>In my view, Refox has improved a lot and I understand there may be more improvements on the way. Certainly its author does listen and is actively improving his product. But once you know what to do, previous versions could be cracked by a neophyte following some simple steps. Current version is a lot better, including some anti-injection tests offered up during the previous challenge, but IMHO you face the same problem as any walling system: if you can get inside the walls, it doesn't matter how good the walls are.

I really disagree with this suggestion that a "neophyte" can just bypass wrappers like Molebox. That is simply not true unless a pre-written attack script exists against a particular target. And even then how would some "neophyte" even know where to find it? For example, here is a chap cracking a Molebox protected app - https://www.youtube.com/watch?v=f-ddSMGwt58 - have a look at this video, it's only a few minutes. But what is interesting here is do you really think a "neophyte" is going to be able to do that, use that memory hooking and debugging program, understand what is going on in there? The truth is 99% of your average computer users is going to have no clue how to break the basic protection schemes that one can apply (e.g. Refox, Molebox, Armadillo, Enigma, etc.). For the remaining 1%, i.e. the skilled hacker, they will get what they want from your app. It might not be original source code but it will be credentials, passwords, and a deep understanding into what the app is doing and how.

The anecdotal stories you mentioned in another post of some users you have encountered who took a VFP app and extracted the source code (probably unprotected with anything at all) and tried to handle their own support, or a distributor who thought they would just take the code and make their own - how often is this really happening? And if the program has some protection, e.g. Molebox or Refox or something, would they still have been able to do it? i.e. are they like the chap in the video above? If yes, then they are going to get what they want anyway, more or less, because then you are dealing with skilled hackers and thieves, not general business people / customers.

I would suggest:

90% of one's users and customers have no interest in hacking our applications.
Of the 10% who have that interest, 90% will not have the skills.
That leaves 1 person in a hundred (probably far less even) who wants to hack the EXE and might have the skills to do it.

I would also add:

Many customers probably would like to bypass licensing issues and have more copies running than what they have paid for. This I do believe is very likely with many end-users. But if your app has a licensing scheme in place and an EXE protector then 99% of them will not be able to bypass the licensing scheme.

The real issue here is not whether your precious code will be retrieved verbatim but whether the licensing scheme can be bypassed. I believe very few of us have truly unique and propriety code / algorithms that also has great value. And if it has great value then it is going to be hacked and extracted because something of great value is going to attract the skilled thieves.

.

f-ddSMGwt58