.NET equals Efficiency

[Rob Teixeira]

I understand this viewpoint perfectly.
Which is why I've been saying all along that people need to take steps to
protect their code (as much as possible anyway). In the response to Bill,
I included one way of doing it with MSIL.

I know you feel safer with native code, because in that model, you beat the
odds. However, (and I'm trying to find the link now) there was a guy who
cracked a VB app a while ago simply because he got pissed at the product
support people (and disabled both their no-save and nag feature). He even
posted how he did it on a web-site. And believe me when I say it was *trivial*!


-Rob


<dv> wrote:
>Rob,
>
>Not to defend the PhD-izzy but there are big differences between the
>real-world "security" of the assembly code and the IL. Now, both are not
>secure but it is easier to "work" on the IL then on the assembly code. Let
>me give you an real world example. Our company sells the VB application
>already for little over 2 years and we do provide trial version download.
>We've got some stuff in the code that shows the nag screen etc. but the
main
>thing is that trial version cannot be unlocked. So, for over 2 years nobody
>has broken that, it is compiled as a native code application not the p-code.
>Now, we released the .NET application, same trial version scheme and it
>cannot be unlocked, and after couple of weeks the broken version where IL
>code was modified and protection is removed is floating around.
>
>Now this would lead you to believe that assembly code is more "secure" and
>based on our experience it really is. Both are not 100% but, the IL version
>is hurting our bottom line more than the natively compiled code... That
is
>the difference.

[W.E.(Bill) Goodrich, PhD]

In article <3c7d0afb$1@10.1.10.29>,
"Rob Teixeira" <RobTeixeira@@msn.com> writes:

> "W.E.(Bill) Goodrich, PhD" <bgoodric@netzero.net> wrote:

> >You are, with your all-or-nothing claims about security. You keep
> >trying to claim that since something is not *absolutely* protected
> >it therefore is "not secure".

> Well, if you put in those terms, it isn't. Being secure is like being
> a virgin - you are, or you aren't. If there's a way to get in, it's
> not secure. Plain and simple.

Do you ever bother to lock your front door? Why?
Do you ever take the keys out of your car and lock it? Why?
Do you avoid posting your credit card numbers and expiration dates to
public areas of the internet? Why?

You have gotten so lost in your desperate attempt to defend your
beloved .NET that you have wandered off the edge of the world.

In the real world:

- locked doors are *more secure* than unlocked doors

- locked doors with locked deadbolts are *more secure* than simple
locked doors

- locked and deadbolted armored doors with armored frames are *more
secure* than locked and deadbolted hollow wooden doors in pinewood
frames

- An armored room with no windows and with locked, deadbolted armored
door(s) and frame(s) is *more secure* than a wooden room with
windows and wooden doors in wooden frames.

.... and none of them is 100% "secure".

By your reasoning, we shouldn't bother with locks or deadbolts since
they do not make our homes *more secure* than they would be without
them. And that is patent nonsense.

> All you're whining about is how much obscurity it takes to make you
> sleep better at night.

You are the one whining - whining that we are being "unfair" to your
beloved .NET by accurately pointing out that MSIL is less secure than
native code. So you try to derail the issue with your "virginity"
nonsense and your unsubstantiated claims of decompiling miracle tools.
But the fact remains that native code compiles are *more secure* than
MSIL in the real world. And modified native code .EXEs are *more
secure* than unmodified native code .EXEs. No amount of your rhetorical
games will change those facts.

[...]

> In summarization, you stated that .NET programs aren't suitable
> for desktop/traditional/shrink-wrap/ [insert your lame word
> of the day here]

Another clear sign of your desperation.

> programs, whereas other compilers are, because (one of the reasons
> being) .NET produces IL and other compilers produce native binary Op
> code.

It is relevant to note a fact you are leaving out here. As part of the
statement that MSIL is unsuitable for such applications, I pointed out
the *trivial ease* with which MSIL can be converted back to a
reasonable and useful facsimile of the original source code. And
others here reiterated the earlier point that Micro$oft even *supplies*
a tool for such decompilation, and that the feeble "lock" flag that
Micro$oft provided for was trivially easy to circumvent.

> When I stated that you can indeed get source code back from native
> Op code,

A statement that you have yet to substantiate. And that you made in
feeble response to the above described statements about the trivial
ease with which the MSIL can be decompiled. ANd your specific claim
was that you could easily (with tools in your possession) get source
code back from *my* native code distribution files.

> you immediately interjected that

.... SOME of ...

> your particular code uses post-compilation hacks and tools to
> deceive dissassemblers and decompilers

Right. When I want my releases to be *even safer* than regular
native code files.

