A strategy I have seen implemented for this is to request a page from a website (google.com) and read the time header in the response to determine the true time rather than using the windows time (which can be changed by the user).
The only way that I know of circumventing this is that the user creates a local webserver and then points the website google.com (using the hosts file) to localhost.
I don’t mind the user using my software illegally if he is willing to sacrifice the homepage of the internet since I believe he will not be able to open google.com as long as his host file redirects google.com to localhost to fake the timestamp.
My question is : Is there any way that the user will still be able to open google.com and run my software illegally? (other than the obvious use of multiple machines)
Sure, they could configure their browser to use a proxy or, you know, just bookmark the IP address.
I don’t know what the state of the art with these things is, but wouldn’t it be enough to just keep track of the system time every time the app starts up, to see if it was rolled back?
Another common technique is to check the timestamps in a few common directories (system file, temp space, etc), if the clock was rolled back you’ll likely see some timestamps from the future.
Of course if you want to be really paranoid, you can have it authenticate against your own server, in some cryptographically sound challenge-response scheme. That one’s more likely to cause problems and annoy people, though.