rather than a restrictive one is that they're not using restrictive terms such as "exclusively" or "only". Compare the following:
b. Demo use. The uses permitted above include use of the software in demonstrating your applications.
b. Demo use. The uses permitted above include ONLY use of the software in demonstrating your applications.
The second one is obviously a modifier on "the uses permitted above" that restricts those uses, where the first one clarifies an intended use case.
TLDR
It's probably fine, but if you're really worried, CYA by consulting your company's legal department.
I have a couple of small offline softwares that I wrote using Itext Sharp. The software uses IText Sharp to manipulate PDFs. I saw that Itext licensing is AGPL and any work based on that should also be AGPL (I should include source code along with the application and user can modify and redistribute)
My question is can I sell these softwares with source codes bundled with them?
The moment you sell software that is licensed under the AGPL in the context of proprietary, closed source software, you are in violation with the AGPL. If you use iText "free of charge", you need to follow the rules of the AGPL as described in this blog post: How do I make sure my software complies with AGPL: How can I use iText for free?
If you make your own source code open source, you can for instance charge for creating a distribution of your open source software (including the source of iText) on a CD or a DVD (but who still uses CDs and DVDs?), but you can't charge for the IP of iText. You also can't distribute the source code only to people who pay. That would be discriminating (and discrimination goes against the core values of open source).
This doesn't mean you can't make any money. The owner of the iText software, iText Group, offers two options that allow you to make money with your software:
You can purchase a commercial license for your use of iText. If your product is an offline product that people install on their own machine, you will have to buy a Desktop OEM license and pay a small fee for every copy you sell. Note that you need to buy an OEM pack of several licenses in advance. You can't buy OEM licenses one at a time. You need to be sure that you will sell sufficient copies.
You submit your products for evaluation to iText Group, and you ask iText Group to sell your product. For every copy of your software that is sold by iText Group, you will receive money. If you don't have any sales people, nor any marketing budget, this option is to be preferred. iText Group has offices in the US, Europe, and Asia. iText is present at events all over the world. This is an ideal way for you as a developer to have your product promoted world-wide. See iText Creates Revenue Sharing Opportunities for Development Community
See also Monetizing open-source projects, which is a slide-deck that explains how open source licenses work, and how you can make money using open source. You will also notice some legal documents that show that the AGPL can be upheld in court (we won a law suit against a developer who knowingly violated the AGPL).
My server is running CentOS 5. The docs tell me that the "end of life" is March 31, 2017. Does this mean that the software will stop functioning on that date, or does it mean that there will no longer be any upgrades available for version 5? If the latter is true, what kind of difficulties could I expect to face, if I decide not to migrate to another server and OS?
In the software industry in general, "End-of-life" largely (but not always) means "End of support period" where "support" can mean different things - but generally it means these things simultaneously:
The developers will not release any new patches or software updates for the product, this includes both feature updates, but more importantly also security updates. If you must run unsupported software then ensure it's suitably firewalled from the public Internet (and untrusted users) if not completely air-gapped.
The developers will not go out of their way to provide personal technical support (e.g. phone support), however they still will generally keep self-service support resources (e.g. web-pages, knowledge-base articles, etc) available (Microsoft still has pages about Windows 2000 around somewhere).
The developers/publishers are not obligated to provide access to this version of the software. Generally this doesn't happen as much with open-source software (as you can download the repo, rewind to an older version and build from source, but for commercial/proprietary software you will probably lose access to the formerly release binaries unless you retain your own copies.
Your concern about software suddenly stopping working after this end-of-life date is unfounded - at least in CentOS' case (as it's open-source software), and even proprietary software generally don't have timebombs in them (excepting time-limited trial versions of software, of course). The only thing to watch out for is software with an activation system, because after the supported-date period ends there is no guarantee the activation system will still work - this also applies to physical dongles too (while they won't immediately stop working, they might eventually fail) - in this case you'll want to contact the developers and negotiate a special build of the software with the activation features removed, or reverse-engineer the DRM to remove it (which may or may not be legal in your jurisdiction).
I know that this is going to be kind of a silly question (I'm sorry; I tried googling, but I'm still a little confused). Here's what I want to know.
