Accidental malware protection effect
51 views
Skip to first unread message
Alex
Jan 16, 2017, 2:38:40 PM1/16/17
to qubes-users
Has it ever been considered a feature the fact that all of the activity
of a user in Qubes OS happens in a VM, from the point of view that a lot
of malware has anti-debugging features that usually alter their
behaviour when they detect they are run in a VM?
I don't have any statistic data for malware having such protections, and
I believe that some anti-debugging features just compare hardware cpu
timers to better discern an actual debugging session from a running VM
(otherwise, this could prevent the malware from running on vps
platforms). But it could be a nice side effect...
--
Alex
of a user in Qubes OS happens in a VM, from the point of view that a lot
of malware has anti-debugging features that usually alter their
behaviour when they detect they are run in a VM?
I don't have any statistic data for malware having such protections, and
I believe that some anti-debugging features just compare hardware cpu
timers to better discern an actual debugging session from a running VM
(otherwise, this could prevent the malware from running on vps
platforms). But it could be a nice side effect...
--
Alex
raah...@gmail.com
Jan 17, 2017, 11:17:34 PM1/17/17
to qubes-users, alex...@gmx.com
probably, I know some malware will do this if detects user running monitoring programs.
Reply all
Reply to author
Forward
0 new messages