While on the subject, here are some links regarding VM security from a Pen-Test mailing list (<a href="http://securityfocus.com">securityfocus.com</a>) email I haven't read yet: <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.vmware.com/vmtn/technology/security/" target="_blank"> http://www.vmware.com/vmtn/technology/security/</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://vmblog.com/archive/2006/05/23/605.aspx" target="_blank">http://vmblog.com/archive/2006/05/23/605.aspx </a> Maybe somebody will find it useful. Maybe I'll find it useful but I haven't read them yet :/ <div>On 24/12/06, Serg B. <<a href="mailto:sergicles@gmail.com"> sergicles@gmail.com</a>> wrote:<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Well yeah, if it is the case it is very, very scary to think of the possibilities and the damage something like this could cause. Perhaps it's time to move into security industry, looks like the business will be booming there. <div><div>On 24/12/06, Martin Marcher <<a href="mailto:martin.marcher@openforce.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> martin.marcher@openforce.com</a>> wrote:</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div> Hi, Am 23.12.2006 um 16:10 schrieb Serg B.: > Sounds like Jame Bond stuff to me. Do you have a link to an article > that > talks about the above proof of concept code? Since you know... nope sorry was a printed articel and I already threw away the magazine... :( > However you would definitely know about it. Nothing stealthy there > unless > you run one powerful mother of a machine! And even then you would > see that > things are not quite as fast. You would notice a performance > decrease since > you would be now running 2 OS's. One for the virus and one for the > guest. > Reduced disk size - a noticeable chunk sine there is another OS > installed. > On reboot a boot-up screen would show messages inconsistent to the > guest OS, > etc. Like I said nothing stealthy, in MY opinion. the stealthy thing as I understood it was that you are in fact not running to OS but with the virtualization technology the software could at runtime of the os switch the context in which the os is running. I have no idea how large such a thing would be, but even if it was 20 MB with todays HD sizes one would hardly recognize. And since it's a "small" programm that just hides a few processes from being found I don't think that you would notice any difference. > So yeah I doubt that this proof of concept is anything more then a > marketing > speak for VM tools and somebody trying to get security paper out > for self > promotion. I desperately hope so, if not that would mean a _lot_ of spam (which is the thing that imho pays off most at the moment). Consider you have a running windows/linux/whatever os box and someone has a root kit of that kind installed. no chance to detect it, new investements for anti malware software etc. martin </div>-- ubuntu-users mailing list <a href="mailto:ubuntu-users@lists.ubuntu.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">ubuntu-users@lists.ubuntu.com </a> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users</a> </blockquote></div> -- Serg </blockquote></div> -- Serg