V.i. Labs
News & Views
May, 2008 - Vol 1, Issue 5
In This Issue
CodeArmor: "A" for Effectiveness
Need for Internal Code Protection
Protecting Your Property
CodeArmor Demo
From Our Blog
Quick Links
Stat Watch

At least 90% of all software available on eBay is illegal.

Join Our Mailing List!
Greetings!
 
Welcome to the May issue of V.i. Labs News & Views. May is bringing increasing news about the need to protect your applications from tampering and code theft.
 
These stories provide a great backdrop to two articles about V.i. Labs' CodeArmor - a full product review in Information Security and an article about protecting Windows .NET applications in Redmond Developer News.
 
"A" for Effectiveness - Information Security CodeArmor Product Review
 
Information Security Magazine
By Steven Weil
 
When a protected application is launched, CodeArmor decrypts and then re-encrypts individual functions as soon as they are loaded to minimize the application's exposure to reverse engineering attempts. CodeArmor's security event monitor continually checks the runtime environment to detect any malicious tampering attempts, such as trying to attach a debugger to a protected application. If tampering is detected, the monitor shuts down the application.
 
We found CodeArmor to be very effective. We were unable to access protected .NET applications with a debugger or disassembler. Protected applications failed to start after we modified their DLL files with a hex editor. It enforced specific security settings, such as preventing an application from running on a virtual machine.
 
Protected applications ran a bit slower; V.i. Labs says that the performance impact is usually about 3 percent.
 
Infected Firefox Add-in Demonstrates Need for Internal Code Protection
 
We've seen this threat before in the software piracy world, where illegal versions of antivirus products have been distributed via P2P networks with embedded malware. This latest story demonstrates the ease in which malware can cloak itself and be distributed within a legitimate application.
 
Mozilla unwittingly shipped the "W32/Xorer.A" worm embedded in a Firefox language pack. Although the story discusses the need for frequent virus scanning, malware writers could ensure that each time the file embeds itself, its signature is jittered to avoid detection. Imagine a scarier scenario where an enterprise or financial application becomes infected (by a compromised machine, insider threat, or offshore development) and the malware buried within the application is then distributed across thousands of desktops. Programming techniques exist that obscure the malware within application binaries and prevent it from being detected by virus scanners.
 
One option is to use software protection technology. By embedding runtime monitoring capabilities within an application file, the application can ensure its own integrity and prevent it from running in a tampered state no matter where it is distributed.
 
In The News
Redmond Developer News 
 
Protecting Your Property

Obfuscating your source code
by Peter Varhol

"As you might guess, obfuscation only gets you so far. The end result is still IL code, albeit IL that's intentionally mangled. Your average programmer probably wouldn't bother trying to understand it, but to a top-notch IP thief -- or a hacker -- it wouldn't be that much of a challenge."
Protecting Applications with CodeArmor - Recorded Webinar
 
Did you miss our recent webinar with a live demonstration of CodeArmor?
 
Assessing Software IP RiskV.i. Labs' VP of Products, Vic DeMarines, provides an overview of the threats and risk factors driving the need for protection and presents a live demonstration on how to protect applications using CodeArmor.
 
Learn how you can:
  • Create a secure environment to control access to decrypted software
  • Prevent .NET decompilers from recovering representations of source code
  • Embed monitoring and encryption capabilities within existing applications without requiring source code modifications or additional application files
  • Verify the integrity of system DLLs at run-time
  • Employ comprehensive secure execution monitoring and advanced anti-debugging capabilities to prevent applications from being analyzed at run-time
 
 
Posts From the V.i. Labs Software Protection Blog
 
 
To be sure, most of the attendees were focused on traditional information security topics - authentication, access control, perimeter security, etc. But it was interesting to see the number of attendees and exhibitors who had already been thinking about protecting their applications from tampering or code theft (especially for those folks developing for Microsoft .NET). Even better, there were other exhibitors addressing various aspects of software protection - a positive sign of market interest and need.
 
Editor's Note: Be sure to view this blog post to see the celebs that we captured on video at RSA.
 
Thanks for reading this month's newsletter. Don't forget to check out the recent webinar on protecting applications with CodeArmor. As the story on the Firefox worm showed, the need for code protection is becoming more and more apparent as the support for CodeArmor continues to grow.
 
Keeping sending in those comments and ideas for articles and webinars!
 
Regards,
 
Michael Goff
V.i. Labs
 
©2008 V.i. Laboratories, Inc. All rights reserved. V.i. Labs, CodeArmor and the V.i. Labs logo, are trademarks of V.i. Laboratories, Inc. All other product and brand names herein are trademarks or registered trademarks of their respective owners.