I know this sounds like a common topic, but hear me out :)

I'd like to make my application a trial version. I don't have any problems with *how* to do it (disabling certain application features after set number of days, etc), but rather how to do it as foolproof as possible. Most posts I've searched for recommend using registry keys to set the install date and check against that on program start-up. But that's exactly where most people would look for such a key, and delete it. Checking for the existence of the key on program start-up is one way to protect against the key being deleted, but then they can just reinstall the software and be able to use it again for the next 30 days, etc. Thus, a neverending circle.

So, any other ideas? Or some obscure, hard-to-find (yet acceptable) location to save such a registry key? Or, well, anything?

the problem with finding new and interesting ways to hide your data is that in attempts to thwart virus attacks and unwanted software Microsoft has limited the access to many areas of the registry and hard-disk. So that keeps you from getting too creative.

there is NO guaranteed way. If someone knows their way around windows well enough they will always be able to find a way around your trial version. if you name the registry entry something that has nothing to do with your application, then its going to be less likely a user will find it with a simple search. but using programs that watch for changes in the registry when a program is installed or first run. they can find your registry entry and can change it.

if you save your data to a file, they can still find it and changed it. which leads to the newest method used by Adobe. the internet validation. Every time you open PhotoShop CS4. it connects to the internet and checks if the user's key is a valid key, and if it isn't then the program wont work, if the app can't get to the net. it simply works. but you could easily make your app not work if that were the case. Then when people download your app, or first run it. you could have it contact a webserver and create a key for them, attach to that information when the evaluation started, and use the server. Still. This can be difficult to manage.

But there is no foolproof guarantee. the Evaluation software concept is really just that MOST users won't know how to get around it. And it's just an incentive for the users to pay for the software. WinRAR is an interesting example. it always works, even though technically its a trial version. it has a nag screen saying you should buy it if you like it. and if you are a business you are viaolating the law using it unregistered.

Best of luck.

Yes, that's the biggest problem. What about some form of online activation? (Due to the nature of the program and its deployment goal, it can't check for validity whenever it starts, but it can do a once-off validation).

How would such a validation process work, in theory?

the problem with finding new and interesting ways to hide your data is that in attempts to thwart virus attacks and unwanted software Microsoft has limited the access to many areas of the registry and hard-disk. So that keeps you from getting too creative.

there is NO guaranteed way. If someone knows their way around windows well enough they will always be able to find a way around your trial version. if you name the registry entry something that has nothing to do with your application, then its going to be less likely a user will find it with a simple search. but using programs that watch for changes in the registry when a program is installed or first run. they can find your registry entry and can change it.

if you save your data to a file, they can still find it and changed it. which leads to the newest method used by Adobe. the internet validation. Every time you open PhotoShop CS4. it connects to the internet and checks if the user's key is a valid key, and if it isn't then the program wont work, if the app can't get to the net. it simply works. but you could easily make your app not work if that were the case. Then when people download your app, or first run it. you could have it contact a webserver and create a key for them, attach to that information when the evaluation started, and use the server. Still. This can be difficult to manage.

But there is no foolproof guarantee. the Evaluation software concept is really just that MOST users won't know how to get around it. And it's just an incentive for the users to pay for the software. WinRAR is an interesting example. it always works, even though technically its a trial version. it has a nag screen saying you should buy it if you like it. and if you are a business you are viaolating the law using it unregistered.

Best of luck.

There is a database on a webserver somewhere that holds Keys and the date&time they were activated/issued. Either set up a site that issues keys, or integrate it into the application. Have this system generate a key and add that to the database with the current date&time. then the application can contact the database, if the application's key isn't in the database instruct the user that their key is invalid and exit the application. if the key is in the database check the user's current time vs. the database's start time and determine if the trial is still active. else take appropriate action.

There really is no fool-proof way, for any application written in any language. For C#, someone could maybe use Reflector and then see what creative registration processes you have written, unless if you obfuscate the code, which only makes it harder, never fool-proof.
Good luck.

There is a database on a webserver somewhere that holds Keys and the date&time they were activated/issued. Either set up a site that issues keys, or integrate it into the application. Have this system generate a key and add that to the database with the current date&time. then the application can contact the database, if the application's key isn't in the database instruct the user that their key is invalid and exit the application. if the key is in the database check the user's current time vs. the database's start time and determine if the trial is still active. else take appropriate action.

That would mean issuing each setup package of the app with a unique built-in key though, right? To check against the database. Or not?

nah, when they download the setup from a site, the site would prompt them for an email address and mail them a key they would have to enter in the program before the program would work.

Its not a simple solution. But fairly effective.

It doesn't have to be simple, it just has to work :P

I've been brainstorming a bit, and there's one thing that's bothering me a bit about a system like that - if it only validates/activates once, then the activation status still needs to be saved on the computer, probably in the form of a registry key. Which brings us back to square 1, or am I missing something?

Also You may want to obfuscate your code using some free obfuscator... look at sourceforge, so that no one will understand your code if decomipled :D

The only way against this is to check with a remote license service instead of storing the data on the local system. You may want to have a look at a tool like CryptoLicensing which has this option.

Any reason you resurrected an eleven month old thread? The user who asked the question hasn't logged on in ten months, so I doubt they will see your answer.

This article has been dead for over six months. Start a new discussion instead.