Found an article on Java which I found interesting(msdynamicsworld.com)
Java is Highly Vulnerable to Reverse Engineering
While the ability to “Write Once, Run Anywhere” is a tremendous advantage, the way this environment is architected renders it far easier for hackers to reverse engineer than native applications. This means that developers face the very real risk of losing their intellectual property. There are a number of reasons why application-based virtual machines are easier to reverse engineer than native applications:
JVM is open source
Sun has made the source code freely available for the JVM. This makes it simple for hackers to simply look at the code to see exactly how the virtual machine works.
The Java .class file format is publically available
As mentioned earlier, Java source code is compiled into byte code, which is stored in a Java .class file. The specification of the Java .class file format is publicly available, making it easy for anyone with some technical background to write a tool that can process, modify, or transform the .class files.
The JVM is software, not hardware
Unlike standard programming languages that require an expert understanding of the specific processor, the JVM is an application that acts like a microprocessor and uses built-in capabilities provided by the operating system and computer hardware. Because hackers do not have to step down to the hardware level, it is easier to gain full control over the JVM.
Thus, for example, when debugging with standard native system development languages, pausing the processor is extremely difficult, requiring expert knowledge of the processor, the debugging capabilities, and the available ring-debuggers. However, because the source of the JVM runtime environment is openly available, a developer can easily build his or her own virtual machine that provides full control over every aspect of the virtual processor. This makes it easy to analyze every application running in the runtime environment.
No comments:
Post a Comment