Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

05:34 PM
Connect Directly
RSS
E-Mail
50%
50%

Do You Need to Obfuscate?

Did you know that when you create an application using Java or .net, anyone can drag and drop that executable to a free decompilation tool such as Reflector (for .net) and then be able to see all the source code behind it? Such examining of code and perhaps reverse engineering can be done for benign reasons - to debug the application, for instance, or to provide better training or support. But sneak-peeking at software code can also be done maliciously, by competitors, disgruntled employees or h

Did you know that when you create an application using Java or .net, anyone can drag and drop that executable to a free decompilation tool such as Reflector (for .net) and then be able to see all the source code behind it? Such examining of code and perhaps reverse engineering can be done for benign reasons - to debug the application, for instance, or to provide better training or support. But sneak-peeking at software code can also be done maliciously, by competitors, disgruntled employees or hackers who want to steal intellectual property or get into a computer system. Obfuscation software inserts additional code into an application to prevent a would-be IP thief or hacker from being able to reverse-engineer the code.Microsoft bundles a lightweight obfuscator in Visual Studio that it OEMs from PreEmptive Solutions. PreEmptive also offers a heavier-weight, corporate version. The obfuscator notifies a company when its software has been tampered with. According to Sebastian Holst, senior vice-president of PreEmptive, the tamper notification service is like a smoke detector in that it's inexpensive and easy to use yet it could potentially help you avert catastrophe. The software is priced at $5,000 per build machine; a typical enterprise license is $25,000. Next week, PreEmptive will come out with a "thermostat": dashboards and benchmarks that keep track of software performance and vulnerabilities.

Is this a vital area that Wall Street firms should be focusing on now? Not quite, according to Joseph Feiman, vice-president and Gartner Fellow. While he feels application security, particularly for web-based applications, is a very important issue for Wall Street this year (we'll be following up on this at a later date), he sees obfuscation as a small subset of the broader application security problem. "As long as companies' software and their intellectual property stay within the premises, they're safe," he says. "Where obfuscation useful is where applications leave the enterprise." So if a Wall Street firm shares its applications with partners or customers, then it might want to consider obfuscation, as should a company that doesn't trust its own employees who use sensitive applications.

Register for Wall Street & Technology Newsletters
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.