[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Making Qemu/KVM more undetectable to malwares
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] Making Qemu/KVM more undetectable to malwares |
Date: |
Wed, 2 Mar 2016 10:22:18 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 |
On 02/03/2016 04:07, Yang Luo wrote:
> And how about this idea. I found out that lots of malware will detect
> the presence of hypervisors and refuse to refuse to execute their real
> code in a VM. The malwares do this to prevent security engineers from
> analyzing their code under a VM. Lots of detection methods have been
> proposed for many years. But hypervisors seem to not care about this issue.
>
> So what do you think about making Qemu/KVM more undetectable to
> malwares? Is this idea viable?
KVM already allows you to disable CPUID leaves specific to hypervisors.
As you said, other detection methods for hypervisors exist, and patches
are welcome to thwart them. :)
However, while it is definitely a nice project and we would appreciate
it, it doesn't sound like the kind of research that you would publish in
academic venues.
Paolo