On Tue, 25 Apr 2006, Nick Holland wrote:
> On Tue, Apr 25, 2006 at 07:32:41AM -0500, Dave Feustel wrote:
> > This question comes to mind as a result of my reading just now
> >
> > VM Rootkits: The Next Big Threat?
> > By Ryan Naraine
> > March 10, 2006
> >
> > http://www.eweek.com/article2/0,1895,1936666,00.asp
>
> Not much that can be done.
> As has always been said, if someone has physical access to the box, Game
> Over. VMs just give someone a new way to have "physical" access to the
> box.
>
> Now, if only we could do away with the myth that an OS can really find
> problems within itself (such as malware scanners that claim to "fix"
> problems on infested machines). Since that won't go away, I guess it
> isn't surprising that people expect that a guest OS can detect or deal
> with a problem on the host OS.
Yeah, it's sad but true. A related myth is that running an OS inside
a VM increases security. I would argue to opposite:
Instead of having the potential to exploit bugs in hardware, os and
userland code, I get the extra oppurtunity to exploit bugs in the VM
layer as well!
-Otto
