|
APPLICATION SECURITY
CodeArmor 2.2 for Microsoft .NET
REVIEWED BY STEVEN WEIL
V.i. Labs
Price: Starts at $18,500 for enterprise applications
Crackers use sophisticated debuggers, disassemblers, virtual machines, and other reverse engineering tools to undo software protection mechanisms. The result? Your company's products can become part of the multi-billion dollar software piracy industry, you intellectual property could be stolen, or your code compromised by embedded malware.
CodeArmor 2.2 for Microsoft .NET is among a class of application hardening products that can protect an organization's applications without requiring their modification. Using deep encryption techniques, it is designed to frustrate even highly skilled crackers. It provides stronger protection than standard obfuscation techniques used by developers, available license protections or hardware dongles, which can be bypassed.
| Configuration and Management | B+ |
Installation was fast and easy. CodeArmor runs on Windows XP/2003/Vista and can protect .NET 2 and 3 applications. The software's useful documentation and intuitive interface made it easy to use.
Simply select a .NET executable file, its associated DLLs, and specific functions to protect. CodeArmor then encrypts the selected functions (128 bit RC4 or AES) and embeds a security event monitor in the application. CodeArmor's search interface makes it easy to locate, then protect specific application functions.
CodeArmor does not require modification of source code or creation of additional application files.
Controls are very granular and flexible; you can select specific application functions and then define how those functions will be protected. For example, during beta testing, you may want to protect many of the application's functions. However, after it's released, you may only want to protect the code that generates the application's license or that initiates encryption.
By default, CodeArmor handles all application exceptions (e.g., an invalid handle or access violation); such exceptions are often caused by cracking attempts.
CodeArmor can also be configured to prevent an application from running within a virtual machine (a technique commonly used by crackers) or stop other processes from accessing the application.
CodeArmor's reporting is somewhat limited. It can produce a very detailed log file when the application is initially protected. However, we would have liked to see more logging of actions taken in response to attacks on protected applications. CodeArmor also does not have out-of-the-box" ability to generate alerts or send notifications of attacks. V.i. Labs says that custom extensions can be created for notifications and event logging.
When a protected application is launched, CodeArmor decrypts and then re-encrypts individual functions as soon as they are loaded to minimize the application's exposure to reverse engineering attempts. CodeArmor's security event monitor continually checks the runtime environment to detect any malicious tampering attempts, such as trying to attach a debugger to a protected application. If tampering is detected, the monitor shuts down the application.
We found CodeArmor to be very effective. We were unable to access protected .NET applications with a debugger or disassembler. Protected applications failed to start after we modified their .dll files with a hex editor. CodeArmor also enforced specific security settings, such as not allowing a protected application to run on a virtual machine.
We did find protected applications to be a bit slower; V.i.Labs states that the impact to application performance is usually about three percent.
CodeArmor is an effective, easy to use tool for protecting .NET applications but it has limited built-in reporting. It allows granular, portable control of applications without having to modify the applications.
Testing methodology: We installed CodeArmor on a Windows XP SP2 machine and tested it with a variety of .Net applications.
|
