On Dec 31, 2007, at 4:46 PM, Bill Frantz wrote:
My favorite virtual machine use is for the virus to install itself
as a virtual machine, and run the OS in the virtual machine. This
technique should be really good for hiding from virus scanners.
It's not, and despite the press handwaving about hypervisor rootkits
being the death of all security as we know it, this attack is largely
uninteresting in practice. Repeat after me: it's not a real problem,
and it's unlikely to become a real problem.
A walkthrough with pretty pictures, courtesy of the Matasano folk:
<http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/
>
Cheers,
--
Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
