Compiling your .NET application results in output assemblies that contain a great deal of meta information. This information makes it very easy to reconstruct something very close to the original code. An excellent free tool called .NET Reflector can be used to do exactly that and is a popular way to examine how the base class libraries work. Download and use that tool to view reconstructed C#/VB.NET versions of assembly contents.

If you're a commerical organization then you do not want people to find it easy to look at your expensive to produce code. A popular method is to use Obfuscation to scramble the contents in a way that does not alter how it runs but does make it hard to understand. Obfuscation uses techniques such as renaming variables and methods. Working out the purpose of methods 'a1', 'a2', 'a3' is much harder than the original 'GetName', 'UpdateInterestRate' and 'SetNewPassword'.

So using obfuscation makes it much harder for people to understand what you code is doing and the algorithms it uses. It does not however make it impossible. In the same way C++ code can still be understood by an assembler expert who is willing to spent time working through your binary, an MSIL expert can eventually work out your obfuscated code. But it increases the barrier to the point where few will bother trying.

DISCLAIMER: I don't work for RedGate the makers of SmartAssembly. I'm just a very happy customer who found a good, affordable solution.

The choice is very simple, choose SmartAssembly! Don't waste your time or money with the other obfuscators in the marketplace. I spent more money in terms of non-billable hours evaluating competing products. They all had fatal flaws and were next to impossible to debug. SmartAssembly is an easy-to-use, well documented, polished application with excellent support. Post a question on their forum and expect an answer reasonably fast by the actual developers.

SmartAssembly is more than an obsfuscator. It has a slew of features, including a built-in, highly customizable crash report generator that your customers can automatically email to you. You can view these reports on either your own server or on red-gates servers. I can't tell you how useful this is when you're beta testing or releasing the product to customers. It also generates debugger files so you can debug any post-release issues you may encounter with your obsfucated product.

If you are delivering a commercial application, it makes sense to spend the money on a decent obsfuscator. A bad choice here can compromise your intellectual property or worse lead you to days of gruesome debugging. What would this cost in comparison to what SmartAssembly costs?

Honestly, there isn't a lot you can do besides some obfuscation with tools like you mentioned. .NET is just a step above scripting languages, except the script commands are binary and are called IL. That's a little over simplification, but it's not too far off reality. Any good program written using Reflection can be used to reverse engineer .NET applications, or if you have enough knowledge, a good hex editor.

I've heard that Obfusticator is good; it's used on .Net Reflector.

There are several popular tools for obfuscation, including Dotfuscation, which has a "light" version that ships with Visual Studio 2005 and 2008. They have a Pro version that does more than just variable and function name renaming. However, the code is still viewable, it is just scrambled a bit to make it harder to read and grok the logic flow of the software.

Another technique is to use other programs that will encrypt the program, and decrypt it at runtime. However, this is not a perfect solution either. In fact, there is no perfect solution that I am aware of that will prevent a determined engineer from reverse engineering the software, if enough time and effort is applied to it.

What it really comes down to is determining the level of protection that will make it sufficiently difficult to dissuade the casual hacker, and make it as expensive to reverse engineer as you can, so at least the reverse engineering comes at a cost in either time or money, or ideally, both. The more expensive the reverse engineering costs, the fewer number of individuals that will be willing to put in the effort. And that is the big point to obfuscation.

Some think that using a compiler like the C++ compiler that compiles to native code will prevent this sort of reverse engineering, but it doesn't. A good disassembler will allow even pure binary executables to be reverse engineered, so therefore, a perfect solution does not exist. If the computer can read it and execute it, then the memory the computer is using can be scanned and tracked, bypassing all attempts to encrypt, obfuscate, or any other means of keeping your code out of the hands of a determined engineer.

Another is Crypto Obfuscator - its more affordable than some others, and has various obfuscation and protection methods to hinder the causal and not-so-casual hackers.