|
|
While on the subject, here are some links regarding VM security from a Pen-Test mailing list (securityfocus.com) email I haven't read yet:
http://www.vmware.com/vmtn/technology/security/
http://vmblog.com/archive/2006/05/23/605.aspx
Maybe somebody will find it useful. Maybe I'll find it useful but I haven't read them yet :/
On 24/12/06, Serg B. <
sergicles@xxxxxxxxx> wrote:Well yeah, if it is the case it is very, very scary to think of the possibilities and the damage something like this could cause.
Perhaps it's time to move into security industry, looks like the business will be booming there.
Hi,
Am 23.12.2006 um 16:10 schrieb Serg B.:
> Sounds like Jame Bond stuff to me. Do you have a link to an article
> that
> talks about the above proof of concept code? Since you know...
nope sorry was a printed articel and I already threw away the
magazine... :(
> However you would definitely know about it. Nothing stealthy there
> unless
> you run one powerful mother of a machine! And even then you would
> see that
> things are not quite as fast. You would notice a performance
> decrease since
> you would be now running 2 OS's. One for the virus and one for the
> guest.
> Reduced disk size - a noticeable chunk sine there is another OS
> installed.
> On reboot a boot-up screen would show messages inconsistent to the
> guest OS,
> etc. Like I said nothing stealthy, in MY opinion.
the stealthy thing as I understood it was that you are in fact not
running to OS but with the virtualization technology the software
could at runtime of the os switch the context in which the os is
running.
I have no idea how large such a thing would be, but even if it was 20
MB with todays HD sizes one would hardly recognize. And since it's a
"small" programm that just hides a few processes from being found I
don't think that you would notice any difference.
> So yeah I doubt that this proof of concept is anything more then a
> marketing
> speak for VM tools and somebody trying to get security paper out
> for self
> promotion.
I desperately hope so, if not that would mean a _lot_ of spam (which
is the thing that imho pays off most at the moment). Consider you
have a running windows/linux/whatever os box and someone has a root
kit of that kind installed. no chance to detect it, new investements
for anti malware software etc.
martin
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
--
Serg
--
Serg
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
|
|