Obfuscation vs. Encryption

Adobe this week has announced the release of Adobe Flex-3 Builder and Adobe AIR 1.0 (Adobe Integrated Runtime). The playing field for the process of software development and delivery is about to change in some major ways…

A new “bar” of look, feel, capability, flexibility, distribution, user “experience” and overall “satisfaction” has been set! And, there is a very active and very creative community behind it…

WARNING: If your company is not paying close attention to this quickly emerging method of developing and distributing software, you will be shocked at how hard it will be to catch up to your competitors who are paying attention! This is game changing technology!

For those of you not in the know: Flex is a Rich Internet Application (RIA) development environment. Applications created in this environment not only look and feel really “rich” and very professional with minimal effort, but run with browser immunity over multiple operating systems, with multiple options for remote communications and data presentation, rendering and interaction. The list continues…

So what is the problem?
The problem is this: Many companies are putting A TON of money and resources into developing really important Intellectual Property, with cool interfaces, widgets, components and highly visual and legally important (e.g. government, health care, security, etc) applications which have NO PROTECTION from being reused, or decompiled and cannibalized property for their own purposes.

For those of you who are in an industry in which your Rich Internet Application deals with corporate or personally sensitive information, your number one priority should be to protect access to your application (e.g. authenticated users), and make sure that the application can not work or be decompiled when it is distributed (e.g. as a web site delivered application, or as an Adobe AIR application that runs on a users desktop). This is critical, not just for the protection of your own code, but for the protection of the services and processes which your application may communicate with – minimizing liability on multiple fronts.

A Solution is Announced!
Nitro-LM’s support for Flex/AIR Applications was announced this week at the Flex|360 conference in Atlanta, GA. It brings all of the existing features found for Java and .NET to Flex/AIR including the ability to“truly” encrypt your entire Flex Application so that IF a decompiler is applied, the hacker will only see a “blob” of encrypted junk that can not be decrypted.

Why? Because the “decryption” keys for your application are stored on Nitro-LM servers (completely separate from the application) so that ONLY authenticated users can get them at run-time with their license. This is the most secure way to prevent people from using your software when they are not allowed to, even if they have a copy in their hands or on their computer.

Licensing is not a “hot” subject now, but it will be over the next year or so as decompilers get better and better, and liabilities for information become even more important.

Do you feel secure about your Rich Internet Applications when they go live?