Security Recommendations for Microsoft's .NET Framework 4.0

Coinciding with today’s release of the final version of Microsoft’s .NET Framework 4.0, V.i. Laboratories makes certain recommendations regarding the security of applications developed on the framework. V.i. Labs advises independent software vendors (ISVs) and application developers to ensure that they have security technology in place to prevent hackers, competitors, partners, and software pirates from accessing sensitive intellectual property (IP) embedded in the .NET code and tampering with deployed applications.

According to Victor DeMarines, VP of Products at V.i. Labs, “Developers should make an informed decision before implementing protection measures into their applications given the risk to their customers and the complexity it can introduce in the development process. Protection may be necessity if your application contains valuable IP and is developed in C# and the Microsoft .NET platform. These applications are trivial to reverse engineer and require some level of protection to make them less a target by hackers and even curious end users.”

DeMarines recommends that developers ensure their protection technologies offer the following:

• Non-Invasive Protection to ensure that intermediate language code is encrypted at the assembly level without impacting application code flow or introducing support dependencies
• Method Level Encryption to prevent decompiling of .NET assemblies and minimize the exposure of decrypted application files or resources
• Anti-tamper Protection to prevent tampering of specific application files or resources
• Protect APIs and SDKs to allow the sharing of software IP with customers and partners without exposing sensitive code
• Support for ASP .NET to protect web application code being hosted on third-party networks
• Platform Support for compatibility with both 32-bit and 64-bit applications