From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,af0c6ea85f3ed92d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Received: by 10.68.74.201 with SMTP id w9mr8512757pbv.0.1329099155723; Sun, 12 Feb 2012 18:12:35 -0800 (PST) Path: wr5ni18254pbc.0!nntp.google.com!news1.google.com!postnews.google.com!k10g2000yqk.googlegroups.com!not-for-mail From: Tez Newsgroups: comp.lang.ada Subject: Re: Arbitrary Sandbox Date: Sun, 12 Feb 2012 18:10:52 -0800 (PST) Organization: http://groups.google.com Message-ID: <30a09b9e-5a4c-449f-a4da-cb39dac1d263@k10g2000yqk.googlegroups.com> References: <8e83f2be-c6e9-4b0b-b53c-d50fe70d01e1@pq6g2000pbc.googlegroups.com> <702c5d55-ff96-486c-bff9-93aa273f6217@i18g2000yqf.googlegroups.com> NNTP-Posting-Host: 76.201.93.131 Mime-Version: 1.0 X-Trace: posting.google.com 1329099155 27275 127.0.0.1 (13 Feb 2012 02:12:35 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Mon, 13 Feb 2012 02:12:35 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: k10g2000yqk.googlegroups.com; posting-host=76.201.93.131; posting-account=aCLEfwoAAAAOAatsIFtV_Z_eteRd3roE User-Agent: G2/1.0 X-Google-Web-Client: true X-Google-Header-Order: HNKUARELSC X-HTTP-UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11,gzip(gfe) Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Date: 2012-02-12T18:10:52-08:00 List-Id: On Feb 11, 5:39=A0am, "Dmitry A. Kazakov" wrote: > On Sat, 11 Feb 2012 02:32:45 -0800 (PST), Maciej Sobczak wrote: > > This allows to create an operating system within an operating > > system, which is great for experimentation as well as for creating > > security sandboxes. In essence, such a sandbox is like a separate > > machine, but does not require separate hardware. > > I wonder when (maybe already) the malware will start to target specifical= ly > virtualization software. > > -- > Regards, > Dmitry A. Kazakovhttp://www.dmitry-kazakov.de On a separate note. There is already malware that target the virtual machine. Some will bypass the SEH if it detects if it is in a virtual machine. Some will also rely on timing anomalies to determine if they are in a virtual machine as well.