On Thu, 19 Jul 2012 21:08:47 -0400 Glenn and Mary Everhart <[email protected]> wrote:
> If you have a piece of code that you don't want malware to be able > to inspect, that might perhaps > have some "secrets" in it or that you want not to be trivial to > have some other code patch, > why not arrange for that code to be different in form (but the > same in function) with every copy? It isn't very realistic because wherever you put the code, in whatever native form, you first have to decode it to RAM for execution; and if this code is a piece of crap, it'll stay a piece of crap. Furthermore, obfuscation can "talk to you" when you're used to review tons of code (haaa, apple][ nibble counts and other "protections", where did ou go?:), and sensibly slows down programs responsiveness. The base of the problem isn't obfuscation but producing good and tested code, AND reacting fast when a flaw is discovered. This is what most of open-source coders fight to do and what big corps strive to avoid. In this matter, everybody's here knows that threatening these corpos of a full disclosure is the only way to go, because they're like kids that won't grow up and seek the least effort possible & max benefit way - in a word, they're irresponsible. JY -- <lily34> were made one for each other <lily34> we'll marry <lily34> we'll have many children <EthanQix> :/ <lily34> like Roméo and Juliette :D <EthanQix> hmmm you apparently didn't finished the book. <lily34> ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
