2 min read

Review: PreEmptive Provides Security For .Net Apps

The software provides tools for securing .Net apps using a technique known as "obfuscation."
With control-flow obfuscation, Dotfuscator scrambles methods to change the path of the code, keeping the logic the same. This technique confuses decompilers that seek specific patterns within instruction streams.

dotfuscatorMost .Net decompilers take advantage of code patterns in binary assemblies to construct source code. Dotfuscator's control-flow algorithms produce random results to make it even harder to find patterns.

Developers also can confuse decompilers by optimizing code manually. The use of hash tables to embed repetitive tasks, for example, can make it difficult to find program flow patterns. But control flow in general will affect overall application performance because code is scrambled.

In addition, Dotfuscator can encrypt strings inside code to stop string-based attacks. Typically, hackers will decompile applications and search for sensitive strings that provide clues on how to access data sources or license key breaks. After scrambling strings, Dotfuscator inserts a decoding method before every string load so that it returns original strings only at runtime.

Dofuscator, too, can create declarative obfuscations, a way to mark up source code to give configuration hints to obfuscators using .Net custom attributes. Microsoft and PreEmptive agreed to incorporate custom attributes designed to be detected by Dotfuscator Professional within .Net's official runtime.

Pricing for Dotfuscator Professional starts at $1,890. On the channel side, PreEmptive offers 10 percent to 50 percent margin on the product, based on partner commitments and investment. Partners get unlimited phone, e-mail and database support, including white papers and best practices. For smaller partners, PreEmptive offers a similar program.