how do I prevent theft of intellectual property?

FuturesTrader
FuturesTrader used Ask the Experts™
on
Scenario: Laptop behind a whitelisted Sonicwall hardware firewall. Connections are to two outfits, one is a broker, the other is a data provider. I have a script that is written in C++ and compiled with the Open Watcom C++ Compiler. I'm wondering if there is a way to prevent uploads of my script? Maybe the compiled version could be uploaded while it was running and the thief could reverse engineer it? I can keep the text versions of the script off the computer, keep them on a flash drive and remove it after compilation and before connecting to the internet for example but the .dll has to be there in some way shape or form in order for the script to run... can files be blocked by their type? I don't think that all the software will run in a user account, some of it has to have some administrator privileges.. I've been told that's not the best case for security but there is little I can do about that... do they still have superuser accounts or some way to limit the access that Admin privileges provide?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
It's not difficult to find a decompiler so someone could reverse engineer if they were so inclined.

http://www.backerstreet.com/rec/rec.htm

You could try limiting access by using sudo but they would need read access to run it. Maybe run from a limited account with a sudo imbedded in script.

You want "sudo", which lists who can do what in /etc/sudoers and /etc/sudoers.d. Don't let the manpage scare you, look at the examples towards the end or google for them.

sudo bash (or your preferred shell) works just as well as su.

Author

Commented:
I omitted that the OS is Windows, sorry... "runas" is the similar thing as sudo but I don't quite follow how I would employ that to protect my .dll. I do realize that Windows is just designed wrong for security from the beginning.. The software environment that the script runs in only runs on windows, maybe I should be running Linux and an emulated Windows environment and gain the security advantage at the Linux level?
You can run something like the following VB script to use Runas to allow running in a limited account.
http://vlaurie.com/computers2/Articles/xprunas.htm

'This script allows limited accounts to use PrintArtist (PA)
'as the Administrator. It must be placed in the same
'folder with the executable program file for PA. A shortcut
'to this script file can then be put on the student Desktop.
'Your antivirus program may need to be set to allow scripts.
'Written by Vic Laurie, May, 2004
'Not responsible for any problems arising from use of the script
'-------------------------------------------------------
Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:administrator ""PrintArt.exe"""
WScript.Sleep 100
'Replace the string yourpassword~ below with
'the password used on your system. Include tilde
oShell.Sendkeys "yourpassword~"
Wscript.Quit

Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Author

Commented:
I wonder if I can whitelist by applications? The entire computer is dedicated to an extremely narrow focus. Just a few url's are allowed and a single software package is running. Could I whitelist to only allow that application to run and would that somehow block an upload of .dll files? To upload a file would a thief have to install something on my computer? Could I block access by file type?
The more limitations you can put on the computer, the fewer options for someone to hack. I would lock down all unneeded ports including ftp & RDP.

A hacker would probably have to exploit some application to get control of your PC and upload your files. If it runs as a web application then they would probably focus on IIS assuming you don't have other ports open.

Here's some tips on hardening XP.
http://www.colorado.edu/its/security/awareness/hardening/

Author

Commented:
Possibly I'm asking the impossible of windows...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial