Security Management Strategies for the CIO
This article can also be found in the Premium Editorial Download "Information Security magazine: Seven questions to ask before committing to SaaS."
Download it now to read this article plus other related content.
|
APPLICATION SECURITY
|
Requires Free Membership to View
Price: Starts at $18,500 for enterprise applications
Crackers use sophisticated debuggers, disassemblers, virtual machines, and other reverse engineering tools to undo software protection mechanisms. The result? Your company's products can become part of the multi-billion dollar software piracy industry, you intellectual property could be stolen, or your code compromised by embedded malware. CodeArmor 2.2 for Microsoft .NET is among a class of application hardening products that can protect an organization's applications without requiring their modification. Using deep encryption techniques, it is designed to frustrate even highly skilled crackers. It provides stronger protection than standard obfuscation techniques used by developers, available license protections or hardware dongles, which can be bypassed.
Simply select a .NET executable file, its associated DLLs, and specific functions to protect. CodeArmor then encrypts the selected functions (128 bit RC4 or AES) and embeds a security event monitor in the application. CodeArmor's search interface makes it easy to locate, then protect specific application functions. CodeArmor does not require modification of source code or creation of additional application files.
By default, CodeArmor handles all application exceptions (e.g., an invalid handle or access violation); such exceptions are often caused by cracking attempts. CodeArmor can also be configured to prevent an application from running within a virtual machine (a technique commonly used by crackers) or stop other processes from accessing the application.
We found CodeArmor to be very effective. We were unable to access protected .NET applications with a debugger or disassembler. Protected applications failed to start after we modified their .dll files with a hex editor. CodeArmor also enforced specific security settings, such as not allowing a protected application to run on a virtual machine. We did find protected applications to be a bit slower; V.i.Labs states that the impact to application performance is usually about three percent.
Testing methodology: We installed CodeArmor on a Windows XP SP2 machine and tested it with a variety of .Net applications.
|
This was first published in May 2008
Join the conversationComment
Share
Comments
Results
Contribute to the conversation