Death of antivirus software imminent
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Thu Jan 3 07:20:01 EST 2008
On Dec 31, 2007, at 4:46 PM, Bill Frantz wrote:
> My favorite virtual machine use is for the virus to install itself
> as a virtual machine, and run the OS in the virtual machine. This
> technique should be really good for hiding from virus scanners.
It's not, and despite the press handwaving about hypervisor rootkits
being the death of all security as we know it, this attack is largely
uninteresting in practice. Repeat after me: it's not a real problem,
and it's unlikely to become a real problem.
A walkthrough with pretty pictures, courtesy of the Matasano folk:
<http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/
>
Cheers,
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list