Additionally, it is always best when an anti-tamper solution is applied on a per application basis. This means that each application has a unique defense that's specific to that particular application build. When that happens, a hacker must crack each application individually so the application is not susceptible to global attacks. By deploying a unique defense to tampering in every application, hackers become reticent to spend the time to manually remove checks, as this job is tedious and laborious. In many cases, the sheer length of time and effort required makes the hacker quit and move on to an easier target.
Open source presents developers with a different set of problems
As open source continues to gain traction as a viable alternative for mission critical applications, more and more enterprises will deploy some elements of open source technologies within their web server infrastructure. A hacker may start with an SQL injection attack, and if that doesn't work, move on to attacking the web server or other infrastructure until an unprotected point of entry is found. As more enterprises deploy open source technology, cybercriminals will target the security vulnerabilities within this infrastructure.
When protecting the infrastructure, the entire environment must be taken into account: web servers and infrastructure must be made tamperproof. Vendors will often lock down their applications in order to try and regulate access privileges but they often forget about the infrastructure they use, which leaves routes of attack for a hacker.
The impact of failed or ineffective security can be catastrophic, exposing vital systems or products to significant losses or damage. If a security solution fails to address sophisticated hacking attacks then it is likely that the software's protection effectiveness will be near zero, essentially exposing the software to hackers immediately. The "hackability" of software should be a key consideration to ISVs looking to protect their IP investment. With hackers becoming more creative and sophisticated, having an application and infrastructure protection strategy that lengthens the protection time of the whole system as long as possible is obviously the best way to protect your IP investment and, ultimately, your business.
Andrew McLennan is the founder and CEO of Metaforic.