Death of antivirus software imminent

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Thu Jan 3 07:20:01 EST 2008


On Dec 31, 2007, at 4:46 PM, Bill Frantz wrote:
> My favorite virtual machine use is for the virus to install itself
> as a virtual machine, and run the OS in the virtual machine.  This
> technique should be really good for hiding from virus scanners.


It's not, and despite the press handwaving about hypervisor rootkits  
being the death of all security as we know it, this attack is largely  
uninteresting in practice. Repeat after me: it's not a real problem,  
and it's unlikely to become a real problem.

A walkthrough with pretty pictures, courtesy of the Matasano folk:
<http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/ 
 >

Cheers,

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list