Setting an optimal bid price for Google CPA bids

A couple of years ago I wrote up the results of an experiment comparing Cost Per Action vs Cost Per Click bidding in Google Adwords. At the end of the experiment I decided that I did trust Google CPA bidding, but the results from CPA bidding weren’t compelling enough for me to switch. So I stayed with my mature CPC campaign. Subsequently I spoke at length with Adwords guru David Rothwell and Adwords master practitioner Alwin Hoogerdijk. They convinced me that:

  • I hadn’t really given Google CPA enough learning time – the more data Google has the better it should be able to do. The mighty Google brain might even be able to spot and exploit patterns I would find very difficult to emulate (e.g. based on season, country, day or week or time of day).
  • I should switch from paying per sale to paying per download, as this would give Google an order of magnitude more data to work with.
  • CPA bidding would require a lot less of my precious time to manage.

So I switched back to CPA. This time measuring a conversion as a successful download and install (my table planner shows a help page in a browser on first run, this contains the Google conversion tracking script).

So now, instead of having to choose thousands of bid prices (one for each keyword and match type in each campaign), I had to choose a single bid price – what I am prepared to pay Google for a download. If I pay too little for a download: Google won’t show my ads much, I won’t make many sales and my profit will be low. If I pay too much for a download: Google will show my ads a lot, but the amount I pay for each conversion will be high and my profit will be low. In between their should be a ‘sweet spot’ that gives me optimal profit. But how to find that sweet spot?

Looking at analytics data I have a good idea at what rate Adwords traffic converts to sales. I chose a CPA bid based on this and then I randomly varied the bid up or down every 7 days (some days of the week perform consistently better than others for my product). The graphs below show the results. Each data point is 7 days of data. The black lines are linear trend lines. I deliberately haven’t put values on the axes, but the x and y axes are all linear, starting at 0.

The trends are pretty clear. Increasing CPA bid price:

  • increases the number of times your ads are shown
  • makes little difference to the click through rates
  • decreases the click to download and download to sale ratios

So higher bids means more sales, but also a higher cost per sale. But, of course, the really important metric is profit. So I worked out the average daily profit from Adwords traffic, which is the net sales income (gross sales minus sales costs, including payment processor fees and support costs) minus Adwords costs. Again each point is 7 days of data. The black line is a 2nd order polynomial trend line.

The data is quite noisy. But some data is a lot better than none and there does appear to be sweet spot about where the red arrow is. The curve is fairly flat meaning that I don’t have to be too precise in my bid price to get a near to optimal return. But if I bid twice the optimal price my profit will drop by about 35%.

In an ideal world I would have run all these different bid prices concurrently, instead of one after the other. But that just isn’t possible with Adwords at present (you can use Google Adwords experiments to split test bid prices, but only 2 at a time). Also I could have gathered a lot more data, used longer time intervals (7 days probably isn’t long enough for Google CPA to get into its stride) and bid a lot higher and lower, to make the trends clearer. But I wasn’t prepared to spend the extra time and money required.

If you are using CPA bidding you should be able to carry out a similar analysis on your own Adwords account to find your own CPA bidding sweet spot. If you are still using CPC, perhaps you should consider switching to CPA and let Google do some of the heavy lifting for you. You can switch any campaign that has 15 or more conversions per month to CPA bidding in the ‘Settings’ tab.

You can always switch back to CPC later. If you aren’t using Google conversion tracking, well you really should be.

A word of warning. Not all downloads are equal. You might think that download to sale rates would vary a lot less than impression to click and click to download rates (I did). But download to sale ratios can vary a lot between different campaigns, even for the same product. For example, my analytics data shows that downloads from Adwords display (=contents/adsense) traffic only convert to sales at around a quarter of the rate of Adwords search traffic. So display campaign downloads are worth a lot less to me than search campaign downloads and I set my CPA bids accordingly.

I showed a draft version of this post to Alwin Hoogerdijk of Collectorz.com collection database software, who first persuaded me to switch back to CPA and knows a lot more about CPA than I do. He had the following to add:

When using CPA bidding you should give Google more room to experiment. On search, this means using more broad match terms, or at least modified broad match. And less negative keywords (I removed a lot of my negatives lately). The idea is that Google will automatically find out what works and what doesn’t (again, this may take a lot of time).

On the Content Network it means being less trigger-happy with the site exclusions. Without CPA bidding, I would be more likely to exclude generic sites like Facebook, about.com, etc… But with CPA bidding, I tend to allow the optimizer to display on those sites and the find the right pages within those sites to show my ads on.

In my experience, the optimal CPA bid can vary (wildly) between products, campaigns, etc. . Content Network CPA’s in general tend to be much lower, for the same products. Strangely enough, content network visitor sign up (or downloads) are worth less than search traffic sign ups. Which wasn’t what I was expecting. Of course, content network traffic is less targeted in general so one would expect a lower sign up rate. But even if those visitors sign up, they convert less well to actual sales too. Tricky.

