Re: CAN STRONG NAMES BE CRACKED?

From: SStory (TheStorys_at_TAKEOUTTHISSPAMBUSTERsofthome.net)
Date: 03/04/04

• Next message: Tom Shelton: "Re: non blocking console read"
• Previous message: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
• In reply to: Tom Leylan: "Re: CAN STRONG NAMES BE CRACKED?"
• Next in thread: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 3 Mar 2004 22:38:49 -0600

One more thought.
If you just work for someone else. I guess, who cares is the philosophy of
many..... not my problem.. not my money. But if you want to sell something
then it becomes a problem.

Hope you understand my point of view and don't take any of this in a evil
tone. I don't wish to sound offensive in any way. Just expressing my
opinion.

My 2 cents worth,

Shane

"Tom Leylan" <gee@iamtiredofspam.com> wrote in message
news:uh0FGqXAEHA.3248@TK2MSFTNGP11.phx.gbl...
> "SStory" <TheStorys@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote...
>
> Well Shane... if you promise not to get too crazy I'll talk it over with
you
> :-) You've brought it up before and even offered your opinion that
"anyone
> who wants to allow everyone to easily see their code is a moron." I let
it
> slide because I didn't need an argument...
>
> Security is a concern clearly. It would be hard to believe that large
> companies with software products to sell and larger companies making use
of
> that software wouldn't be interested in security. They are risking much
> more than (I imagine) you are in this case.
>
> > Well, what I want to do is insure that my dll is only called by my
exe...
>
> The first thing to consider is, is this a worthwhile goal? Perhaps it is
> _very_ important but do you really believe that I (for instance) intend to
> call your .dll if I could only get my hands on it? Again, it might be
very
> problematic but are you certain you aren't just imagining all these people
> who can disassemble and reverse engineer your creation but are unable to
> create similar software themselves?
>
> > I think one of three things:
> > 1.) Most people are using something else to not have to deal with this
> for
> > anything of real importance.
> > 2.) There is some solution but is hard to find.
> > 3.) Most people are insanely excepting the terrible security issues
that
> > Microsoft has presented us with with all this mess.
>
> Or 4) some combination of the above plus the knowledge that preventing
theft
> is trade-off. There is no perfect solution and there never will be.
That's
> why the music industry was worked up over music piracy and the movie
> industry is concerned about DVD piracy. Apparently illegal copies of "The
> Passion" (Mel Gibson's movie) are already available on the street. Would
> you like to purchase a fake Rolex watch?
>
> > How can you really distribute code--even a simple app, that needs to be
> > updated and all and get any revenue from your work, under these
> conditions?
>
> Yet people do it. WinZip is doing well (so far as I know) and I
registered
> my copy despite the fact that you don't have to in order to use it. How
> many illegal copies of most games and products like Norton Antivirus, MS
> Office, PhotoShop and such do you think there are? I found an estimate
from
> a few years back (and of course it is largely a guess) that estimated
piracy
> costs the software industry $2.6 billion annually. That's a lot of
> software.
>
> > Every ofuscator and encryption company claim to be the best.. Yet after
> > more than a week of reading and discussing I don't feel real good about
> any
> > of these solutions, and since code is so easy to decompile no solution
> seems
> > to offer much protection. Seems like a giant step backward.
>
> This isn't the first time. Java suffers the same problem (see: Mocha) as
> did VB3 and FoxPro and Clipper and other languages that produce
intermediate
> code. The step is "backwards" if decompiling is your primary goal. There
> are alternative goals and non-native code compilers fill that niche.
>
> > Am I missing something here? Is there a good solution? Will there be?
Or
> > should I just invest my time in learning something else that is more
> secure?
> > I'm really wanting some answers.
>
> There is no good solution for all sorts of things. You can be run over by
a
> car or your car can be hit by an uninsured driver. You can lose your
house
> in a flood or a tornado. You can get mad cow disease or the asian flu.
> Somebody can take the CD you distribute your software on and clone 1000
> copies of it.
>
> I'm not just making fun, seriously what measures would you suggest be
taken
> to insure you don't lose revenue and nobody else uses your .DLL? If you
> have a solution (and particularly if it can be applied to software, music
> CDs and movie DVDs) you are on your way to success. Everybody wants such
a
> solution, you aren't the first to ask for it and I'll wager the companies
> losing millions are as concerned as you.
>
> Should you invest your time learning something more secure? Sure, what
> would that be? Are the losses incurred by MS, Symantec, et.al. due to
their
> choice of language? Is it the O/S which you are going to change? Perhaps
> get into manufacturing goods, they're never stolen... banks are never
> robbed... Earth can be a dangerous place, people do stupid things for
> short-term gain... there is no technological solution to the clever,
> desperate, determined criminal. That's why they have jails :-)
>
> Tom
>
>
>
>

• Next message: Tom Shelton: "Re: non blocking console read"
• Previous message: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
• In reply to: Tom Leylan: "Re: CAN STRONG NAMES BE CRACKED?"
• Next in thread: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint