Re: A modest proposal

[Bzzz <lazyvirus () gmx com>]

On Thu, 19 Jul 2012 21:08:47 -0400
Glenn and Mary Everhart <everhart () gce com> wrote:


> If you have a piece of code that you don't want malware to be able
> to inspect, that might perhaps
> have some "secrets" in it or that you want not to be trivial to
> have some other code patch,
> why not arrange for that code to be different in form (but the
> same in function) with every copy?

It isn't very realistic because wherever you put the code, in
whatever native form, you first have to decode it to RAM for
execution; and if this code is a piece of crap, it'll stay a
piece of crap.

Furthermore, obfuscation can "talk to you" when you're used to
review tons of code (haaa, apple][ nibble counts and other
"protections", where did ou go?:), and sensibly slows down
programs responsiveness.

The base of the problem isn't obfuscation but producing good
and tested code, AND reacting fast when a flaw is discovered.
This is what most of open-source coders fight to do and what
big corps strive to avoid.

In this matter, everybody's here knows that threatening these
corpos of a full disclosure is the only way to go, because 
they're like kids that won't grow up and seek the least effort 
possible & max benefit way - in a word, they're irresponsible.

JY
-- 
<lily34> were made one for each other
<lily34> we'll marry
<lily34> we'll have many children
<EthanQix> :/
<lily34> like Roméo and Juliette :D
<EthanQix> hmmm you apparently didn't finished the book.
<lily34> ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/