Robo Print Job Manager

I recently did some consulting for Paul Roberts on his print estimation software, as usual concentrating on improving marketing and usability. He sent me some feedback at the end of the consulting and was kind enough to let me reproduce it here.

I got Andy to check out why my software was not selling as well as I expected. His approach was very thorough and covered the entire downloading experience, from Google to first impressions of the software. Some of the findings were very unexpected, and he found a considerable amount of room for improvement in various areas. Many suggestions were things I had never considered. I needed a brutally honest opinion with plenty of recommendations, and Andy (The Gordon Ramsay of the Software Development World – in a nice way) exceeded my expectations in his approach, his professional knowledge, and his knowledge on where I’m missing out on sales. Even though we were 13 hours apart in time zones, we covered a staggering amount of ground.

I’m still working on the changes he recommended (there were quite a few), but I am confident that I will recoup the consultation fee paid to Andy very quickly once these changes are in place. I would definitely recommend Andy’s services, as this was value for money, particularly for those who find their software is not doing as well as it should do and need to look at it from a completely different perspective.

Paul Roberts, www.roboprintjobmanager.com

I am quite tickled at being compared to talented chef and TV bad boy Gordon Ramsey (warning, lots of swearing). However, while I aspire to his level of passion, knowledge and commitment, I would like to point out that I don’t use the F word during consulting (unless perhaps I find out that you are paying Google $0.50 each time someone in China clicks on your ad for a $20 product).

A simple change that doubled sales

A while back I did a day of consulting for James Wang on his SQL Pretty Printer software. One of my many recommendations was that he displayed the name of the licensed user prominently in the software, to discourage casual license key sharing. He recently reported back to me that he had made this change and it had significantly increased the number of orders for multiple licenses. The average number of licenses per sale increased from 1.34 to 2.65 since he made the change in February 2011. That is a 98% increase in sales! And it only took a week to change the licensing system.

James commented:

Each time I have had an increase in sales, I found that it was mostly due to marketing related issues like changing the licensing system or paying for a link from a site which has a highly targeted audience for my software, not due to a new version release.

Of course it helps that James had a good product in the first place.

3 Low-Competition Niches In Retail Software

This is a guest post by Joannes Vermorel, founder of the Lokad Forecasting Service.

Software developers seem to be herd animals. They like to stay very close to each other. As a result, the marketplace ends up riddled with hundreds of ToDo lists while other segments are deserted, despite high financial stakes. During my routine browsing of software business forums, I have noticed that the most common answer to Why the heck are you producing yet another ToDo list? is the desperately annoying Because I can’t find a better idea.

This is desperately annoying because the world is full (saturated even) with problems so painful that people or companies would be very willing to pay to relieve the pain, even if only a little. A tiny fraction of these problems are addressed by the software industry (such as the need for ToDo lists), but most are just lacking any decent solution.

Hence, I detail below 3 low-competition software niches in retail. Indeed, after half a decade of running sales forecasting software company Lokad, I believe, despite the potential survivor bias, that I have acquired insights on a few B2B markets close to my own. Firstly I will address a few inevitable questions:

Q: If you have uncovered such profitable niches, why don’t you take over them yourself?
A: Mostly because running a growing business already takes about 100% of my management bandwidth.

Q: If these niches have little competition, entry barriers must be high?
A: Herding problems aside, I believe not.

Q: Now these niches have been disclosed, they will be swarmed over by competitors, right?
A: Odds are extremely low on that one. The herd instinct is just too strong.

Q. Do I have to pay you if I use one of your ideas?
A. No, I am releasing this into the public domain. I expect no payment if you get rich (unless you want to!) and accept no liability if you fail miserably. Execution is everything.  And don’t trust a random stranger on the Internet – do your own market research.

Before digging into the specifics of those niches, here are a couple of signs that I have noticed to be indicators of desperate lack of competition:

  • No one bothers about doing even basic SEO.
  • No prices on display.
  • No one offers self-signup – you have to go through a sales rep.
  • Little in the way of online documentation or screenshots are available.

However, lack of competition does not mean lack of competitors. It’s just not the sort of competition that keeps you up at night. Through private one-to-one discussions with clients of those solutions, here is the typical feedback I get:

  • Licenses are hideously expensive.
  • Setup takes months.
  • Upgrade takes months (and is hideously expensive).
  • Every single feature feels half-baked.

By way of anecdotal evidence – during a manufacturer integration with our forecasting technology a few months ago at Lokad, we discovered that the client had been charged $2,000 by its primary software provider in order to activate Remote Desktop on the Windows Server where the software was installed. Apparently, this was well within the norm of their usual fees for the inventory management system in place.

Granted, just being cheaper is usually not a good place to be in the market. Yet, when a competitor’s software is designed in such a way that it takes a small army of consultants to get it up and running, they can’t just lower their license fees to match yours – assuming that your design is not half-baked too. The competition would have to redesign their solution from scratch, and give up on their consultingware revenues. So you are in a great position to drive competition crazy.

