VSTO add-ins: Do I need extra code protection?

Question

I am developing a VSTO Word Add-In in Visual Studio 2015 using Visual Basic. The final .exe file is deployed using a Windows Installer (InstallShield to be precise). I want to protect my source code so my users cannot see or modify it. Can a user easily "crack" my software to see the source code? Should I need to get 3rd party code protection? Thank you.

Answer 1

Even if you Obfuscate you can (not as easy as non obfuscated, but still) reverse engineer .NET assemblies. I think what you are asking is a lot easier than that. VSTO (is in fact plain .NET code) is not readable for the end user and without tooling -reverse engineering- can't edit the code. This is different compared to VBA where, if the project is not protected, the user can edit the code.

Unless you have some very secret code to protect I don't think you need to worry about the common end user editing your .NET (VSTO) code, it requires some skills to at least be able to decompile edit, deploy and make it run again after editing.

An alternative could be to code sign your assembly and allow Office to only run your code signed assemblies. Even if they manage to break your code they still can't run it as it is no longer code signed.

Answer 2

VSTO, as all .Net assemblies can easily be decompiled. I recommend you to obfuscate your code. It won't totally protect your VSTO (because it is impossible) but it will make it much more difficult to crack it.