On Monday, January 16, 2017 at 2:38:40 PM UTC-5, Alex wrote: > Has it ever been considered a feature the fact that all of the activity > of a user in Qubes OS happens in a VM, from the point of view that a lot > of malware has anti-debugging features that usually alter their > behaviour when they detect they are run in a VM? > > I don't have any statistic data for malware having such protections, and > I believe that some anti-debugging features just compare hardware cpu > timers to better discern an actual debugging session from a running VM > (otherwise, this could prevent the malware from running on vps > platforms). But it could be a nice side effect... > > -- > Alex
probably, I know some malware will do this if detects user running monitoring programs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cb50900c-1ad1-4c16-9b2b-a03ee324bdec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
