-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Jul 13, 2017 at 04:45:35PM -0700, pixel fairy wrote: > On Friday, July 7, 2017 at 1:20:10 PM UTC-7, Chris Laprise wrote: > > > > I know Joanna's reservations about VM introspection, but this > > Bitdefender introspection example is interesting nonetheless: > > > > > > https://businessinsights.bitdefender.com/hypervisor-introspection-defeated-enternalblue-a-priori > > > > > > Im curious about these reservations. is it the attack surface?
Yes, at least two kinds: 1. Enabling API for reading VM memory break VM isolation - misbehaving monitoring VM can steal any secret and you'll never know 2. Parsing VM memory (operating system structures, application structures etc) is very complex - VM that know it is monitored can try exploit the parsing code; then go to point 1 for example As for examples what could possibly go wrong when adding anti-virus parsing whatever it can find, see here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1252 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZaAoTAAoJENuP0xzK19csCqgH/RkDFLyKmIlzqasHgDp61WNE D1r5F9UfjMYYlQCaw8niupdFrdzl13TDfZGvPsZenQ6V1Z+wglPgu5Wu4CRWt7m8 9iJ++xWqLMalEP8bz5tphXT9mpXvdhPWH/xzeABLrD97JnDenL+lNWU5pgmDwev4 WxIzqEjElJb3jp5z2iM4AS+dyFtZKYMrLbupp8Bx7qWRLLwxI3/lWCH5XGwvgNDO 5KSagseX5m9D05RfV4lEetq+kXT+RUxvyIQmOfgPWGmYUPuFk9AoQ7WODdQEgdmp H1AflTbFvS6vQ6iImM4KFodtf7NmgHWJwlNyxiBJpPwZBykUzYPDcymlXNIzxyw= =voU1 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170714000227.GH1095%40mail-itl. For more options, visit https://groups.google.com/d/optout.