Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Quark Security Zaps Legit Users

I've used the page-layout software QuarkXPress since 1989, and being an early adopter, I excitedly placed an order for the 4.0 upgrade as soon as it shipped. [Quark has just released a 4.01r1 updater, which addresses a number of minor concerns with 4.0. -Adam] Imagine my chagrin when I opened the package and found a serialized floppy disk and a CD-ROM.


You see, I'm a PowerBook 3400c owner and can choose to have either a floppy drive or a CD-ROM drive inserted in the expansion bay - but not both at once. (PowerBook 1400, 3400, and G3 users all face this "limitation.") This dual-insertion requirement is part of a long series of Quark's attempts to control piracy - both in the world at large and inside organizations. Although I have to applaud Quark's efforts to discourage piracy, their methods hamper registered users like myself.

Trying to be clever, I made a disk image of the serialized QuarkXPress disk and mounted it using Aladdin's ShrinkWrap utility. I inserted the CD-ROM drive and ran the installer. Ah ha, the installer is cleverer than I - it wanted an unlocked disk. Fortunately, ShrinkWrap has a setting for this; success followed after I ejected and remounted the virtual floppy. QuarkXPress Installer must write some information to their installer disk - possibly keeping track of how often the installation is done or linking the installer to work only with a specific CD.


My installation problems did not altogether surprise me, as Quark has a long history of taking strong anti-piracy measures. Quark was one of the first companies to register their products' serial numbers over AppleTalk networks. Whenever you run QuarkXPress, the program checks for other copies on your local AppleTalk network running with the same serial number.

(With a program like Dartmouth College's MacPing or the AG Group's EtherPeek - version 3.5 has just shipped - you can see all the AppleTalk devices and programs, including QuarkXPress programs, Retrospect Remote clients, copies of FileMaker Pro 4, and others doing this serial number broadcast.)


Years ago, in the olden days of LocalTalk networks that some of you are still enjoying, we heard that people in a pinch would occasionally - ahem - unplug the LocalTalk connector, launch QuarkXPress, and reconnect. However, Quark is too smart for that, and in some release of 3.x, they added an occasional AppleTalk query to check for serial numbers while the program was running, disabling the program in mid-stride if violators were found. Friends don't let friends run unauthorized copies of software.

A History of Unconventional Security -- Quark has never created a generic installer in which you type in a serial number during the installation process. Every product sold by Quark is pre-serialized, requiring the specific floppy and generic CD-ROM combination. When I was responsible for the technical side of Kodak's Center for Creative Imaging, we had a QuarkXPress ten-pack which we installed and kept in separate folders on a server, organized by serial number, in case we had to reinstall the software on a student's computer. Otherwise, we would have had to dig up the original floppies and do a fresh, full installation. Site license? Not Quark!

In overseas markets, where many products sell for two or three times the U.S. price, Quark often requires dongles to further thwart pirates. These doohickeys are just hardware serial numbers that plug into the printer port, the Apple Desktop Bus (ADB) port, or, on a PC, a pass-through connector on the parallel port.

The program sends a query to the dongle and receives the serial number in return. Usually you only see a hardware dongle on software costing thousands of dollars, like ElectricImage's animation program. It also happens in niche markets where there's a high likelihood of piracy and a small number of potential customers - Isis Software <> and Second Glance Software both protect their competing stochastic screening packages, for instance, because there are only tens (probably not hundreds) of thousands of potential customers.


What will the future bring? A nuclear-submarine-like procedure of, "Insert Floppy A at the same instant as inserting CD-ROM B and Zip Disk C while having Colleague D press Control-Command-Delete-Option-Backspace on Computer E"?

"Open the spot color palette, please, HAL."

"I'm sorry, Glenn, I can't do that."

[Glenn Fleishman is the editor in chief of NetBITS, explaining the Internet without assuming you're a dummy (or a Dummy[tm]). He's used every desktop publishing software package since version 1.0 - except CorelDRAW.]



READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <>
Special thanks to Margaret Martin, Andrij Neczwid, Dr. Olaf Pluta, and
Dave Hurley for their generous support!