Would it be so tragic not to obfuscate my product?

I'm building a software (a concept-mind-mapping/diagramming product in .NET) and seeing trouble with obfuscation (alteration of deliverable code difficult decompilation).
It costs money and time to make it work OK, and I think hackers will break it anyway.

So, would it be so damaging not to obfuscate it?

Obfuscation doesn't take any time, but Proguard costs a small bit of money.

Hackers will break it, but do you want to leave your car door open, or lock it, knowing that it can still be stolen?

Obfuscation will also help to make the final code smaller, as it gets rid of unneeded code, at times, so that is also helpful.

If you don't mind that people can easily decompile it to see how your program works, then just distribute it as it is, and since you are so helpful, just compile it in debug mode. :)

Obfuscation just makes it more difficult, and if it isn't trivial then it may require someone that has much more experience, and then it is a matter of whether that person will want to be bothered to hack your application.

I can clone your application by using it though, so looking at the code isn't necessarily needed, but I think the other benefits of obfuscation, and the fact that you just pay a price while compiling, makes it worth it.

You said you are building it in .NET, in which case you are in luck. Babble Obfuscator is free and easy to setup in .NET. I've used it to obfuscate an ASP.NET website and SharePoint solution dlls (both coded in C# with ASP.NET ascx/aspx code-behinds) and it works great. Like all obfuscators, if someone really wants your code and is prepared to spend money and/or time they will get it. But why make it easy for all the wanna-be hackers out there? .NET code is so easy to disassemble with Reflector or ildasm, and Babel Obfuscator prevents both from working.

After some tweaking I found I got the best results from Babel after making as many classes as possible have a private or non-public scope. Keep in mind you cannot use the new Visual Studio 2008 code-signing and instead have to use snk keys.

Well, it depends.

One thing you can do is simply outrun the bad guys, i.e. add lots of compelling features in the later versions, so that everyone would want to use the later versions. If you do this, then maybe you don't need to add obfuscation and license management to the first version(s).

On the other hand, obfuscation should be completely safe, and more or less free of charge on most platforms today. I don't know about .NET obfuscation, but try Googling it and try asking over at stackoverflow.com ; I would guess there are OK open-source or inexpensive .NET obfuscators available.

Another thing is some sort of license management system. Again, I don't know what the top contenders on .NET are; I would propose to ask over at OISV, Shareware Professionals or Joel's forum.

I found this article really insightful when thinking about this topic http://www.kalzumeus.com/2006/09/05/everything-you-need-to-know-about-registration-systems/ I think you have to learn to live with the fact that pirates will hack you. They have a lot of time, and tools, and incentive to do it. The harder you make it to steal your product, the bigger the risk you take that you'll also make your paying users unhappy.

(So make it just hard enough that the mostly-honest people won't steal it.)

Someone else (Joel? asmartbear?) once made an observation that he didn't care about competitors reverse engineering his app because that means those guys are busy playing catch up... leaving him free to make his app easier to use, more beautiful, and feature rich. So the takehome lesson there is to use a code obfuscation tool if it's convenient, but not to spend a lot of time or effort on it.

Aren't you jumping the gun a bit? First, you have to make your software successful before anyone is going to try to steal it. While IP protection is be important at any stage of development, don't spend too many of your resources on it.--Focus on getting your code to market and selling it. If you focus on the customer you will by default 'outrun the bad guys' as Jesper Mortensen suggests.

It depends on your market. If you are planning to sell this to businesses, then it almost certainly does not matter. Businesses pay for software that provides more value than it costs. Furthermore, in general, they will not get your software from warez/crack sites. There's too much downside for them especially if your software is not providing enough value to justify buying it.

If you're selling to individuals, it might be important to obfuscate, depending on who the individuals are. Are you selling to a demographic that will steal software? If so, then by all means. If not, then it probably does not matter. Just make sure you make it easy for users to buy it and obvious to them that the software is not freeware.

If you're building a web application in .NET, why are you even concerned about obfuscation?! Your application lives on your servers, obfuscation adds very little protection for the hassle.

If I'm mistaken and this is not a web application, why would you choose desktop software in this day and age?