> malware writers have given their code the ability to detect if it is > inside a VMware session.
Software cannot tell when it's running under emulation, if the emulation is sufficiently good; this just means that VMware is not "sufficiently good" for those purposes. There must be something they're not emulating correctly (where "correctly" here means "the way real hardware does it"). > This allows the worm writers to find out if someone is attempting to > analyze their exploits. Not quite; there are other reasons for running under VMware. I know someone who routinely runs *everything* in a VMware session (hardware compatability issues). Perhaps someone should approach the VMware people about producing a version that *is* "sufficiently good"? /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