> - which means you don't trust your earlier assertion that native
> code is safe,

There you go again. My assertion was that native code is *safer* than
MSIL - a fact that you keep trying to twist your way out of. The
"hacks" as you call them merely provide an *additional* layer of
security, making those files *even safer* than the unmodified native
code.

> and rely on further obscuring your code - only acknowledging what
> I've been saying all along.

Nonsense. My statements do nothing to support your preposterous all or
nothing characterization of security. And your unsubstantiated claims
to have found tools which can recover source code from VB6 native code
compiles - specifically, from *my* VB6 native code - do nothing to
answer the fact that Micro$oft itself supplies a tool for "recovering
source code" from MSIL, and that hardly a week goes by without
someone posting (on various Micro$oft related newsgroups and web pages)
pointers to versions of that tool which circumvent the pathetic
Micro$oft flag.

If you have to rely on such pathetically transparent games in order to
pretend that there is some validity to your position, is it really
worth going through the motions of supporting that position? Do you
really think you will sucker some clueless newbie into accepting your
claims? Even your fellow .NET cheerleaders know better.

--

W.E. (Bill) Goodrich, PhD

*-----------------------*--------------------------------------------*
* CHANGE YOUR SEXUALITY * http://www.nyx.net/~bgoodric/ctg.html *
* * *
* Without Aversive * ctgcentral@earthlink.net *
* Behavior Modification * Creative Technology Group *
* or Drugs * PO Box 286 *
* * Englewood, CO 80151-0286 *
*-----------------------*--------------------------------------------*

[Phil Weber]

PhD: Are you a psychotherapist? Your Web site would seem to indicate that
you are, but your arrogant and contentious online persona makes me wonder
how effective you can be in a field based on cultivating trusting
relationships with other people?

Just curious...
---
Phil Weber

[W.E.(Bill) Goodrich, PhD]

In article <3c7e8681$1@10.1.10.29>,
"Phil Weber" <pweber@nospam.fawcette.com> writes:

> PhD: Are you a psychotherapist?

Why, are you looking for one? I am not accepting new clients at
the moment, but if you list your specific symptoms I might be able to
recommend someone in your area.

> Your Web site would seem to indicate that you are, but your arrogant
> and contentious online persona makes me wonder how effective you can
> be in a field based on cultivating trusting relationships with other
> people?

Are you suggesting that I should treat you .NET cheerleaders as
patients and offer you treatment over the internet? While a few of you
come across as actively delusional, I seriously doubt that any of you
qualify for that type of treatment.

If you find your way into some of the professional Listservs, you will
find that many of the psychotherapeutic community (psychotherapists,
psychologists, CSWs, MFTs, psychiatrists, etc.) are quite contentious
online. There is a difference between the appropriate professional
demeanor when engaging in a Dr./patient or therapist/client
interaction and the effective ways to engage in online debates and
the like.

But wouldn't you have declared such a question "off topic" if it had
been posted by someone else? My training, education, and practice of
psychotherapy is irrelevant to the issues surrounding VB.NET (other
than as it relates to the aberrations of some of the pro-.NET camp).

--

W.E. (Bill) Goodrich, PhD

*-----------------------*--------------------------------------------*
* CHANGE YOUR SEXUALITY * http://www.nyx.net/~bgoodric/ctg.html *
* * *
* Without Aversive * ctgcentral@earthlink.net *
* Behavior Modification * Creative Technology Group *
* or Drugs * PO Box 286 *
* * Englewood, CO 80151-0286 *
*-----------------------*--------------------------------------------*

[Zane Thomas [.NET MVP]]

On Thu, 28 Feb 2002 13:17:39 -0700, "W.E.(Bill) Goodrich, PhD"
<bgoodric@netzero.net> wrote:

>> PhD: Are you a psychotherapist?
>
>Why, are you looking for one? I am not accepting new clients at
>the moment

Gave up trying eh? Guess that explains why you have so much time to write
so many long and deceitful posts.


--
When freedom is outlawed
only outlaws will be free.

[Zane Thomas [.NET MVP]]

On Thu, 28 Feb 2002 13:17:39 -0700, "W.E.(Bill) Goodrich, PhD"
<bgoodric@netzero.net> wrote:

>If you find your way into some of the professional Listservs, you will
>find that many of the psychotherapeutic community (psychotherapists,
>psychologists, CSWs, MFTs, psychiatrists, etc.) are quite contentious
>online.

A natural consequence of a "profession" so filled with frauds, puffed-up
egotists, and those who have no theoretical underpinnings for their
so-called disciplines.


--
When freedom is outlawed
only outlaws will be free.