With a market managing over two-thirds of the US gross domestic product, one would expected retail be saturated by fantastic software products. It turns out this is not the case. Not by a long shot – except eCommerce (e.g. online shopping carts) which attracts a zillion developers for no good reason.

Some salient aspects of the retail software market:

  1. Most retailers are already equipped in basic stuff such as point-of-sale, inventory management and order management systems. So you don’t have to deliver that yourself. On the contrary, you should rely on the assumption that such software is already in place.
  2. As far the Lokad experience goes with its online sales forecasting service, retailers are not unwilling to disclose their data to a 3rd party over the Internet. It takes trust and trust takes time. Interestingly enough, at Lokad we do sign NDAs, but rather infrequently. We are not unwilling, but most retailers (even top 100 worldwide ones) simply don’t even bother.
  3. Retailers have a LOT of data, and yet unlike banks, they have little talented manpower to deal with it. Many retail businesses are highly profitable though and could afford to pay for this kind of manpower, but as far I can tell, it’s just not part of the usual Western retail culture. Talents go to management, not to the trenches.

Niche 1: EOQ (Economic Order Quantity) calculator

Retailers know they need to keep their stocks as low as possible, while preserving their service levels (aka rate of non stock-outs), see this safety stock tutorial for more details. If the marginal ordering cost for replenishment was zero, then retailers would produce myriads of incremental replenishment orders, precisely matching their own sales. This is not the case. One century ago, F. W. Harris introduced the economic order quantity (EOQ) which represents the optimal quantity to be ordered at once by the retailer, when friction factors such as the shipping cost are taken into account. Obviously, the Wilson Formula (see Wikipedia for details) is an extremely early attempt at addressing the question. It’s not too hard to see that many factors are not accounted for, such as non-flat shipping costs, volume discounts, obsolescence risks …etc.

Picking the right quantity to order is obviously a fundamental question for each retailer performing an inventory replenishment operation. Yet, AFAIK, there is no satisfying solution available on the market. ERP systems just graciously let the retailer manually enter the EOQ along with other product settings. Naturally, this process is extremely tedious, firstly because of the sheer number of products, secondly because whenever a supply parameter is changing, the retailer has to go through all the relevant products all over again.

The EOQ calculator would typically come as multi-tenant web app. Main features being:

  • Product and supplier data import from any remotely reachable SQL database[1].
  • Web UI for entering / editing EOQ settings.
  • EOQ calculation engine.
  • Optional EOQ export back to the ERP.

Pricing guestimate: Charge by the number of products rather than by the number of users. I would suggest to start around $50/month for small shops and go up to $10k/month for large retail networks.

Gut feeling: EOQ seemingly involves a lot of expert knowledge (my take: acquiring this knowledge is a matter of months, not years). So there is an opportunity to position yourself as an expert here, which is a good place to be as it facilitates inbound marketing and PR with specialized press. Also, EOQ can be narrowed down to sub-verticals in retail (e.g. textiles) in case competition grows stronger.

Niche 2: Supplier scorecard manager

For a retailer, there are about 3 qualities that define a good supplier: lowest prices, shortest shipment delays, best availability levels (aka no items out-of-stock delaying the shipments). Better, sometime exclusive, suppliers give a strong competitive edge to a retailer. Setting aside payment terms and complicated discounts, comparing supplier prices is simple, yet, this is only the tip of the iceberg. If the cheapest supplier doesn’t deliver half of the time, “savings” will turn into very expensive lost sales. As far I can observe, beyond pricing, assessing quality of the suppliers is hard, and most retailers suffer an ongoing struggle with this issue.

An idea that frequently comes to the mind of retailers is to establish contracts with suppliers that involve financial penalties if delays or availability levels are not enforced. In practice, the idea is often impractical. Firstly, you need to be Walmart-strong to inflict any punitive damage on your suppliers without simply losing them. Secondly, shipping delays and availabilities needs to be accurately monitored, which is typically not the case.

A much better alternative, yet infrequently implemented outside the large retail networks, consists of establishing a supplier scorecard based on the precise measuring of both lead times (i.e. the duration between the initial order and the final delivery) and of the item availability. The scorecard is a synthetic, typically 1-page, document refreshed every week or every month that provides the overall performance of each supplier. The scorecard includes a synthetic score like A (10% best performing suppliers), B and C (10% worst performing suppliers). Scorecards are shared with the suppliers themselves.

Instead of punishing bad suppliers, the scorecard helps them in realizing there is a problem in the first place. Then, if the situation doesn’t improve after a couple of months, it helps the retailer itself to realize the need for switching to another supplier…

The scorecard manager web app would feature:

  • Import of both purchase orders and delivery receipts (this might be 2 distinct systems). [2]
  • Consolidation of per-supplier lead time and availability statistics.
  • One-page scorecard reports with 3rd party access offered to the suppliers.

