Thread: Now, what's next? Is it the end of software protectors?
View Single Post
  #3  
Old 07-20-2007, 16:04
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
  
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 971
Rept. Given: 70
Rept. Rcvd 431 Times in 101 Posts
Thanks Given: 83
Thanks Rcvd at 405 Times in 127 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
According to columnists and future-trends papers this is a period in which old protectors are left at the post..

1. they are extremely complex and each time is very difficult to test and write new things.
2. testing of new features is very difficult mostly because the packer are used to deeply go into the OS and until there were only XP the testing was simpler. Vista undoubtedly complicated things: a lot of kernel modifications, a lot of new features. Do you remember the drop of protector and malware when NT or Win32 arose? The previous W95 world was totally different. This same epochal change happened with Vista: it's much more different from the previous OSes than XP, that was an optimized NT after all).
3. Reverser recently demonstrated to completely own the system and the protectors; just to mention two milestone: rootkits and inlining of asprotect/armadillo or of themida. No casually for example rootkits and themida unpacking require the same knowledge
4. The proactive fight the industry engaged against malware is producing really interesting document which of course helps both sides of the barricades.

For these same reasons the AVID (Anti-Virus is Dead) movement is gaining credibility when talking of malware. For these same reasons the packers are moving into totally different directions. Consider that malware and piracy are strictly connected, different targets but same methods, not casually woodmann recently veer to malware.

The future for packers is in my opinion (but not only mine) in the VMs. The VMs seen up to now are just experiments relatively simple to reverse. The real potentiality of VMs is still unexplored. Developers are still getting confidential with the VMs possibilities.
Just to understand what can you expect from a really serious approach on VMs protectors, see the HyperUnpackMe2 on openrce site. How many of you would have been able to face up that beast?
Fortunately (for us) the sources of that protector got lost and there were some limits..

I thing that VMs will also require a completely new generation of tools from us to pick up the gauntlet.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Last edited by Shub-Nigurrath; 07-20-2007 at 16:13.
Reply With Quote