The computer industry uses the terms trusted and untrusted to describe a broad range of technologies varying from processor design to cloud networks. When applied to a computing environment, these terms may be used to illustrate how much access a user has to your valuable application's files and code. When using software licensing to prevent unwanted sharing of your hard work, it is important to understand how secure a software licensing mechanism is, depending on the environment.
What's an Untrusted Environment?
Do you sell your software to individual customers who install it on their computer? Well, guess what? Your software is running in an untrusted environment. The most common untrusted environment is your customer's computer.
Your customer's computer is considered untrusted because:
- Your customer controls access to your software's executable and supporting files.
- Your customer controls the hardware and Operating System running your software
- Your customer controls what can be installed in the environment such as debuggers or packet sniffers used to disable your software licensing protection.
Any application running in this environment may be tampered with to thwart your software licensing.
What's a Trusted Environment?
The best example of a trusted environment is SaaS (Software as a Service). Think about using Microsoft Office 365 to read your email in your web browser. Microsoft's Office 365 email application is hosted on remote servers with only the email presentation code running in a web browser on your computer. If your software can run on a system that limits your customer's access then it is a trusted system.
A SaaS environment is considered trusted because:
- You control your customer's access to your software's executable and important files.
- You control who can use your software.
- You control the Operating System and hardware running your software.
- You control what can and cannot be installed in the environment. Your customer cannot install tools on the system to help them tamper with your software such as debuggers or packet sniffers.
Even though you still need to consider software security (e.g. server validation of all inputs) when coding your SaaS application, if you want to keep your customers from tampering with your software then consider hosting it in a trusted environment.
I Have the Most Secure Software Licensing Available, Therefore My Application Should Be Safe, Right?
Is your application running in an untrusted environment? If yes, you should realize the answer is always "no." For example, using a product to encrypt your executable or obfuscate your code certainly seems like a fool-proof way to stop any tampering, but there is always a moment where that code must be decrypted in memory so the computer's processor can understand it. Now all that extra protection is peeled away and your code is vulnerable!
Why Should I Even Bother Protecting My Application?
It may sound like "doom and gloom" when protecting your application in an untrusted environment, but this is really not the case. As we say here at SoftwareKey , "You want to keep the honest people honest." You obviously don't want to release an unprotected application. This makes it far too easy for "Bob" to just make a copy for his neighbor "Mary." Bob is an honest guy, but he may not think much of giving a friend a copy of your software. Having some form of copy-protection will keep Bob honest.
It is important to know the difference between a trusted environment and an untrusted environment when it comes to protecting your software from theft. Your application cannot be 100% secure in an untrusted environment, but you can take steps to keep it from being easily copied. If you feel you cannot allow any chance of your software being pirated then you should develop your products in a trusted environment.