copy protection / IP protection

J

Jeffrey H. Coffield

Roedy said:
what are you referring to?
My current "PC" is an Alpha running OpenVMS. Alpha system, the previous
Vax systems the newer Itanium running OpenVMS do not allow user programs
to access system memory as they all implement virtual memory in
hardware. A virus has to be able to overwrite some part of the system to
infect it. There simply is no user mode address that corresponds to
system memory. There is no such thing as a buffer overflow allowing
access to memory not allocated to your user process. You would have to
write a device driver and have the system manager install it to gain
access to system memory. It is true that this hardware costs more that a
PC does, but when you factor in the time spent on trying to patch the
problem after the fact with anti virus software that is rendered
obsolete in a matter of hours, crashes etc., they are far cheaper.
System management on 14 systems that have a total of about 30,000
registered users takes me about 1-2 hours/month.

My point is that if a system is designed correctly from the start,
viruses etc. are not a problem. Included is the only OpenVMS virus
scanner (complete source code) I have ever seen.

$ WRITE SYS$OUTPUT "Starting OpenVMS virus scan..."
$ WAIT 00:01:00
$ WRITE SYS$OUTPUT "Virus scan complete. No viruses detected"
 
J

Jeffrey H. Coffield

Luc said:
"Jeffrey H. Coffield" <[email protected]> wrote in message
I assume you are alluding to Linux vs Windows or _insert believed superior
operating system here_ vs Windows.
The operating system is OpenVMS. The anti virus capabilities however
come from the correct use of hardware virtual memory management. This
adds a cost to the processor which so far has prevented it's adoption in
end user desktop systems. This is changing as the cost of hardware comes
down. My point is that the solution to all this virus crap is to design
a system that can't get a virus in the first place. Not try to patch up
a flawed architecture with even more flawed software.

What I see as a motivating factor to find a solution to viruses is the
increased awareness by large companies of the vulnerability of servers
that hold personal information, particularly credit cards. The large
credit card companies are slowly taking a more and more firm approach to
security as they are the ones who eat it when a credit card is stolen.
The current security scan that is required not by law, but required by
the credit card companies to do credit card processing on a large scale
was over 11,000 network tests looking for holes. About 1/3 were IIS
holes, 1/3 were PHP holes and the rest were an amazing variety of ways
to trip a server. This caused us to move off Linux/Apache for the front
end to an all OpenVMS system front to back. After the move none of the
attempts were able to successful. Obviously this is only part of a total
solution to a secure environment as there are still DOS attacks that can
effectively take a system off the Internet, physical security of
backups, etc.

Jeff
 
J

Jeffrey H. Coffield

Roedy said:
what are you referring to?



My current "PC" is an Alpha running OpenVMS. Alpha system, the previous
Vax systems the newer Itanium running OpenVMS do not allow user programs
to access system memory as they all implement virtual memory in
hardware. A virus has to be able to overwrite some part of the system to
infect it. There simply is no user mode address that corresponds to
system memory. There is no such thing as a buffer overflow allowing
access to memory not allocated to your user process. You would have to
write a device driver and have the system manager install it to gain
access to system memory. It is true that this hardware costs more that a
PC does, but when you factor in the time spent on trying to patch the
problem after the fact with anti virus software that is rendered
obsolete in a matter of hours, crashes etc., they are far cheaper.
System management on 14 systems that have a total of about 30,000
registered users takes me about 1-2 hours/month.

My point is that if a system is designed correctly from the start,
viruses etc. are not a problem. Included is the only OpenVMS virus
scanner (complete source code) I have ever seen.

$ WRITE SYS$OUTPUT "Starting OpenVMS virus scan..."
$ WAIT 00:01:00
$ WRITE SYS$OUTPUT "Virus scan complete. No viruses detected"
 
T

Timo Stamm

Jeffrey said:
My point is that if a system is designed correctly from the start,
viruses etc. are not a problem. Included is the only OpenVMS virus
scanner (complete source code) I have ever seen.

$ WRITE SYS$OUTPUT "Starting OpenVMS virus scan..."
$ WAIT 00:01:00
$ WRITE SYS$OUTPUT "Virus scan complete. No viruses detected"

Virus scanners for Mac OS X do basically the same. There are zero
viruses or worms in the wild for the platfowm.

But this is not because the system has hardware supported memory
protection or similar features. The installation is pretty secure per
default, but the real reason is market share. Black hats want consumer
machines to create botnets, so they attack the system with the largest
market share.


Timo
 
L

Luc The Perverse

Jeffrey H. Coffield said:
The operating system is OpenVMS. The anti virus capabilities however come
from the correct use of hardware virtual memory management. This adds a
cost to the processor which so far has prevented it's adoption in end user
desktop systems. This is changing as the cost of hardware comes down. My
point is that the solution to all this virus crap is to design a system
that can't get a virus in the first place. Not try to patch up a flawed
architecture with even more flawed software.
*snip*

I find it hard to believe that the OS is bullet proof.

Let it become the de-facto standard - and someone will find a way to hack
it. There has to be a buffer overflow somewhere, or a security flaw - some
way to run arbitrary code. Just not enough people are trying.
 
J

Jeffrey H. Coffield

Luc said:
*snip*

I find it hard to believe that the OS is bullet proof.

Let it become the de-facto standard - and someone will find a way to hack
it. There has to be a buffer overflow somewhere, or a security flaw - some
way to run arbitrary code. Just not enough people are trying.
A buffer overflow or invalid page on a true hardware virtual memory
system is a hardware exception. In user mode, your program is basically
taken out and shot. An invalid page in kernel mode (which only the
operating system can be at) is an instant kernel crash. The system
reboots. No malicious code is inserted anywhere. Even Windows NT on an
Alpha had some of these abilities. I used a 3D graphics program that
caused a blue screen of death on a Pentium with NT by overwriting the
o/s. But on an Alpha running the same program, an exception was
generated and the program was halted.

