Alex Young wrote:
> Bira wrote:
> 
>> On 5/23/06, Guest <krisleech / interkonect.com> wrote:
>>
>>> An open source project compiled (open at design time) and software that
>>> has interpreted open source (open at run time) are different. And
>>> interpreted is less secure than compiled.
>>
>>
>>
>> How so? I don't think I've ever read anything about this before. Sure,
>> it's easier to change interpreted code, but if the attacker already
>> has enough access to make those alterations in the first place, it
>> doesn't matter wheter the program is compiled or interpreted, and you
>> have a deeper problem in your hands.
> 
> 
> It depends on what metric you use for "secure".  If you use "minimum 
> amount of energy expended to retrieve protected data", then in an 
> otherwise like-for-like system, then assuming that the software is not 
> bypassed completely, the system with compiled code needs additional 
> energy for the decompilation, making it "more secure".  Simple as that :-)
> 

Exactly. ;)  Just as a closed book is more secure than one lying open
on a table. If it's closed, you have to be smart enough to open it
before you can read it.


Hal