Suppose that I create an asset/game with InkScape/Unity3D (or any other freeware/open source tool). Do I need permission from the organization who made the freeware/open source tool to use the created asset for commercial purposes?
Thanks.
What cjmarsh says is definitely true about software licensing in general. Although, I would not be that insistent on talking to a lawyer (unless the project generates large amounts of money, that is).
Yet, I'd like to add a brief point about the difference in the tools OP is asking about (inkscape and unity):
inkscape
You are not bound by inkscape's license in distributing drawings produced by it. The license is about code distribution, which means the code of inkscape itself. The resulting drawing of an inkscape project is in SVG (or some other format depending on preference).
SVG is a standard on its own, published by the W3C, and does not contain any piece of code from inkscape.
unity
On the other hand, when developing with unity you are using API calls that originate from the unity libraries themselves (possibly wrapped by extra functions for whichever language you're using). Moreover, you project needs to link against the unity libraries in order to work.
Since your project will use pieces of unity code, you're bound by the license obligations from unity.
Software licensing is a complicated topic and to get a definitive answer to your question you'll have to speak to a lawyer. In layman's terms: you can use open source software for commercial purposes but there are often caveats depending on the specific license used. I should also note that Unity3D is not open source, however you can use the personal edition if you gross less than $100k annually. For more details check out their licensing page.
Inkscape on the other hand is free and open source with a good license for content creators: the GNU General Public License so "In short, this means you are free to use and distribute Inkscape for any purpose, commercial or non-commercial, without any restrictions. You are also free to modify the program as you wish, but with the only restriction that if you distribute the modified version, you must provide access to the source code of the distributed version."
There are quite a few different licenses like the most liberal of all CC0 Public Domain, a license that essentially puts your stuff in the public domain, making it completely free for any purpose to everyone, without you needing to be dead for 60 years. Then there are licenses like the LGPL which still lets you use it for commerical purposes but requires you to publicly disclose any changes made to the code that was under the license and if you embed it in your application (statically link it) then you have to release your product under the same license. There's also the kind of license like CC BY 3.0, a Creative Commons license that lets you do whatever you want so long as you give an attribution, include the license, and mention if it was modified. Here's a list of more open source licenses to give you an idea of how many there are.
Without paying the fees to consult a lawyer like everyone will tell you to do and nobody actually does you can check out summaries of the different licenses at sites like tldrlegal.com as well as read through them yourself and check out the licensing page on the individual sites of the software you use. In my opinion the software author's intention for distributing the software is more important to recognize than the legalese. Although you should also recognize the legalese.
Bottom line is you don't need explicit permission from the author because they already give it in the form of an open source license, so long as you satisfy the conditions of the license.
Do we create services when we write programs, or are they commodities?
Are we like window-washers in that our programs(actions) provide some services to the users?
OR: are we like carpenters in that our programs(products) are sold and used by their new owners?
Or should this be seen in different aspects: The act of programming being a service, and the resulting program is a product?
The above has a direct impact on the following question: Is it theft or fraud when you copy software that you have no rights to? Theft is the physical removal of an object of value from the possession of another; fraud is representation of a falsehood in such a way that leads to the economic loss of the victim (the representation here being your assumption of right-to-copy).
It also impacts on questions of causal liability: If the program you wrote to crack passwords are used by others to rob a bank: are you an accomplice? If your program is a service then it could be argued that you are; if a commodity then you 'should' be in the clear.
Or: should each program be treated as a unique instance, based purely on the intentions of that program's originator, as to wether it should be treated as a service or commodity? Or should the user's intentions be used?
How does this reflect on the open-source world where many programs are available that seemingly infringe on commercial rights, e.g.: copy-protection and DRM circumventions?
(This impacts us all every time that we write code.)
It's both actually.
Sometime you sell a product which just works. It's a commodity. A notepad program for example is a commodity, you don't go into any relationship with its author. Most small tools fall into this category.
Sometimes you develop a custom application tailored for your specific user, or you integrate an existing product with their legacy applications and adjust it to work for their specific situation. It's definitely a service and you are usually in a long-term relationship with the customer. Most 'big'/expensive programs fall into this category. You could buy MS SharePoint Server license as a commodity but in most scenarios most likely you will also buy a service of someone to make it work for you.