When sourcing software for business needs, what criteria should you follow? Price typically tops the list. And sure, free software, like the Linux OS, delivers cost savings, stability, flexibility and ongoing development. No argument there. But when it comes to decompilers, which are used for reverse-engineering malware, decisions get harder.
Everyone from cybersecurity professionals down to hobbyists have a wide range of excellent decompilers to choose from. But finding the best feature-mix fit hasn’t proved to be easy. Myriad factors beyond price enter into the equation when it comes to selecting decompiling tools.
A study by Forrester on SecOps found that only 46 percent of companies are satisfied with their ability to detect cybersecurity threats, blaming – in part – complicated security tools.
Also, shifting malware trends are now demanding more from cybersecurity professionals and the tools they rely on. For instance, according to the Verizon 2020 Data Breach Investigations Report, malware-based cyberattacks have declined slightly. However, the malware used in many of those attacks has become more sophisticated, Verizon reported. Subsequently, interest in reverse-engineering malware has been intensified.
The Real Cost of Software
True, there are plenty of free and low-cost decompilers that can help the average individual or small business reverse-engineer code – be it malware or (re-)creating lost source code from a binary executable. There is Ghidra, the tool famously developed for internal use by the U.S. National Security Agency, along with OllyDbg, x64dbg and Radare2. But weigh your options carefully, say experts, and make sure you integrate hidden costs into the equation.
Consider the cost of using unstable or unsupported tools or how long it takes to get past a learning curve using the wrong decompiler. While the internet has facilitated a number of low-cost and free solutions, many come with tradeoffs – namely no support and missing features. Before investing time in any reverse-engineering tool, do your homework. Make sure you won’t get bogged down hunting for undocumented decompiler features and be forced to find workarounds for tool hiccups.
What does it cost a company when researchers waste time cleaning up output code or waiting for jobs to simply finish running?
The beauty of the reverse-engineering niche is the diversity of tools. Price should never be the only determining factor. Current malware trends and new SecOps priorities have many looking beyond price. Software reliability, rapidity of execution and vendor support become part of a business unit’s profit and loss discussion.
For smaller developers, more robust solutions are simply a natural evolution. For hobbyists and occasional users, free or low-cost tools are often adequate. These types of developers typically don’t have megabytes of code to worry about and also have ample time to dedicate to analysis.
For cybersecurity professionals though, paying upfront for a solution that provides quick project spin-ups, fast executions and a streamlined user experience will ultimately deliver better results, happy return customers and safer networks.
These teams are time constrained and demand cogent results.
Commitment to Future: IDA Teams
Sadly, free tools often represent one-off projects by a vendor that can sometime lack ongoing development or even a product roadmap.
For Hex-Rays, the reverse-engineering family of IDA tools represent a singular focus. The company prides itself on meeting current and future market needs. For Hex-Rays, the future is clear. It’s about empowering teams – not just the lone researcher digging through hundreds of megabytes of function code alone.
IDA Teams is coming soon, which can leverage the power of many contributors – across workgroups, time zones and geographies. Sometime within the first half of 2021, Hex-Rays will rollout multi-user support for IDA along with versioning support in the upcoming release of IDA Teams.