Pricing guestimate: Charge based on the number of suppliers and the numbers of orders to be processed. Again, the number of users having access to the system might not be a reliable indicator. Starting at $50/month for small shops up to $10k/month for large retail networks.

Gut feeling: By positioning your company as intermediate between retailers and their suppliers, you benefit from a built-in viral marketing effect, which is rather unusual in B2B. On the other hand, there isn’t that much expert knowledge (real or assumed) in the software itself.

Niche 3: Dead simple sales analytics

Retail is a fast-paced business, and a retailer needs to keep a really close eye on its sales figures in order to stay clear of bankruptcy. Globally, the software market is swarming with hundreds of sales analytics tools, most of them being distant competitors of Business Objects acquired by SAP years ago. However, the business model of most retailers is extremely simple and straightforward, making all those Business Intelligence tools vast overkill for small and medium retail networks.

Concepts that matter in retail are: sales per product, product categories and points of sale. That’s about it. Hence, all it should take to have a powerful sales visualization tool setup for a retailer should be access to the 2 or 3 SQL tables of the ERP defining products and transactions; and the rest being hard-coded defaults.

Google Analytics would be an inspiring model. Indeed, Google does not offer to webmasters any flexibility whatsoever in the way the web traffic is reported; but in exchange, setting-up Google Analytics requires no more than merely cutting-and-pasting a block of JavaScript into your web page footer.

Naturally it would be a web app, with the main features being:

  • Product and sales data import from any remotely reachable SQL database.[2]
  • Aggregate sales per day/week/month.
  • Aggregate per product/product category/point-of-sales.
  • A Web UI ala Google Analytics, with a single time-series graph per page.

Pricing guestimate: Regular per-usage fee, a la Salesforce.com. Starting at $5/user/month basic features to $100/user/month for more fancy stuff.

Gut feeling: probably the weakest of the 3 niches, precisely because it has too much potential and is therefore doomed to attract significant attention later on. Also, achieving a wow effect on first contact with the product will probably be critical to turn prospects into clients.

Market entry points

Worldwide, there are plenty of competitors already for these niches. Yet, again, this does not mean much. Firstly because retail is so huge, secondly because it’s a heavily fragmented market anyway. First, there are big guys like SAP, JDA or RedPrairie, typically way too expensive for anything but large retail networks. Second, there are hundreds of mid-market ERPs, typically with a strong national (or even regional) focus. However, those ERPs don’t delve into fine-grained specifics of retail, as they are too busy already dealing with a myriad of feature requests for their +20 modules (accounting, billing, HR, payments, shipping … etc). Hence, there is a lot of space for razor-sharp web apps that focus on one, and only one, aspect of the retail business. Basically single-minded, uncompromising obsession with one thing, leaving aside all other stuff to either ERPs or other web apps.

In order to enter the market, the good news is that mid-size retailers are pretty much everywhere. So you can just use a tiny bit of networking to get in touch with a couple of neighbouring businesses, even if you don’t have that much of a network in the first place. Then, being razor-sharp in a market where very little online content is available, offers you a cheap opportunity at doing some basic SEO based on the very specific questions your software is addressing.

Q: I am interested, I have questions, can I ask you those questions?
A: Naturally, my rate is 200€/h (no just kidding). Yes, email me.

[1] Don’t even bother about providing a super-complicated setup wizard. Just offer a $2k to $5k setup package that includes the ad-hoc handful of SQL lines to match the existing data of the retailer. We are already using this approach at Lokad with Salescast. Alternatively, we also offer an intermediate SQL schema, if the retailer is willing to deal with the data formatting on its own.

[2] Again, I suggest an approach similar to the one of Salescast by Lokad: don’t even try to robotize data import, just design the software in such a way that adding a custom adapter is cheap.

Joannes Vermorel is the founder of Lokad, company motto “You send data, we return forecasts”. Lokad won the first Windows Azure award from Microsoft in 2010, out of 3000 companies applying worldwide. He has a personal blog that mostly deals with cloud computing matters.

Nearly all UK business websites now technically illegal (EU sites to follow)

On the 26th May the rules on the use of cookies changed for UK businesses. You now have to explicitly ask every visitor to your website if they want to opt-in to ‘non-essential’ cookies. This includes tracking and analytics cookies. The penalty for not doing so is a fine of up to £500,000.

No, I’m not joking (unfortunately). You can read some rather vague official guidance about it from the Information Commissioner’s Office here:

Changes to the rules on using cookies and similar technologies for storing information

You can also see the ICO’s implementation of this policy on their own website with the ghastly pop-up shown below (click to enlarge):

So it seems that we are going to have to show a hideous and scary pop-up to every visitor that comes to our site. Nearly all of these visitors will inevitably choose the less scary sounding default and opt-out (why would they opt-in?) which means that our precious tracking and analytic data will suddenly become a lot less useful. So a less pleasant user experience for customers and a huge reduction in useful data for vendors. And to what benefit? I really don’t mind if vendors collect aggregated data about how I arrived at their site or what pages I visit while I am there. The more I read about the new rules the less workable and useful they sound. It looks like the sort of monumental, fur-lined, ocean-going, balls-up that only governments are capable of.

The situation remains fluid at present. The introduction of this new law has been so shambolic that the UK government is giving businesses 12 months grace before they start enforcing it. I don’t even know if the ruling applies to businesses based in the UK, web servers based in the UK or any website with UK visitors (if you do know, please comment below). Perhaps Google et al will dream up a technical solution that keeps the EU happy without me having to make any changes to my website. Maybe pressure from businesses will force the government to back down. Perhaps someone will find a loophole (e.g. setting up a company outside the EU to host your website). Or maybe so many businesses will ignore this ridiculous law that it will be unenforceable. I am going to wait a few months to see how things play out.

This change in the law comes from an EU directive, so any of you reading this in EU countries other than the UK can stop smirking – it is coming your way as well.

For more information see:

(Photo by Delfi Jingles, some rights reserved)

15 criteria for evaluating software product ideas

Choosing the right product to develop is crucial. Great execution is also very important. But if you develop a product that no-one wants or no-one is prepared to pay for, then you are going to fail, no matter how well you execute it. You can often tweak a product or its marketing to make it more successful based on market feedback (‘pivot’) .  But the less pivoting you have to do, the better. Below I list some of the criteria I think are important for evaluating the potential of new commercial software products.

1. Are you solving a real problem?

Has your customer got a ‘bleeding neck’? Is your software solving a problem compelling enough that someone is going to download it, install it, evaluate it, buy it and then learn to use it, with the accompanying risks of credit card fraud and malware? It is hard to change people’s habits. They are going to keep doing what they are doing now (e.g. pen and paper or Excel) unless you can convince them your software offers them very significant advantages.

2. How much will people pay for this product?

This is a complex question and depends on many factors. You should be able to get a rough idea by looking at your closest potential competitors. But there are some types of software that people don’t expect to pay for, no matter how difficult or expensive it is to develop – for example web browsers and media players. There are some users who can’t pay – for example children and people in some developing countries. And there are some people who won’t pay – for example many Linux users. So good luck selling a media player aimed at teenage Linux users in China.

3. Is the market big enough?

Is the market big enough for you to make a living? How many people are looking for solutions to this sort of problem? This is less of a problem than most people think. Given the huge number of people with Internet access and credit cards it is possible for a small company to make a decent living from a market that appears very narrow. Narrowing your market also allows you to be much more focussed in your marketing.

4. Can you promote it cost effectively?

How are you going to reach customers: Adwords, SEO, partners, magazine ads, direct mail, social media, affiliates, resellers or other methods? Can you do it cost effectively? How much is each sale from Adwords going to cost you assuming a 1% conversion rate? If it costs you $31 in advertising for each sale of a $30 product, you aren’t going to be in business long. But if you can cross-sell it to customers you already have a relationship with, that is a huge plus.

5. How much competition is there?

If there are lots of established competitors, you may have a hard time getting noticed. Personally I wouldn’t want to go into any market where I didn’t have a reasonable shot of getting to the first page on Google for at least some of the important search terms. For example, I think it would be incredibly tough to succeed with yet another Twitter, RSS, todo list or backup application. Conversely, if there are no competitors, that means that there may be no market. Creating a new market is tough, especially for a small company. Ideally you want a market where there are competitors making a decent living, but you think you can do a better job than them, or at least be different to them in some important way.

6. How is your product different?

Many vendors try very hard to reach feature parity with their competitors. But successful marketing means being different to your competitors. How is your product going to be different? What is your positioning? Note that just being cheaper than your competitors is not enough.

7. How high is the barrier to entry?

How long will it take you to create a minimum sellable product? If the barrier to entry is too high, you may never have the time, cashflow and energy to reach v1.0. As a self-funded microISV I wouldn’t want to work on any product where I couldn’t deliver something sellable (a minimum viable product) within 6 months. Conversely if the barrier to entry is too low, then it will be easy for others to copy your idea if it is successful.

8. Can you reach critical mass?

Some types of applications need a certain number of users before they can take off (network effect). For example, a massively multi-player game, dating site or auction site isn’t going to be very interesting until the number of users reaches a certain threshold. Do you have the contacts and financial resources to reach this threshold?

9. Do you have the technical skills and domain knowledge to create this product?

If not, how long will it take to learn them? Different technologies suit different types of problems. Using an inappropriate technology, just because it is one you have experience in, is unlikely to end well.

10. Are you scratching your own itch?

If you can be your own customer, then this can be very helpful in coming up with a good solution. But be wary about assuming that your needs are the same as everyone elses.

