I find that the easiest way to protect software is by using some online validation. Each package gets it's own 45 digit key (or whatever) and the users need to activate it online.

Similar to Steam and EA's DLR. (or whatever it's called) It's a real pain in the butt, yes, but it's probably the only way to make sure that no-one gets an illegal copy. (EG: When the user sends the unique key, you also send his HDD serial number, or something of the sort)