Encrypting data and software vendors turning their applications into black boxes are totally different things. Data is passive. It doesn't do anything on its own. On the other hand, applications are active. When you install an application on your computer it's going to do a lot of thing there, which is where the problem is. If that application is obfuscated with tons of anti-debugging tricks I can't verify that it doesn't expose my computer to vulnerabilities and I can't verify that it's not doing anything malicious (any functionality that's not disclosed upfront is malicious functionality).

This is similar to boarding a plane. You can't get on a plane without being screened simply saying, "Trust me I'm not going to do anything bad on the plane". If you have a gun in your pocket you can do all sorts of things and nobody will take that chance and simply trust your word.

Now if we are talking about data encryption and the airplane analogy then it'll be like transporting a dead body in a box. He might have a gun in his pocket, but he's not going to use it :-)

Applications = active code
Data = passive information
Obfuscated data != Obfuscated application

The bottom line, people need to start refusing to use software filled with anti-debugging and obfuscation tricks because to achieve this so called protection that software ends up taking over your entire computer crippling its functionality, affecting its performance, breaking other applications, and overall preventing the user from being able to secure his/her own computer. This is simply unacceptable.

I don't know if Chris knows much about those anti-debugging and obfuscation techniques, but, as somebody who actually deals with those things at the low level, I can tell you that the overall effect of that protection of the system is horrible. They install all kinds of low level drivers, they install a lot of different system hooks, etc. It's fine if software utilizes anti-disassembly tricks to make it harder for people to reverse engineer their code, but when that software protection acts like a virus it's a totally different story.

These days the security software (AV products, etc) can't rely on simple binary signature scanning. It has to be able to understand and follow the operation of the applications running on the computers. Having blackbox application prevents the security software from doing its job properly. Even if you trust the "protected" software publisher. That software will have vulnerabilities that WILL be exploited turing the application from a good application into a bad application and if that application is a blackbox than you are done :-) Consumers have too much to loose.... A security compromise can destroy a person's life once his/her identity and money are stolen.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/498/35437#35437