On 10/5/07, der Mouse <[EMAIL PROTECTED]> wrote: > > malware writers have given their code the ability to detect if it is > > inside a VMware session. > > Software cannot tell when it's running under emulation, if the > emulation is sufficiently good; this just means that VMware is not > "sufficiently good" for those purposes. There must be something > they're not emulating correctly (where "correctly" here means "the way > real hardware does it").
First, it would seem to be a fairly trivial task to write code which can figure out its running in a VM. Its been a little while since I've used VMWare but I seem to recall "VMWare drivers" and other simple "signs" that would show up in the client OS which would allow anyone - or any code - to know that its in a VMWare VM. Perhaps they could disguise those, but I'm not sure how - not in such a way that a developer couldn't still use it to discover his code is running in a VM. And disguising itself isn't the purpose of a VM anyway - is it? Is responsibility for defending an OS in a VM not the same as it is for that OS running directly? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
