.NET Apps Get a Bodyguard

New shield for .NET-based applications intended to blunt access or changes to software code

Dark Reading logo in a gray background | Dark Reading

V.i. Labs next week will roll out software "armor" for Microsoft .NET Framework applications that hardens these applications so they can't be hacked or pirated, Dark Reading has learned.

.NET-based apps have been gaining traction in the enterprise: 36 percent of organizations recently surveyed by IDC said their mission-critical apps were built in .NET. Although v.i. Labs had mostly application developers in mind with the new CodeArmor for .NET Framework, it's also targeting enterprises such as financial institutions that build their Web services-based apps with .NET, says Victor DeMarines, vice president of products for v.i. Labs.

The company -- founded by the father of the commercial firewall, David Pensak, formerly of Raptor Systems -- is offering a new approach to shielding .NET-based apps. It uses a combination of encryption and run-time security monitoring that protects businesses from targeted attacks on their apps, such as tampering with a brokerage application, for instance. (See Startup Locks Down Apps.)

.NET Framework, like Java, uses an intermediate language that can easily be decompiled by widely available tools, which puts these apps at risk, DesMarines says. You can use obfuscation or other basic ways to try to protect the code, such as with source-code tools, but those methods don't stop an overt attack, he says: "There was nothing out there that provided active defense against reverse-engineering."

So if any malware or hackers were to get inside, CodeArmor protects the app from any modification or theft.

"It makes sure apps are protected when they go out -- for end users, etc.," says Diana Kelley, vice president and service director for the Burton Group. When an attacker reverse-engineers an application, he or she can steal data or use the app nefariously, Kelley adds.

In its "Hype Cycle for Cyberthreats, 2006" report last fall, Gartner identified reverse-engineering of enterprise apps as an emerging cyberthreat. (See Gartner Identifies Threat.) The bottom line, according to the report, is that it's all about financially driven cybercrime, and "increasingly complex and externalized IT environments can result in higher damage potential."

And .NET code and Java make it easier to reverse-engineer these applications, according to Gartner, which then enables attackers to probe for security vulnerabilities and steal intellectual property.

V.i. Labs' DeMarines says this has been a problem for some time for ISVs and it's only a matter of time before it becomes more widespread. The company has worked with some financial institutions concerned about the safety of their mission-critical apps, he says, although he can't name names.

CodeArmor for .NET Frameworks works with .NET 1.1, 2.0, and 3.0, and includes support for Windows Vista 32-bit as well as stand-alone DLL protection and ActiveX controls. It's priced at $18,500 for enterprises and on an undisclosed subscription base for ISVs and application providers. It ships next week.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights