Hi guys,

 

In my painful transition to .NET from MS Access I once again find myself looking at another tool that I seem to need in this never ending tool list to make a viable commercial product in .NET.

 

In reading the daily posts and just about any post to ease my painful learning curve I was confounded to find out that .NET assemblies are easily reversed engineered and thus the need for an Obfuscating tool.

 

While further researching and reading bewildered as to the fact that an obfuscator is needed and that this alone does not stop reverse engineering I found out about a couple of tools that seem to achieve true protection against reverse engineering and wanted to know if anyone has used “Thinstall’s Virtualization Suite” or “Remotesoft’s Salamander .Net Protector”?

 

I think that SF developers use Dotfuscator so you guys may have more info on these alternatives and why you guys don’t seem to use them…

 

Not to sound like a sales pitch for this product but I’m impressed with “Thinstall’s Virtualization Suite” since it seems to be the perfect tool for several reasons beyond an alternative to an obfuscating tool and really protecting against reverse engineering. For one it also seems to resolves the need for a deployment tool thus eliminating an installation process and all the issues this brings like admin and restricted install issues to deal with (good for the client and me) and also eliminates the need to install the .Net framework on the client and the issues this entails since its all in the resulting executable thus easing the deployment issue, no need to create a licensing scheme since it has its own licensing API, runs on its own protected sanbox so it protects the client even further from potential blowouts (as a .Net newbie this is very possible), and also has a licensing manager to help you track your licenses. So besides the cost (which is relative) can anyone tell me if this tool sounds like a fallacy or is this tool really worth it’s seemingly weight in gold?

 

Thanks in advance for any info on these products…

 

JC

 

Greg,

Yep “thinstall” is a little expensive and not necessarily within my budget either but the way I look at it is that if it protects my app from reverse engineering, eliminates deployment issues, helps eliminate another facet of my development with their licensing management API then the cost is a relative term especially since the cost of Dotfuscator, InstallAware, and the time to develop and implement my licensing and deployment scheme adds up and that’s doesn’t  include deployment support issues that I will have to deal with….

I’m not quite sure what you meant by licensing vs. obfuscation but the reason for protecting the code in my app is to protect my licensing scheme. Currently my MS Access app uses 2 licensing schemes to avoid pirating the app thus the extra appeal for “Thinstall”… less work on my part.

Sounds like I’m trying to sell myself into “thinstall”

The connection string thing will be another bridge to cross when the time comes since currently my App is a Client/Server but hopefully it will become a SaaS model and the connection will be stated. I’ve seen you post on this subject and I’m sure I’ll revisit it again. I’m counting on the encryption API from SF to handle storing the connection data encrypted in an encrypted file or encrypted and stored in the registry somewhere…don’t know yet since this is the least of my problems and I don’t think this will be a problem when the time comes…I hope!

Trent,

Thanks for the heads up on your confidence and reliance of Dotfuscator to protect your intellectual property this really helps to ease my concerns and your two cents have value and since their community edition is part of VS then I’ll have a chance to play with it.

Maybe between my paranoia and several internet post that claimed how easy it is to reverse engineer an obfuscated .Net app did not help. Like I said my biggest concern is protecting the licensing scheme to avoid my app being pirated. I understand that any app can be pirated and in reality you only have to be worried when you reach the big leagues like Microfour

Deployment is a big concern and I’m avoiding even thinking about it until the time comes and then anything that can ease the fear and the pain will be considered thus my current interest in the virtualization concept like “Thinstall”.

Like I said before, my app is currently a client/server model thus the deployment, licensing and pirating concern but eventually if all goes well it will be a SaaS model with the help from SF’s ES and I’m sure that will have its own set of issues and concern.

Unfortunately for now this is a one man shop and so far the learning curve and all the facets of transferring my MS App to a commercially viable .Net App is daunting and sure to take its toll so anything that cuts my learning curve and development time and cost like SF or "thinstall" is welcomed.

Thanks again guys…

JC,



Here is a How-to-select guide to .net obfucators, with the link pointing to the piece concerned with licenses:



http://www.howtoselectguides.com/dotnet/obfuscators/#section-related-cats



This might be of help otherwise too, if nothing else, there are some somewhat objective reviews of a few products.