[Patrick Troughton]

"W.E.(Bill) Goodrich, PhD" <bgoodric@netzero.net> wrote:
>
>There is a difference between the appropriate professional
>demeanor when engaging in a Dr./patient or therapist/client
>interaction and the effective ways to engage in online debates and
>the like.

Are you implying that you you've been effective in this newsgroup?

>My training, education, and practice of
>psychotherapy is irrelevant to the issues surrounding VB.NET (other
>than as it relates to the aberrations of some of the pro-.NET camp).

If you believe your training and education (of psychotherapy) is "irrelevant
to the issues surrounding VB.NET" then why do you list them on each and every
post you make to this newsgroup? Not to mention the "CHANGE YOUR SEXUALITY"
tagline? Do you ever bother *reading* you posts before posting them? Perhaps
if you did, you wouldn't look like such an idiot so much of the time in this
newsgroup.

(Please excuse the word "idiot". I don't mean it as an insult. I just couldn't
think of any other word that would accurately describe you without losing
meaning.)

/Pat

[Robert Lantry]

"Patrick Troughton" <Patrick@Troughton.com> wrote:
>
>"W.E.(Bill) Goodrich, PhD" <bgoodric@netzero.net> wrote:
>>
>(Please excuse the word "idiot". I don't mean it as an insult. I just couldn't
>think of any other word that would accurately describe you without losing
>meaning.)
>
>/Pat

erm...meaning, he's an idiot?

[Phil Weber]

> Why, are you looking for one?

PhD: As a matter of fact, I am. After having encountered you, I'm concerned
that I may end up with a therapist who pretends to be empathetic and
non-judgmental in my presence, but who is in fact self-important and in love
with the sound of his own voice.

> Are you suggesting that I should treat you .NET cheerleaders
> as patients...?

I'm suggesting that if you behave with clients in a way that's apparently
the opposite of your true personality, that's duplicitous, and would seem to
me to undermine trust. Aren't you concerned that your clients might see some
of your online exchanges? Wouldn't it be detrimental to their therapy if
they feel you're being less than honest with them?

> But wouldn't you have declared such a question "off topic"
> if it had been posted by someone else?

You're right, I probably would eventually have asked that this conversation
be taken to the off.ramp (you'll note, however, that I've said nothing about
the recent Stephen King or Peoria, IL exchanges, so no, I don't immediately
object to any off-topic post). I'll set this post's followup-to header to
that group, and look for your reply there.
---
Phil Weber

[Rob Teixeira]

"W.E.(Bill) Goodrich, PhD" <bgoodric@netzero.net> wrote:
>
>You have gotten so lost in your desperate attempt to defend your
>beloved .NET that you have wandered off the edge of the world.

First of all Bill, in your desperate attempt to denegrate .NET in favor of
VB6 and to make yourself out to be an authority on all things computing,
you are ignoring the meaningful discussion behind the topics here, instead
wandering off into your simplistic assignments and categorizations. My "beloved
.NET"? What the **** is that all about? It's a tool, just like VB6 was. If
i was truly in the simplistic "cheerleading" categorization you love to use,
I'd be telling you there's no problem at all, which I clearly am not.

>By your reasoning, we shouldn't bother with locks or deadbolts since
>they do not make our homes *more secure* than they would be without
>them. And that is patent nonsense.

I see logic isn't one of the courses necessary for a PhD in your field.
If this is what you took out of the whole discussion, and is your conclusion,
you are way off base.
The point is that all code is vulnerable, and you need to invest in "locks"
if security is a concern to you. This applies to native Op code and MSIL
and Java bytecode.

More about the BS you state conserning the inability to MSIL more secure
later later...

>You are the one whining - whining that we are being "unfair" to your
>beloved .NET by accurately pointing out that MSIL is less secure than
>native code.

Actually, I made a two sentance statement. You replied with a long list of
whining. Plus, I never said anything about "unfair". I'm laying out a number
of issues people need to look at. You on the other hand, are getting defensive
that somebody isn't jiving completely with your point of view.

>But the fact remains that native code compiles are *more secure* than
>MSIL in the real world. And modified native code .EXEs are *more
>secure* than unmodified native code .EXEs. No amount of your rhetorical

>games will change those facts.

Fine. Then by that standard, modified MSIL assemblies are *more secure* than
non-modified assemblies. And encrypted assemblies, which can't even be identified
as PE binaries, are *more secure* than native Op code binaries. I even showed
you how to do that, and you totally ignored the fact that I can demonstrate
how to make the IL assembly completely unreadable to any of the decompilation
tools you are talking about.

>Another clear sign of your desperation.

