.NET scurity(Please Read)

[Amir]

I had a question

I have been browsing Internet for a while and I have found out that .NET dll
files can be easily decompiled compare to C++ Made Dll files
now I am sure Microsoft is aware of this other wise they wouldn't include a
Dotfuscator with VS 2003

my question is
why weren't .NET compiled Dll files or exe files made more secure...meaning
harder for people to decompile


or is there any thing that Microsoft is doing on next release of .NET


because these dotfuscators the professional versions are very expensive and
if I am making a asp.net Application or any other .NET application
and I want to be sure my software is as secure as possible from a
hacker/cracker's eyes I have to spend a lot of money buying a Dotfuscator
that really works not a one that only changes every method and method names
to As and Bs ....they are some out there that make your Dll file
undecompiliable with any .NET decompiler
but like I said they are very expensive cheapest one I found was 700$


Thank you

 

[Cowboy \(Gregory A. Beamer\)]

I had a question

I have been browsing Internet for a while and I have found out that .NET dll
files can be easily decompiled compare to C++ Made Dll files
now I am sure Microsoft is aware of this other wise they wouldn't include a
Dotfuscator with VS 2003

my question is
why weren't .NET compiled Dll files or exe files made more secure...meaning
harder for people to decompile

The concept is eventually .NET can be moved to other platforms. Microsoft
currently has a source project called rotor that can compile for BSD, for
example. In order to do this, you compile down to a set of instructions that
can then be compiled to native code. But, the IL (Intermediate Language or
first compilation) can be interpreted by any system there is a .NET engine
for.

This is much like Java. Java is also easy to decompile without obfuscation.

or is there any thing that Microsoft is doing on next release of .NET

You will likely see better obfuscation, but the IL will still be there.

because these dotfuscators the professional versions are very expensive and
if I am making a asp.net Application or any other .NET application
and I want to be sure my software is as secure as possible from a
hacker/cracker's eyes I have to spend a lot of money buying a Dotfuscator
that really works not a one that only changes every method and method names
to As and Bs ....they are some out there that make your Dll file
undecompiliable with any .NET decompiler
but like I said they are very expensive cheapest one I found was 700$

If you can serve up the data, move the proprietary parts of your program to
web services. If you are selling a shrink wrap product, however, $700 is not
that bad. There are many tools far more expensive.

The Dotfuscator is not quite as bad as simply A and B. Admitedly it is not
as good as others. If you program with a lot of private functions, however,
even Dotfuscator can make it quite difficult to decompile and steal your
code. This will not stop the most skilled hacker, but neither will compiling
in C++, so all you can ultimately do is make things a bit harder.

There are also products that further confuse the process by adding an
encryption engine on top of the obfuscated assembly. The encrypt/decrypt
becomes part of the .NET system. I can see some code benefiting, but it is
more likely to be overkill.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************

 

[Amir]

Thanks for your reply

The concept is eventually .NET can be moved to other platforms. Microsoft
currently has a source project called rotor that can compile for BSD, for
example. In order to do this, you compile down to a set of instructions that
can then be compiled to native code. But, the IL (Intermediate Language or
first compilation) can be interpreted by any system there is a .NET engine
for.

Wait..back up Really?
..NET is going to be MultiPlatform ?
or did Misunderstood something?

You will likely see better obfuscation, but the IL will still be there.

by bet obfuscation do you mean MS is going to release a newer version of
DotFuscator with next release or VS.NET
or there is going be a built in obfuscator in .NET engine meaning when you
compile a dll it will save it using a secure method then a current method

The Dotfuscator is not quite as bad as simply A and B. Admitedly it is not
as good as others. If you program with a lot of private functions, however,
even Dotfuscator can make it quite difficult to decompile and steal your
code. This will not stop the most skilled hacker, but neither will compiling
in C++, so all you can ultimately do is make things a bit harder.

its never possible to compelety hide data from a skilled hacker
like you said the idea is to make life harder for them with the hope that
they might give up thinking
"ah man this is taking too much time"

 

[Amir]

opps
sorry i pressed send before spelling checking