> How does once check for the presence of a VM from inside the VM
for example by enumerating the connected PCI devices and looking for common VM vendors virtual devices.
>Doesn't that defeat the purpose of the VM to begin with
that depends on your use-case. If it's about separating mostly trusted applications and/or servers, then absolutely not.
If it's about investigating known-bad code, then, yes, absolutely - malware is often intentionally disabling itself when it detects it's running in a VM.
Theoretically speaking you can make a VM that is indistinguishable to a real computer. In reality most VM solutions do not attempt to do so. For example, many install specialized drivers to communicate to the host that can be readily checked.
pilif|6 years ago
for example by enumerating the connected PCI devices and looking for common VM vendors virtual devices.
>Doesn't that defeat the purpose of the VM to begin with
that depends on your use-case. If it's about separating mostly trusted applications and/or servers, then absolutely not.
If it's about investigating known-bad code, then, yes, absolutely - malware is often intentionally disabling itself when it detects it's running in a VM.
lifthrasiir|6 years ago