It's just about making it hard for the majority to tamper with it.

Then it's also a way of stating that they (in this particular case) are not yet authorized to look at the code.

Certainly I lock my car in the car park - but I then take key with me ;-)

With this sort of software 'protection' you are leaving the key in the software - rather like leaving the key of your car in the exhaust/tail pipe. It is security by obscurity.

Apologies for the rant, but this is one of the areas that I feel strongly about - it isn't possible to copy protect digital media like this, be it DVD discs, audio, books or programs (to name 4 media with high profile cracks).

If you supply the key with the media (or with the software that decodes the media) you haven't added any security only obscurity. To have real security you need to pass the key seperately, eg on a dongle, smart card, my PGP key exchange etc, and you need to individually encrypt each item.

Actually it is possible to do it, in some operating systems. For instance EROS can have software that you can run, but which you cannot read and you likewise cannot directly read the data that software is working from.

This is, of course, limited by the physical security of your machine and method of distribution, but it can be done on a multi-user system.

(The AS400 is another true capability system so I would expect that you could this this in the AS400 as well. Of course it is impossible in ACL based systems, and so-called "POSIX capabilities" again don't help.)

Beyond that this kind of software protection does have a point. Physical security systems are not sold as secure. They are sold rated in terms of how long it takes to break them. The fact that it can be broken, can be reverse engineered is irrelevant. The fact that it will take X effort is what counts.

Is a lock useless because someone can batter down the door? A combination lock because someone can just try combinations? It may not be as secure as most believe, but that doesn't make it useless.

There is a "security" attitude where security through obscurity is appropriate: If they're smart and diligent enough to figure this out and use it, they deserve to get access. In many cases all you want to do is discourage or make it difficult for someone to break through your "security". A few people figuring it out and working around it in certain situations doesn't have to be unacceptable.

If you're writing something and marketing it (even if it's just to your boss) as secure, this is a poor security approach indeed, but if all you want to do is deter or make the user/enemy use up resources in order to work around it, this could be sufficient.

As long as you don't leave your keys in your car, I'll think twice about spending the time to steal your car.

oren