How long will the best software-only protections last?

Hi,

I've seen/tested several software protections such as armadillo and asprotect. While I'm not all that good yet, from reading tuts on cracking Armadillo (Ricardo) and other protections I have not heard of a protection lasting more than a few weeks.

I know this question has been thrown around before (i.e., it is hopeless to protect against reverse-engineering because eventually with enough time it will be cracked). This is true with software-only protection, I wonder if it is with some of the new hardware dongles such as Rockey5. That one looks unique in that code is only run on the smartcard (it never gets executed on the CPU) so unless you RE the hardware/smartcard you are hosed.

My question is: Would it ever be possible to make software-only protection last a few months?? My guess is no. Seems like hardware is the only way to go.

For instance, if the protection were to crash the computer/delete files when something was tripped (but not immediately and it would have to detect virtual machines), and then morph itself upon running.. is this only a nuisance ? It would also have to have many sections encrypted, then decrypted when needed and reencrypted again (wouldn't this be removed like Ricardo does by debugging and stripping out the code upon decryption).

It seems like debugger checks, parent/child protection, crc checks, and everything else is just a nuisance. Any one have thoughts on this??