11. What is the lifetime of the product?

Is the technology going to be obsolete, or will the market disappear within a couple of years?  Are customers likely to buy upgrades to new versions? The longer you can sell a product for, the more profitable it is likely to be.

12. Is a good domain available?

Can you get a good domain for your product? Domains that contain keywords that people are likely to search on will help with SEO.

13. What are the risk factors?

Every dependency is a risk factor. If the platform your products runs on dies, then your product dies.  If you are writing an add-on for another product, then you can be put out of business pretty much overnight if the core product dies or if the functionality of your add-on is incorporated into the core product. Can you get source code for third party libraries?

14. Is the passion there?

Good software takes a lot of time and effort. Don’t believe the hype about 4 hour work weeks. Is it going to be interesting and fun? Do you have the passion and commitment to still be working on this product in 10 years time?

15. Will it make the world a better place?

Software products can be an enormous force for good in the world, increasing productivity and allowing people to do things they couldn’t do otherwise. You don’t have to be the next Google to be doing something worthwhile. But creating a “me too” clone of an existing software package or a product that encourages anti-social behaviour (e.g. spamming) isn’t going to make the world a better place.

Making a decision

You need to look at all these criteria before you make a decision. For example, a short lifespan or a small market might be compensated for by a high ticket price. If you are evaluating several products, create a simple table with a row for each criteria and a column for each product and compare them side by side.

Al Harberg’s Software Marketing Glossary

Al Harberg (best known for his press release service for software vendors) has created a useful glossary of software marketing terms. Al knows a lot about marketing software. His glossary is 107 pages/53k words long and includes quotes, book review and feature articles. I particularly enjoyed some of the more tongue in cheek definitions e.g. “System requirements: A poorly cobbled statement of techie talk that software developers use to lose sales” and “Idiot customers: Clients who don’t understand every aspect of your software immediately”. If you don’t know what active voiceAIDA, astroturfing, cloaking, CPM, fast follower or purchase order mean, now is your chance to find out.

Is it worth advertising Mac software on Google Adwords?

I learnt a long time ago that people will happily click on totally irrelevant pay per click ads. For example, if you bid on “seating plan” I can assure you that a significant percentage of people searching for “boeing 747 seating plan” will happily click on your ad titled “wedding seating plan”. They won’t buy anything, as they aren’t interested in wedding seating plans, but you still have to pay for each click. You can stop your ad showing to these searchers by adding “boeing” and “747” as negative keywords. Problem solved.

But what do you do if you are selling software that only runs on Mac OS X? The vast majority of searchers are running Windows. Indiscriminate clicks by them could quickly turn your Adwords ROI negative. In your Adwords campaign settings you can choose to only show ads on desktop computers and laptops. But you can’t choose the operating system.

As discussed above, putting “Mac” in the title is unlikely to be enough. You can’t use negative keywords, because the vast majority of Windows users searching for, say, backup software will type “backup software” not “Windows backup software”. You can just bid on searches containing keywords “Mac”, “Apple” or “OS X”, but will this be enough? My general advice to Mac only software vendors was to avoid Adwords, unless the ticket price of their software was in the hundreds of dollars. But, as my software runs on both Windows and Mac, I didn’t have any data to back this up.

Recently I got some data on Adwords clickthrough rates for a Mac only app (www.puzzlemakermac.com) by Hokua Software. They have kindly allowed me to share the data.

Initially they bid on generic keywords, such as “crossword maker” and ran ads such as the following with “Mac” displayed prominently in the title:

The results from analytics: 60% of the people clicking on the ads were on Windows and 40% on Mac.

Then Google banned them from the word “Mac” in their ads (it is possible to get this reversed with the express permission of Apple, but I don’t know how likely they are to grant this). So they switched to “OS X” in the ad, which hasn’t been blocked (yet).

The results from analytics: 73% of the people clicking on the ads were on Windows and 27% on Mac.

Then they restricted their bids to Mac targeted keywords such as “mac crossword maker”.

The results from analytics: 23% of the people clicking on the ads were on Windows and 73% on Mac. But there was a big drop in the number of impressions.

I think it is going to be almost impossible for anyone to get a return from Adwords when the majority of their clicks have no chance of generating a sale. So only bidding on Mac specific keywords seems to be the way to go. But there will still be a significant number of wasted clicks from Windows users. Also any Mac users who don’t use the appropriate keywords won’t see your ad. Consequently the return on time and money invested is likely to be a lot lower than Windows, cross-platform and web developers can expect. If you have a Mac only product with: a high ticket price product, well-defined keywords and limited competition, it might be worth trying Adwords. But otherwise it is probably better to wait and see if Google release OS targeting.

Of course, you could always use one of the free Adwords vouchers that Google are handing out like confetti (I get one every month in my PC Pro magazine) and try for yourself. This is how Hokua software got the results above. If you do, I would be interested to know how your results compare.

