info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: How to identify a Virtual Machine image.
0 views
Skip to first unread message
David Brooks
Feb 7, 2022, 10:45:36 AM2/7/22
to
On 07/02/2022 14:23, Nic2 wrote:
> David Brooks wrote:
>
>> On 06/02/2022 17:05, Steve Carroll wrote:
>>> On 2022-02-06, David Brooks <Davidb_tj@{REMOVESPAM}me.com> wrote:
>>>> On 06/02/2022 15:27, Steve Carroll wrote:
>>>>> On 2022-02-06, FromTheRafters <err...@nomail.afraid.org> wrote:
>>>>>
>>>>> (snip)
>>>>>
>>>>>>>>> You might wonder how such a circumstance could come about. I
>>>>>>>>> suggest that naively downloading and installing appropriate
>>>>>>>>> software would be a possible route. Most computer users have no
>>>>>>>>> idea what actually happens when they install software onto their
>>>>>>>>> machines.
>>>>>>>>
>>>>>>>> https://publik.tuwien.ac.at/files/pub-inf_5317.pdf
>>>>>>>
>>>>>>> EXCELLENT - I will study later. Thank you.
>>>>>>>
>>>>>>> Have YOU any suggestion of HOW I can check my iMac? Are you familiar
>>>>>>> with Knock Knock?
>>>>>>
>>>>>> No. You have a habit of asking questions where you have little chance
>>>>>> of understanding the answers. You asked something general and I
>>>>>> answered something specific, that is a 'surreptitiously installed' VM
>>>>>> (like a full featured rootkit type of malware) could be detectable, in
>>>>>> some cases, by software. My linked answer was about how malware can
>>>>>> detect malware analyst's VMs from within said VMs.
>>>>>
>>>>> +1
>>>>
>>>> Just suppose, Steve, that you visited a website and downloaded some
>>>> software onto your Apple computer and then installed it.
>>>>
>>>> Assume, in doing so, you inadvertently installed a "rootkit type of
>>>> malware" onto your computer. If you were still able to use your computer
>>>> to achieve your chosen tasks, how would YOU ever detect that you were
>>>> hosting a spy within, as it were?
>>>
>>> I've been over this with you, if you recall, I even pointed out the
>>> malware (via npm) that went undetected by ClamX's engine. I've been far
>>> more 'affected' by YOUR paranoia ;)
>>
>> I'm not sure that I DO recall .... and I was wondering hard about "npm"
>> - until this morning!
>>
>> https://www.theregister.com/2022/02/03/npm_malware_report/
>>
>>> I don't spend a lot of time thinking about 'what ifs', but were there a
>>> 'what if' I was as concerned about as you seem to be, I'd spend the time
>>> to learn about it, as opposed to asking the same questions over and over
>>> from the same groups of people. As I've pointed out in the past, there
>>> are means available for you to detect (and be alerted to) when something
>>> is being installed. Are they 'Snit-level' easy? No. Short of that, you
>>> can run a scan after every session where you've dl'd something. If
>>> you're that worried, the best solution is to never keep sensitive data
>>> on your computer.
>>
>> Spend a little time explaining. Suppose someone visits the
>> www.clamXav.com website and is taken in by the fancy graphics and 'Free'
>> offer.
>>
>> They choose to 'Download' the product. Once the Installer.pkg is shown
>> in 'Downloads' - HOW should they check it?
>>
>> Assuming they use a 'tool' for the purpose, how would an average user
>> have any idea what each item actually does?
>>
>> OK - they decide to install ClamXav anyway. If it (malware) is capable
>> of making itself invisible to another AV scanner (say Malwarebytes) HOW
>> would the user know that anything was amiss?
>>
>> I have read the response here: MID <stpolt$k15$1...@gioia.aioe.org>
>>
>> Much as I would have liked to have learned the necessary skills to
>> examine a machine myself, life was/is too short. I agree with what
>> LegionX/Dustin Cook has said .....
>>
>> "Once that machine is booted clean and someone goes looking who
>> knows what they are doing - you're going to get caught. And
>> removed. And studied. Then automated systems will hunt you down
>> with little to no user interaction required. Welcome to the real
>> world."
>>
>> The trouble is ..... *nobody has done that*! (AFAIK)
>>
>> Are YOU capable of doing that?
>>
>> Just to be clear, I'm not bothered one iota for myself. I care about
>> gullible folk who may have no idea that they are being taken-in by
>> snake-oil.
>>
>> HTH
>>
> How would that work with a live linux distro?
> Unless the distro was infected, each boot would be unique and when turned
> off all the harm that you worry about is gone, down to the last electron.
I wonder if you can help me with this.
Is it actually POSSIBLE to download ClamXav onto a Linux computer?
If you CAN do so, whereabouts would it be installed?
Have you tried - and RUN it? If so, did it detect malware?
