On 02/03/2016 04:07, Yang Luo wrote: > And how about this idea. I found out that lots of malware will detect > the presence of hypervisors and refuse to refuse to execute their real > code in a VM. The malwares do this to prevent security engineers from > analyzing their code under a VM. Lots of detection methods have been > proposed for many years. But hypervisors seem to not care about this issue. > > So what do you think about making Qemu/KVM more undetectable to > malwares? Is this idea viable?
KVM already allows you to disable CPUID leaves specific to hypervisors. As you said, other detection methods for hypervisors exist, and patches are welcome to thwart them. :) However, while it is definitely a nice project and we would appreciate it, it doesn't sound like the kind of research that you would publish in academic venues. Paolo
