funsec mailing list archives
Re: Malware plays Defense
From: Valdis.Kletnieks () vt edu
Date: Fri, 05 Oct 2007 11:15:24 -0400
On Fri, 05 Oct 2007 09:09:22 EDT, der Mouse said:
Software cannot tell when it's running under emulation, if the emulation is sufficiently good; this just means that VMware is not "sufficiently good" for those purposes. There must be something they're not emulating correctly (where "correctly" here means "the way real hardware does it").
Right. The problem is that some pieces are really hard to emulate well enough.
Perhaps someone should approach the VMware people about producing a version that *is* "sufficiently good"?
There may be hardware issues that prevent it. You basically have 2 ways you can do a virtual machine: 1) Software emulate each opcode, which allows (at least in theory) a 100% chance of doing a perfect emulation, but which comes with some nasty performance hits. 2) Let the software run natively, but in a box that traps all traps and privileged opcodes and emulates those. This allows it to run at near-hardware speed, but has a hardware-dependent issue: You're screwed if there's a non-privileged opcode that will reveal which ring or privilege level you're running in (as you need to be in a lower-priv ring than expected in order to cause the traps and interrupts that drive the emulation). The 32-bit x86 architecture is *known* to not be fully virtualizable, as are earlier 64-bit from both AMD and Intel. So basically, if you're on an x86 chipset that doesn't have the VM extensions, you're *known* to be screwed, and the jury is still out on whether the VM extensions are sufficient, or if there's still errata and loopholes.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Malware plays Defense Gregory Hicks (Oct 05)
- Re: Malware plays Defense der Mouse (Oct 05)
- Re: Malware plays Defense Brian Loe (Oct 05)
- Re: Malware plays Defense Valdis . Kletnieks (Oct 05)
- Re: Malware plays Defense der Mouse (Oct 05)