|
General
Is it hard to decompile a Java or .NET application?
Programs written for .NET are easy to reverse engineer. This is not in any way a fault in the design of .NET; it is simply a reality of modern, intermediate-compiled languages. The .NET Framework uses of expressive file syntax for delivery of executable code: MSIL (Microsoft Intermediate Language) for .NET. Being much higher-level than binary machine code, the intermediate files are laden with identifiers and algorithms that are immediately observable and ultimately understandable. After all, it is obviously difficult to make something easy to understand, flexible, and extendable while simultaneously hiding its crucial details.
So anyone with a copy of a free decompiler such as Reflector for .NET or JAD can look at your code and reverse engineer your source code. Suddenly, your software licensing code, copy protection mechanisms, and proprietary business logic are much more available for all to see - whether it's legal or not. Anyone can peruse the details of your software for whatever reason they like. They can search for security flaws to exploit, steal unique ideas, crack programs, etc. This should be enough to make you pause for thought.
With all of that said, this should not be a risk or a showstopper. Organizations concerned with their intellectual property on a Java or .NET platform need to understand that there is a solution to help thwart reverse engineering. Obfuscation is a technique that provides for seamless renaming of symbols in assemblies as well as other tricks to foil decompilers. Properly applied obfuscation can increase the protection against decompilation by many orders of magnitude, while leaving the application intact.
Also, since obfuscation indicates that the IP owner has taken measures to secure the IP obfuscating your .NET program may provide you with more legal options in the event it is required.
Lastly, Gartner has recommended obfuscation as a means to protect intellectual property from theft and vulnerabilities from exploitation.
TOP
Why do I want to protect my Java or .NET application from decompilation?
Stamping out vulnerabilities is the best thing - and doing so earlier is better than later - but no one can guarantee zero vulnerabilities. (If we could we would not see the continuous stream of patches and alerts from every software and system supplier under the sun.)
At least as important are the issues surrounding IP theft and piracy. These issues persist even with "vulnerability-free code."
Last, there are a number of scenarios where a tampered application plays a pivotal role (piracy, spoofing, malicious attacks, etc.) even if an application is released with no exploitable vulnerabilities. A tampered application may have some vulnerabilities introduced "post-production." The only defense in this last case is to "detect", "defend" and "notify" when tampered applications are run. This is uniquely offered within Dotfuscator and DashO.
TOP
How can a finished Java or .NET application be made smaller and more efficient without changing the source code?
The compaction or pruning process can remove all the unused classes, methods, instance variables, design time metadata, and actual bytecode to produce a much smaller application. In addition, correctly applied obfuscation techniques, such as PreEmptive's patented overload induction, can have a compacting effect. Due to its heavy reuse of identifier names, it saves significant space.
Note: this entire process is performed on bytecode or MSIL, not source.
The size reduction caused by compaction is literally staggering. Some customers have reported a 70% size reduction in their executable. We imagine those customers use large, third party libraries that were heavily trimmed. In our tests, we see a solid 30-40% shrinking in many applications.
Compacted programs tend to load faster and run on less memory. For many applications that are distributed on CD-ROM, the size of the application typically isn't a serious worry. However, more and more applications are involving a networked/distributed component, browser based, or written for embedded systems. In those cases, every byte counts and compaction is essential.
TOP
How do you watermark software and why would I use it?
Software watermarking is used to hide customer identification or copyright information within software applications, similar to how it is hidden within other digital content such as songs, movies, and images. A watermark can be used to identify owners of the software or to track the origin of a pirated copy.
TOP
What is Microsoft's Customer Experience Improvement Program?
The Microsoft Customer Improvement Experience Improvement Program (CEIP) is a voluntary program designed to help Microsoft product users improve product and features. For more information, click here.
TOP
|
