>
>>In sum; What needs to be protected? From who? For how long?
>
>An average protect enough for me. I want to just silly Google hackers should not hack my application. You say your application sold 20.000, than sure someone opened it if it isn't protected... :)
I didn't say it wasn't protected but it was protected against all but serious hackers for which there is no protection possible if they can get a copy of the application or database. But I don't care if they did because (a) the code really isn't rocket science stuff, (b) the code itself has no propriety value in and of itself, (c) what are they going to do with it? build a competing product? What about the data? What about sales and marketing people? What about client support? Reputation? etc. etc. In other words, a business is much more than just some software.
You can protect your app with whatever you like but this is the bottom line: end-users will not bother with hacking your code because they lack the skills and the motivation to do anything against even a basic protection scheme. Hackers are going to crack it no matter what you do. They might not get original source code but they will get a complete understanding of the inner workings of your app. That leaves your competition - they might try and get the code but what are they going to do with it that they cannot already learn by just observing your application in action? Does your app have some propriety coding techniques or algorithms which are truly unique and special? If you say yes, it contains unique and special code, then you are going to lose that (to a serious hacker) unless you can prevent access to the running exe (such as in a terminal services environment).
Molebox, ReFox, Engima, LimeLM, whatever, are all good enough for the vast majority of threat cases. Against competent hackers you will lose. For that threat you need to forget about all code wrappers or C++ convertors, etc. They only delay the inevitable. For the serious hacker threat scenario you need to re-design how your clients will access your application. Even then, given a sufficiently valuable target, your servers are going to be breached too.
In my opinion, get ReFox - it is still in production being actively updated, does the job, covers 98% of threats. For the remaining 2%, move to terminal services environment or redevelop as a web solution. Then you will reduce to 1% threat space.
.
In the End, we will remember not the words of our enemies, but the silence of our friends - Martin Luther King, Jr.