Discussion Board

Topic: Taylor Algorithms rediscovered

From: Jim Rayfield
Location: CT, USA
Date: 07/15/2007

http://en.wikipedia.org/wiki/Taylor_algorithms_(fiction)


http://www.beskerming.com/commentary/2007/07/15/218/Destroying_Sandboxes

"In a sign that malware that targets sandbox environments is not far off, detailed code and analysis have been released that give developers a means to probe around while inside the sandbox. Previous attempts at identifying the presence of virtual machines has been targeted at applications like VMWare and Virtual PC, with little attention paid to those created by anti-malware software for analysis of files on end user systems (which is different to the use of VMWare and Virtual PC in the antivirus lab)."

Re: Taylor Algorithms rediscovered

From: Greg Bear
Date: 07/16/2007

Hmmm... But can these malware apps determine what kind of chip or motherboard the system is using, based on analysis of internal characteristics, and not some ID code embedded in the chip? That would be a true Taylor algorithm!

Re: Taylor Algorithms rediscovered

From: Jim Rayfield
Location: CT, USA
Date: 07/16/2007

There's additional discussion at: http://it.slashdot.org/article.pl?sid=07/07/15/2116215

Since no VM will be perfectly faithful to the system it's emulating, I guess it's the usual tug-of-war between the defenders and attackers. As long as the VM reports status to the outside, there is a potential attack path (same as for Jarts :-). The malware can exploit bugs in the VM to attack it, and possibly break through. You can probably learn a lot by measuring how long operations take. Of course the VM could virtualize the clock also....

Respond to this discussion

May we post your correspondence on this site?
Yes
No
IMPORTANT: For form verification, type the following number in the box below: 75




See Also...

Archives: [Oct-Dec 2004] [Jan-June 2005] [July-Dec 2005] [Jan-June 2006] [July 2006] [Aug-Dec 2006] [2007] [2008] [2009] [2010] [2011] [2012] [2013] [2014] [Current] [Search Blog Archives]