TNX Rob - Re: Security of non-server code?
You are one of the thread responders I always following. Thanks for the
info. No question, native code is deconstructable given time. But for
really large (6MB+ programs) it will keep the amateurs at bay. Many of
my clients programs are EXEs & DLL's that approach 30MB. Definitely a
long assembler listing. How long ago was your post so that I might
follow it? My plan was to install on a single machine and XCOPY to
the other machines (CD actually) and since all the machines have the
same CPU (possible different step number on the P5) then it seems I
don't have a problem. 8-)
"Rob Teixeira" <RobTeixeira@@msn.com> wrote:
>"Patrick Ireland" <email@example.com> wrote:
>>In the current issue of VBPJ there is an article on the lack of code
>>security for disktop applications with any of the NET managed code
>>languages. I was under the opinion (wrongly apparently) that when and
>>install of a NET application is made that the IL code was not placed on
>>the target machine. Many of my clients have $$ invested in their apps
>>and for sure don't want the possibility of easily reverse engineered code
>>being distributed. Is my understanding flawed? If desktop apps must be
>>distruted in an IL form is this to be addressed in a future NET release.
>It's the same issue Java faced before with it's I.C.
>I believe this article is bit exagerated. MS will provide an obfuscator
>for the IL, if prefer the terminology), which is the same solution Java
>for it's I.C.
>As I mentioned in a different post, even PE "native" code is easily deconstructable
>by anyone with some assembly knowledge and a good hex editor (and lots of
>time on their hands). The only way to protect native PE code was to encrypt
>it as well. So basically, nothing's changed all that much. Sifting through
>a "real" program in IL is not much different than sifting through hundreds
>of thousands of lines of assembly, which is what hackers currently do.
>But there's also another point to make. You do not have to distribute the
>IL code per se. The IL can be "compiled" to native code either by the JIT
>at runtime, or *during install*. If it is turned to native code during install,
>the stuff on the client machine is pure native PE (without the IL embedding).
Top DevX Stories
Easy Web Services with SQL Server 2005 HTTP Endpoints
JavaOne 2005: Java Platform Roadmap Focuses on Ease of Development, Sun Focuses on the "Free" in F.O.S.S.
Wed Yourself to UML with the Power of Associations
Microsoft to Add AJAX Capabilities to ASP.NET
IBM's Cloudscape Versus MySQL