Software Security And Code Integrity
2012-03-28 John Poulson
Hackers are out there. So you can't take for granted--now or ever--that it won't happen to you. Achieving software security is a complex problem; what's amazing to me is how often the bad guys get in because someone left the door unlocked. SQL injection attacks, for example, should NEVER happen but they do, and with big consequences.
There's another aspect to software security that's frequently overlooked. If you're distributing application code--executables--how can you be sure that what your user is getting hasn't been tampered with?
How could that happen? Obviously one way is through counterfeiting. A company purports to be a legitimate reseller of your product, but what they're really selling is a cracked version with some malware injected. Like a keystroke logger. Another possibility is you have a freely available demo or trial version with no copy protection (after all, you want people to try it and share it). But a copy with malware starts circulating.
Finally, in critical areas like health care, aviation, or EMR systems you need to be able to assure the users of perfect code integrity all through the distribution pipeline. Anything that can compromise software security of systems with potential life-threatening consequences for failure must be eliminated.
One solid, easy-to-implement method to increase software security ensure code integrity is, of course, to deploy CodeMeter. With either a CmDongle (maximum software security) or CmActLicense (very strong security). With CodeMeter even changing a single bit in the protected executable will prevent the application from running. If it runs, you know you have perfect code integrity from the software developer to the end user. Software security doesn't get any better than that.
Sr. Account Manager
John went to work back in 1987 for what arguably might be the first company in the world to offer a way of protecting software with hardware. This company developed a "back-plane" device to protect a proprietary operating system for a Data General computer. He has since worked for several software security / licensing companies and beginning in 1999, with Wibu-Systems. He has seen the technology move from simple laser holes burned into 5-1/4" floppy disks to the innovative, sophisticated, encryption based smart card technology, first introduced to the world in the CodeMeter platform.