OpenVMS has bugs and there are patches. Weak passwords are a problem on
any system. OpenVMS has been around for 30 years and is used in a large
number of banks, insurance companies and stock markets. They have been
prime targets for hacking because of the information they normally
contain. There are problems, just no viruses.

Jeff
 
L

ldv

g said:
Hello,

I need to build a WAR/JAR that will need to fulfil the following
requirements:

1. The code will only work for a trial period (30 days)
2. The code can be unlocked with a key
3. Unlocking the code will watermark the WAR/JAR with a unique key

I do not want to reinvent the wheel and would love to hear from other
folks that have experience with this type of packaging. Are there any
off-the-shelf solutions?

If your only target is Windows, consider the following approach:

1. Compile your Java app to native machine code with Excelsior JET
(www.excelsior-usa.com)

2. Use PC Guard (www.sofpro.com) or similar tool to copy protect the
resulting EXE.

(Excelsior JET is also available for Linux, but I have never researched
the availability of copy protection solutions for Linux.)

This way, you would get protection against both Java decompilers and
unauthorized copying.

For details, see also:

http://www.excelsior-usa.com/kb/000023.html
http://www.excelsior-usa.com/forum/index.php?topic=744

LDV
 
L

Luc The Perverse

Jeffrey H. Coffield said:
A buffer overflow or invalid page on a true hardware virtual memory system
is a hardware exception. In user mode, your program is basically taken out
and shot. An invalid page in kernel mode (which only the operating system
can be at) is an instant kernel crash. The system reboots. No malicious
code is inserted anywhere. Even Windows NT on an Alpha had some of these
abilities. I used a 3D graphics program that caused a blue screen of death
on a Pentium with NT by overwriting the o/s. But on an Alpha running the
same program, an exception was generated and the program was halted.

OpenVMS has bugs and there are patches. Weak passwords are a problem on
any system. OpenVMS has been around for 30 years and is used in a large
number of banks, insurance companies and stock markets. They have been
prime targets for hacking because of the information they normally
contain. There are problems, just no viruses.

How is software support for it? Should I consider running an OpenVMS box?

The name would seem to imply it is free. AH! It doesn't run on X86. Wow
Itanium boxes on ebay have come down a lot.

You think it's worthwhile to learn? I'll tell you one thing, I don't like
the idea of my box getting hacked. But I have a hard enough time trying to
learn Linux.
 
J

Jeffrey H. Coffield

Luc said:
How is software support for it? Should I consider running an OpenVMS box?

The name would seem to imply it is free. AH! It doesn't run on X86. Wow
Itanium boxes on ebay have come down a lot.

You think it's worthwhile to learn? I'll tell you one thing, I don't like
the idea of my box getting hacked. But I have a hard enough time trying to
learn Linux.

A short history of VMS:
http://www.reference.com/browse/wiki/Digital_Equipment_Corporation

Unix/Linux/Windoze are all still playing catchup with features available
20 to 25 years ago in VMS. OpenVMS is still too expensive to consider as
a desktop contender but you get what you pay for. We are moving to
Java front ends for our software with the database and most of the
business logic on a OpenVMS server.

However, I feel this discussion is straying off from the Java topic. If
you would like more info, please contact me directly. For more info on
me see www.digitalsynergyinc.com.

Jeff Coffield
 
O

Oliver Wong

Jeffrey H. Coffield said:
A virus has to be able to overwrite some part of the system to infect it.
There simply is no user mode address that corresponds to system memory.
There is no such thing as a buffer overflow allowing access to memory not
allocated to your user process.

My point is that if a system is designed correctly from the start, viruses
etc. are not a problem.

Buffer overflow is a "vector of attack", and isn't directly related to
whether the system is "capable of" viruses or not. Some computer viruses
spread via buffer overflows, and some don't, just like some biological
viruses are airborne, and some need contact with flesh or blood.

For it to be possible for viruses to exist on a system, all you need is
to allow for a program to generate executables, and the ability to overwrite
other files. If you cannot write a program which generates executables, you
cannot, for example, implement a compiler. If you CAN write a program which
generates executables, and you CAN overwrite other files, then to implement
a virus, all you have to do is write a program which reads in existing
executables, and overwrites them with a new executable which does the same
thing as the original executable, plus the contents of the original virus.

So for example, let's say I, as a end user, install some virus on my
system. When I run it, the virus might try to infect executables that I
don't have write-access to (e.g. system tools); it'll fail. But then it
might later try to infect executables that I DO have write-access to (for
example, by local install of FireFox, or my mp3 player, or my Fibonacci
sequence generator that I wrote).

I believe that as long as you have a computer which is Turing Complete,
you can have viruses on that computer. As a very informal proof, you could
imagine a sequence of bits on the tape which instructs the Turing Machine to
make more copies of that same sequence of bits elsewhere on the tape, for
example.
Included is the only OpenVMS virus scanner (complete source code) I have
ever seen.

$ WRITE SYS$OUTPUT "Starting OpenVMS virus scan..."
$ WAIT 00:01:00
$ WRITE SYS$OUTPUT "Virus scan complete. No viruses detected"

If I were to optimize this code, would it be safe to assume that the
bottleneck is in the "WAIT" statement, or should I profile to check that
maybe console I/O is particularly slow on this platform?

- Oliver
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top