Look in the mirror sometime.

>It is relevant to note a fact you are leaving out here. As part of the
>statement that MSIL is unsuitable for such applications, I pointed out
>the *trivial ease* with which MSIL can be converted back to a
>reasonable and useful facsimile of the original source code.

And again, you are leaving out the fact that I showed you how to defeat that
conversion with *trivial ease*. So you *can* make MSIL "more secure" with
simple measures - which blows your argument completely out of the water.
You keep ignoring that.

>And others here reiterated the earlier point that Micro$oft even *supplies*

>a tool for such decompilation, and that the feeble "lock" flag that
>Micro$oft provided for was trivially easy to circumvent.

I guess in your "desperate attempt" (is that what you called it?) to defend
your position, you are ignoring the fact that I mentioned there are several
ways to make MSIL more obscure, and none of them included the "lock" flag
- the "/owner" switch BTW, in case you were wondering what it's really called.
And if people are posting all the time about how to get around it, they are
lemmings, because the /owner switch isn't a "lock" on the assembly, it is
a flag that prevents the ILDASM tool from displaying the disassembly of the
IL.

>If you have to rely on such pathetically transparent games in order to
>pretend that there is some validity to your position, is it really
>worth going through the motions of supporting that position?

Same question I asked you earlier.

>Do you
>really think you will sucker some clueless newbie into accepting your
>claims? Even your fellow .NET cheerleaders know better.

Interesting how easy it is to push your buttons
Also interesting on how you insist on drawing sides, and delegating people
to those categorizations. You don't see me associating you with some childish
group categorization - and if such categorizations were appropriate, i certainly
wouldn't call you one of the .NOT, if only to avoid insulting the intelligent
people who happen to not like .NET.

Bill, you're arguing like a little spoiled kid. All that needed to be said
has been said. Stop wasting everyone's time and bandwidth. Can't stand not
being the last word though, right? Be my guest.

-Rob

[Zane Thomas [.NET MVP]]

On Thu, 28 Feb 2002 21:50:22 -0600, "Michael D. Kersey"
<mdkersey@hal-pc.org> wrote:

>Thank you for pointing that out!
>*PLONK*
>The signal-to-noise ratio of this newsgroup makes yet another dramatic
>increase!

ROFL!!!


--
When freedom is outlawed
only outlaws will be free.

[Kathleen Dollard]

Bill,

> But wouldn't you have declared such a question "off topic" if it had
> been posted by someone else? My training, education, and practice of
> psychotherapy is irrelevant to the issues surrounding VB.NET (other
> than as it relates to the aberrations of some of the pro-.NET camp).

I agree, it is annoying that you continue to waste bandwidth on an
advertisement in your sig that is irrelevant to all and offensive to some.
That you insist on a focus on your irrelevant endeavours says a great deal
aobut you.

Kathleen

[Mike Mitchell]

On Fri, 1 Mar 2002 07:37:24 -0700, "Kathleen Dollard"
<kathleen@mvps.org> wrote:

>I agree, it is annoying that you continue to waste bandwidth on an
>advertisement in your sig that is irrelevant to all and offensive to some.
>That you insist on a focus on your irrelevant endeavours says a great deal
>aobut you.

I think you are unfairly attacking the messenger because his message
doesn't accord with the .Net evangelism which is rife in this ng. This
seems to be a pronounced symptom of .Net zealotry, which no one can
fail to notice. It's almost as if you're all afraid of criticism!

MM

[Patrick Troughton]

kylix_is@yahoo.co.uk (Mike Mitchell) wrote:
>
>
>I think you are unfairly attacking the messenger because his message
>doesn't accord with the .Net evangelism which is rife in this ng.

Are you honestly saying you fail to see the inherent contradiction in his
post? I'll spell it out if you need me to.

>This
>seems to be a pronounced symptom of .Net zealotry, which no one can
>fail to notice. It's almost as if you're all afraid of criticism!

No one's afraid of *valid* criticism, Mike. No one's afraid of invalid criticism
either, but don't be surprised when it gets shot down. Stick to the facts.
Stick to the things you can back up and you'll do alright. What gets you
and others in trouble is when you make wild assertions and can't back them
up.

/Pat

[Jacob Grass]

> I think you are unfairly attacking the messenger because his message
> doesn't accord with the .Net evangelism which is rife in this ng. This
> seems to be a pronounced symptom of .Net zealotry, which no one can
> fail to notice. It's almost as if you're all afraid of criticism!

Wow, Mike, you are so right. . . Dr. Bill is the VB Messiah. I'd probably
be kissing his *** too if both your heads weren't in the way. . .

Jacob