Cracking and VB.NET

I was about to have an application coded in .NET, but on looking into security and licensing, I find that while licensing isn't a problem, the apps that have anti-cracking features, such as Armadillo, PC Guard, and SDProtector, don't work with .NET. So my questions are:

- Is it possible to achieve anti-cracking security with .NET apps as strong as with other languages, and is there a not-too-expensive package that can do this?

- I've been told that locking an application to a particular machine makes it easier to crack. Is this true? I know there's disagreement about the effectiveness of it from the point of view of customer annoyance, but my question is just about security.

- I've seen a reference to the Microsoft Developer Security Toolkit, a free DVD for developers that shows best practices, sample code, etc. Has anyone used this, and will following its recommendations provide high-level security, or is it basically common info that most developers already know?

Thanks.

Welcome to the Forums.

To protect your projects code you can use an Obfuscator program. The one that comes with VS.NET is ok but not really powerful enough. There are several third party ones that are good but cost a few $$$.

Thanks. I looked at some obfuscators, and you're right--the cheapest one I found was $550. Actually, there's one that's sort of in beta for $80--looks like a bargain.

Any opinions on the value of the MS Developer Security Toolkit and machine locking?

Which OB was it that you found for $80?

http://www.lesser-software.com/en/co...Obfuscator.htm

Thanks for the link. Looks like the $79 price is just for the beta. When the final is released it will go up. Their pricing is confusing as they show the Obfuscator for $29 but say its integrated with the lab suite which is $79. So I guess that means $108 for the beta?

Hmm, guess so. But either way, it's better than $550+, assuming it doesn't have too many bugs.

Probably should look for some reviews as the level of security may be more important. That is what your paying for.

Actually, that's what I meant by bugs. Thanks for the suggestion about reviews--it wouldn't have occurred to me. There don't seem to be too many--probably because it's still in beta (for the past year--he doesn't seem to be in any hurry). However, I found an interesting site with free guides to various .NET subjects, including obfuscation, and reviews of the major apps:
http://www.howtoselectguides.com/dotnet/obfuscators/

One thing they say is this: "Some installers can convert a .NET application into a single tamper-resistant executable application. By blocking debugging and decompilation this achieves the same goals as obfuscation. Depending on the method employed, this application may be transformed back into managed code at runtime, or it may execute as unmanaged code."

Are they talking about installers like Installshield or Wise Installation Wizard?

Did you read the section at the bottom - "Vendors/Authors Profiled in this Guide"?

Yes. Did you read "Related Categories > Installers" near the top?