PerfectTablePlan Royal Wedding Special

PerfectTablePlanIt is the Royal Wedding tomorrow and everything has gone Royal Wedding crazy here in the UK. I did send the happy couple a complimentary copy of my Perfect Table Plan software a while ago. I haven’t heard anything back, but I will be checking my support emails tomorrow morning, just in case. ;0)

I am doing my bit to cash in honour the occasion by putting the Home Edition of Perfect Table Plan on one-day discount site BitsDuJour on the big day. 51% off for 29th April only.

After the discount, BitsDuJour’s commission and support costs, I won’t be making much per sale. But I figure it might be worth it for the exposure to a different audience. Also some of the purchasers might upgrade later. My product is rather different to most of the other products featured on BitsDuJour, so it will be interesting to see how it does.

Will you, or anyone you know, be planning a seated event  (wedding, charity gala, award ceremony etc) in the future? If so, you can get the 51% discount here.

Interview with a cracker

Through an unforeseen series of events, I have ended up corresponding with a cracker known only to me by a Hotmail address and the  pseudonym “CrackZ”. It quickly became clear that he knew what he was talking about, but was motivated by curiosity rather than criminality. Obviously crackers are a more diverse group than the criminal masterminds and script kiddies of popular imagination. To my surprise he agreed to be interviewed for this blog and I jumped at the chance to find out a bit more about the shadowy world of cracking.

*** I realize this is an emotive subject, but please read the whole interview before posting anything in the comments. ***

What is your background? How did you get into cracking software?

I graduated in software engineering about 10 years ago and started out seriously cracking software in my first year at University. It was the first time I’d had access to a fast, unmetered Internet connection and my interest became collecting software and then breaking it; most of my associates never proceeded much beyond the downloading lots of free software stage. Prior to this I’d really only ever had a casual knowledge of the piracy scene from owning a Spectrum, Commodore 64 and then an Amiga. Think tapes and copy disks being swapped in the playground and you wouldn’t be far wrong ;-). The first PC experiences I can recall were studying some very early Phrozen Crew cracks and the Quox virus that someone gave to me on a disk.

Do you also write software? Is your day job in the IT industry?

Yes and yes.

What is the motivation for cracking software?

Motivation for cracking really seems to vary. For me I think its always been mainly about the intellectual challenge, studying code, or ‘breaking the minds of protection authors’ as one correspondent so eloquently put it. For many there is also the ‘social aspect’ of being amongst a like-minded group of individuals (see some of the interviews with former members of famous groups e.g. PWA, DOD if you want to understand how powerful a *pull* the social element can be). Then there are also those who simply enjoy getting software for free or those who do it simply for ‘kicks’. Contrary to the various anti-piracy associations propaganda, very few of those I’ve ever been associated with have been motivated financially. That’s not a justification of course, but it might help if most authors realised that the person who cracked their software is more likely a bored 16 year old Chinese male than a future terrorist.

Is cracking an individual activity or is it organized?

The answer is both, but that is an oversimplification. Most of my cracking has been pretty much a lone-wolf occupation, although there have been times I have worked with others on group projects, expensive CAD/CAM applications for example. One only has to look at the scene to see that there are plenty of organized groups out there and some of the group infrastructures I’ve seen would rival small corporations in their sophistication. A lot of authors are often quite surprised to find their software on the cracking scene radar.

What is your attitude to intellectual property? Do you release cracks and keygens ‘into the wild’? What do you think of those that do?

I’ve actually gone full circle here; in my early years IP literally meant absolutely nothing to me, the value of the software didn’t matter and authors were inconsequential. I would happily release cracks and key generators under a variety of nicknames and scene groups and I didn’t lie awake at night thinking about the damage I might be causing to someone’s livelihood. Currently, I’m 100% in the ethical category (you can debate that). I haven’t been able to curb my interest in protection code, but have managed to channel my interest towards simply contacting the authors when I have broken their code. Sometimes I’ll even offer a little helpful advice; though I’m afraid that’s probably the ‘moral best’ I’m ever going to be. I don’t support those who release cracks and key generators. I’ve heard enough from authors to know how damaging it can be, but anyone who has ever experienced the scene can probably understand why it still happens and will continue.

I can understand the attraction of cracking as an intellectual challenge. But why do some crackers then release the cracks? What do they gain?

Respect amongst their peers and the ‘scene’ at large and dubious notoriety. I’ve known some who did so in order to get a job.

When people release cracks do they think about the effect they are having on the livelihoods of the people who write the software? Do they care?

My guess would be ‘probably not’ on both counts. I think this changes with age though and many get more considerate as they get older.

What is your opinion of people that add trojan horses and other malware to cracks?

I suppose I might be accused of some degree of hypocrisy ;-), but these really are the bottom-feeders and low-lifes of the world.

What types of software do you target?

Myself it has been pretty much exclusively Windows, with the occasional bit of *nix, but there is plenty of interest in virtually every platform out there, even groups dedicated solely to them. Nothing escapes attention these days.

What tools and techniques do you use for cracking?