Do tell - please!
> David Brooks wrote:
>
>> On 06/02/2022 17:05, Steve Carroll wrote:
>>> On 2022-02-06, David Brooks <Davidb_tj@{REMOVESPAM}me.com> wrote:
>>>> On 06/02/2022 15:27, Steve Carroll wrote:
>>>>> On 2022-02-06, FromTheRafters <err...@nomail.afraid.org> wrote:
>>>>>
>>>>> (snip)
>>>>>
>>>>>>>>> You might wonder how such a circumstance could come about. I
>>>>>>>>> suggest that naively downloading and installing appropriate
>>>>>>>>> software would be a possible route. Most computer users have no
>>>>>>>>> idea what actually happens when they install software onto their
>>>>>>>>> machines.
>>>>>>>>
>>>>>>>> https://publik.tuwien.ac.at/files/pub-inf_5317.pdf
>>>>>>>
>>>>>>> EXCELLENT - I will study later. Thank you.
>>>>>>>
>>>>>>> Have YOU any suggestion of HOW I can check my iMac? Are you familiar
>>>>>>> with Knock Knock?
>>>>>>
>>>>>> No. You have a habit of asking questions where you have little chance
>>>>>> of understanding the answers. You asked something general and I
>>>>>> answered something specific, that is a 'surreptitiously installed' VM
>>>>>> (like a full featured rootkit type of malware) could be detectable, in
>>>>>> some cases, by software. My linked answer was about how malware can
>>>>>> detect malware analyst's VMs from within said VMs.
>>>>>
>>>>> +1
>>>>
>>>> Just suppose, Steve, that you visited a website and downloaded some
>>>> software onto your Apple computer and then installed it.
>>>>
>>>> Assume, in doing so, you inadvertently installed a "rootkit type of
>>>> malware" onto your computer. If you were still able to use your computer
>>>> to achieve your chosen tasks, how would YOU ever detect that you were
>>>> hosting a spy within, as it were?
>>>
>>> I've been over this with you, if you recall, I even pointed out the
>>> malware (via npm) that went undetected by ClamX's engine. I've been far
>>> more 'affected' by YOUR paranoia ;)
>>
>> I'm not sure that I DO recall .... and I was wondering hard about "npm"
>> - until this morning!
>>
>> https://www.theregister.com/2022/02/03/npm_malware_report/
>>
>>> I don't spend a lot of time thinking about 'what ifs', but were there a
>>> 'what if' I was as concerned about as you seem to be, I'd spend the time
>>> to learn about it, as opposed to asking the same questions over and over
>>> from the same groups of people. As I've pointed out in the past, there
>>> are means available for you to detect (and be alerted to) when something
>>> is being installed. Are they 'Snit-level' easy? No. Short of that, you
>>> can run a scan after every session where you've dl'd something. If
>>> you're that worried, the best solution is to never keep sensitive data
>>> on your computer.
>>
>> Spend a little time explaining. Suppose someone visits the
>> www.clamXav.com website and is taken in by the fancy graphics and 'Free'
>> offer.
>>
>> They choose to 'Download' the product. Once the Installer.pkg is shown
>> in 'Downloads' - HOW should they check it?
>>
>> Assuming they use a 'tool' for the purpose, how would an average user
>> have any idea what each item actually does?
>>
>> OK - they decide to install ClamXav anyway. If it (malware) is capable
>> of making itself invisible to another AV scanner (say Malwarebytes) HOW
>> would the user know that anything was amiss?
>>
>> I have read the response here: MID <stpolt$k15$1...@gioia.aioe.org>
>>
>> Much as I would have liked to have learned the necessary skills to
>> examine a machine myself, life was/is too short. I agree with what
>> LegionX/Dustin Cook has said .....
>>
>> "Once that machine is booted clean and someone goes looking who
>> knows what they are doing - you're going to get caught. And
>> removed. And studied. Then automated systems will hunt you down
>> with little to no user interaction required. Welcome to the real
>> world."
>>
>> The trouble is ..... *nobody has done that*! (AFAIK)
>>
>> Are YOU capable of doing that?
>>
>> Just to be clear, I'm not bothered one iota for myself. I care about
>> gullible folk who may have no idea that they are being taken-in by
>> snake-oil.
>>
>> HTH
>>
> How would that work with a live linux distro?
> Unless the distro was infected, each boot would be unique and when turned
> off all the harm that you worry about is gone, down to the last electron.
I wonder if you can help me with this.
Is it actually POSSIBLE to download ClamXav onto a Linux computer?
If you CAN do so, whereabouts would it be installed?
Have you tried - and RUN it? If so, did it detect malware?
Do tell - please!
David Brooks
Feb 8, 2022, 6:49:08 PM2/8/22
to
No, kiddo. This is a serious concern for OTHER people, not for myself.
0 new messages