[Q] Detecting virtualisation

Slav — Fri, 30 Mar 2007 09:20:00 GMT

I think that it it not practically possible to detect reliably, using a piece of code, that the code is running inside a virtual machine.

But apparently there are ways to make a good guess - for example, by looking at the devices that are typical for certain VM environment (like S3 Trio64 video card in MS VPC), or virtual machine extensions installed in the guest OS.

This time I have two questions:

Any other ways to detect that the code is running in a VM?
Why malware tries to do that? It does, according to Sandi Hardmeier, a great spyware fighter and a MVP.

There's a reason I'm asking. I believe that VM technology will help a lot bypassing an endpoint security system in a targeted attack. Virtualisation is an interesting and welcome change in the world of information security - and hacking.

[Q] IP-connected fire alarm bell?

Slav — Thu, 08 Mar 2007 09:23:00 GMT

Can anyone please recommend me a decent Ethernet/Wi-Fi and IP-connected fire alarm bell? Something that looks like this:

- and is easily... invoked from Windows and Linux scripts?

Risque Management : Problems

[Q] Detecting virtualisation

[Q] IP-connected fire alarm bell?