 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
- In reference to honeypots, is the detection of VMware a bad thing? Okay, the attacker gains access and identifies the system is using VMware. Lots of legitimate organizations use VMware, the economics of virtualization can be a big motivator. In fact, this will potentially grow. So, I would contend that the detection of VMware does not automatically mean honeypot. - If an attacker does detect VMware, and assume its a honeypot and leaves the system, does this mean that VMware is potentially more secure for production systems? - If attackers or automated threats do begin running automated detection mechanisms for VMware, would it not then be possible to put those very same signatures into legitimate systems, so threats now avoid them? I'm not attempting to downplay the detection issue, but just some random thoughts. lance On Nov 16, 2004, at 16:35, Kurt Seifried wrote: Computer BIOSOne way to identify VMware systems is by their BIOS, there are a number of free windows utilities that can query the BIOS for information and even extract a copy of the BIOS from the VMware system. The good news is that from within Windows NT/2000 you cannot easily access the BIOS and send commands as direct access to the hardware is blocked. You can however easily query the BIOS for information from within the guest operating system you will be given the following information:
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.