My tools of choice are IDAPro (the best disassembler which also includes a debugger) and also a mixture of other debuggers depending on the target (e.g. OllyDbg, SoftICE, Syser and even WinDbg). And then there are other associated tools like a decent Hex Editor (Hiew, UltraEdit) and more specific utilities covering the various cracking fields. There are quite a few books out there on the subject of reverse engineering that list virtually all of the tools in most crackers toolsets.

How long does it take you to crack the protection on an average piece of software?

On average shareware protections I’d usually be able to break them in a matter of hours, although understanding their intricacies might take a good deal longer. I’ve had some fall in minutes and others take full days of analysis. Perhaps as a small comfort, I’d say that each year the average protection seems to be getting a little more difficult to crack.

How long are you prepared to spend to try to crack a piece of software? Do you ever come across software you can’t crack?

In the past I’d be prepared to invest most of the hours in a day in one piece of software. I’d make literally pages of notes on paper and in the disassembler, naming functions, variables, structures, commenting fields etc. For many crackers time is a commodity they have in spades. I’ve met several targets that I couldn’t crack and several I simply didn’t bother completing because others had beaten me to it. Of the few I couldn’t break I did understand the reasons why (some need specific server-side responses). In some cases, several years later, users sent me the necessary hardware / information to enable me to break those targets.

Are applications protected by commercial anti-piracy software harder to crack than applications with home grown protection?

This is a tricky one; commercial anti-piracy software is pretty much exclusively written by ex-members of the cracking community and by default is protected better than many authors own creations. However, once a protector gains what I’d best term as a ‘critical usage mass’, its attractiveness as a target becomes that much greater. Experienced crackers are drawn to it almost like moths to a flame, since breaking an entire ‘protector’ can yield a lot of targets. Some of the very best and worst of the protections I’ve seen have been of the home grown variety. A lot of authors (IMHO rightly) conclude that improving the attractiveness of their software to potential customers is a much more productive use of their time than writing the ultimate copy protection.

Is software that phones home harder to crack?

Software that simply ‘phones home’ presents more of a nuisance than any real barrier to cracking. I’ve seen some that implement server license checking (mIRC is a widely available example) and it hasn’t stopped the cracks appearing. Several other targets have required decryption keys to be fetched from the server and these also haven’t presented any real problem. Its worth remembering that a cracker will often have access to a legitimate license with which to perform his study. At some stage a true client/server protection model over the internet will be a real possibility (MS has some stuff already like this), where all of the code is actually executing on a server. This will most likely simply move the goalposts, but seeing as a lot of the software I have been asked to look into was leaked to me by company employees the server model might not be as secure as it suggests.

Do hardware solutions (e.g. dongles) make software significantly harder to crack?

Hardware keys and, more recently, smart cards do make software harder to crack, largely due to the fact there is usually an element of hardware encryption these devices perform that can’t be easily replicated without access to the original device. However, over the years, I’ve met literally hundreds of disgruntled end-users of these devices, many of whom have sent me their keys and risked their jobs just to be free of them. A few eastern European contacts of mine sell ‘dongle emulating’ solutions and have archives of probably more than 10,000 individual dongles.

Is any method of securing software 100% secure?

Absolutely not, and anyone who tells you otherwise is lying.

What are the commonest mistakes software developers make related to security?

In no particular order:

  1. Depending on commercial protection schemes for security.
  2. Directly comparing the license string entered with the correct one.
  3. Not using some sort of encryption/obfuscation (XOR isn’t *good* encryption).
  4. Using a single simplistic registration function that is easy to isolate.
  5. Displaying message boxes with helpful strings sending the cracker straight to the protection code.
  6. Not integrity checking against patching.
  7. Not updating the software once a crack is discovered in the wild.

Do you think software vendors should spend more time making their software harder to crack?

I’m pragmatic; I’d advise all software authors to invest time in a *reasonable* copy protection and keep abreast of whether cracks are out there, educating your potential customers can be worthwhile. Make your protection something custom and use some imagination by all means, but make it proportional to what you are protecting. There isn’t much point having a £million lock on a £100 product, you simply can’t defeat every single cracker out there.

Can you expand on “educating your customers can be worthwhile”?

‘Educating’ might be the wrong word, but appealing to peoples conscience can be quite effective. A few software authors have ‘crack catcher pages’ for the search engines that say things like “I work 60hrs per day on my software, please support me if you want me to continue adding features” etc. Its also worth pointing out that there are plenty of con-merchants and dodgy sites out there selling cracks that often do contain trojans/viruses. One could also appeal to the fact that ‘time is money’ for a lot of potential software buyers, so why invest several hours of their life looking for a crack if it’s more cost effective to buy?

Can you recommend any online resources for authors wanting to know how they can protect their software better?

There are several books and web resources on anti-debugging & protection advice, Google will find them ;-). There are also several mainstream books, Pavol Cerven’s springs to mind.