Wednesday, October 31, 2007

Software Licensing and Protection Services from Microsoft

You probably know how easy it is to disassemble .NET code and it took quite a while for Microsoft to come with a solution. This has been a reason why some companies have not made their applications using .NET code. Obfuscating the code has not been good enough. Actually it was another company that came with a solution. Back in January 2007 Microsoft acquired Secured Dimensions and now they are starting to introduce it as a Microsoft service. Take a look at the new website www.microsoft.com/SLPS. SLP Services is about IP protection, license handling.

SLP Code Protector-  Microsoft SLP Code Protector helps protect .NET code against disassembling and decompilation. Helps to protect .NET code from being hacked and reverse engineered.

I evaluated Code Protector a few months ago and it was easy and quick to get it working. It just took an hour or two to get familiar with the procedures and to be able to protect the first application. In the version I tried, it was not easy to protect DLL code that for example is to be used in-process like a DLL that needs to be loaded with NETLOAD in AutoCAD. There were workarounds for it I didn't care to try and it might be solved by now.

SLP Server 2008 - SLP Server 2008 enables software vendors and publishers to more flexibly and effectively monetize their software. With a new concept Microsoft call “SKU Agility,” the ISV can create multiple offers based on a single image of the software simply by creating digital licenses that map to pre-defined features. Features can be sold individually or accumulated into a set to create SKUs.

Licensing and Activation - are tools to help prevent piracy and serves multiple purposes – protection, license delivery, upselling, and customer service.

A while ago I got a survey from PreEmptive that got me thinking they would come up with a new solution. I now see that PreEmptive Solutions is one of the resellers for SLPS. Dotfuscator has also been extended to instrument (inject) SLPS software into .NET applications.

For more information: The SLPS blog is here and SLPS on MSDN.

1 comment:

  1. Restored comment
    by Anonymous
    I just wanted to add a few words on a) the role of the "code protection" technology now offered by MSFT and b) the integration of both the security and licensing technology inside Dotfuscator (the PreEmptive obfuscator that you reference.

    The secure virtual machine (SVM) approach taken by MSFT is very secure - but like any strong medicine - it comes with side-effects and counter-indications. Before I continue - i want to state that we are using code protector on some of our commercial software - this is not a negative post by any measure - this is more like what you might find on the label of your pharma prescription.

    Targeted .NET frameworks (compact, silverlight 1.1), SQL server .NET extensions and other specialized runtime environments may pose special challenges. The runtime translation of code essentially transforms bytecode into an interprested language. This can result in material performance implications and should be monitored. One last example, programming techniques such as reflection and the use of generics may pose additional restrictions.

    In short, code protector is a very secure solution that - when appropriate - will serve a developer well.

    On the integration within Dotfuscator...

    The result of this integration is that custom attributes (or a Visual Studio GUI) can target obfuscation transforms, code protection transforms, Microsoft licensing logic and PreEmptive application analytics in any combination and on any one or combination of methods. So - Dotfuscator could be used to instrument MSFT code protection via Visual Studio without obfuscation or any of the other capabilities Dotfuscator has been traditionally known for. The premise is that a blend of obfuscation and code protection provides the maximum protection with the fewest limitations or constraints.

    This approach also simplifies a scenario where a development group might want to iteratively include and adjust protection, analytics, and licensing options.

    ReplyDelete