VMWare future looks very exciting

What i already thought,no experienced/knowledgeable VM users here at wilders though,understand that as the use of a usb Wacom Tablet is not everybody's business.

 

In general, I agree with that, but as VM usage spreads, I suspect there may be some holes that turn up.

Even with Linux in a vm, there is still the risk of sending on mals in documents or e-mails recieved from an MS user.

 

It's always the same with any software. As long the software isn't a target, the software is safe to use, until it becomes a target. The fact that some malware keep themselves quiet, when running in VM, is the beginning.

 

Again, why bother targeting VM's when most users can't even use some common sense with their AV?

The VM aware malware was designed to make it harder for malware researchers to study them as it is industry practice to run honeypots in VMs.

 

That doesn't make any difference. You like to believe, it won't happen, just like all these Linux users, who think they are safe forever. Software is there to be compromised, it's just a matter of dates.

 

It takes a more sophisticated attack.

 

Hey Huupi, i'm not sure i understood you. What are you trying to do?

 

Indeed, VM is just a new challenge for the bad guys and there is always someone, somewhere in the world, who will write such malware and give it to the less skilled malware-writers, who will increase the quantity of such malware by writing variants.

 

Because bigger companies(and quite educated as well) behind VM networks are a nice target,the gains these bad guys can get to corrupt the VM defence are huge.I guess VMWare company and his allies will in for a hard time in the future.

 

As far as i can see only problem will be my USB Wacom Tablet because from my readings only SERIAL graph.tablets are supported. I wil install VM workstation anyway and see how far i can get. Will report back.

 

There needs to be a distinction between what the real world malware trends are and what is essentially intellectual masturbation here at Wilders.

What percentage of users use VMs (or classical HIPS, smart behavior blockers, linux etc). Would it make sense to code for this when the great majority use (and rely entirely) on AV. Does it make sense to concentrate on breaking VMs (HIPS, linux etc) rather than AV detection?

Lets look at some of the malware activites associated with the POC attacks often discussed at Wilders.

Have a look at http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.SandboxCharts for the 30 day stats

6 / 1 191 000 made VMware checks
consider this in the context of what you are saying regarding attacks on virtual machines

0 / 1 191 000 installed rootkits
consider this in context of how much discussion goes on here about sophisticated rootkits

11/ 1 191 000 made windows firewall updates
consider this in context of the attention given to POC leaktests. Only 11 made some kind of attempt to screw around with the default firewall, how many will bother with 3rd party ones?

What about malware trying to evade AV's? Lets look at the most popular method of using a packer as a proxy for this.

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.PackerStatistics

In the last 30 days, 98% of all malware used a packer.

The point is, despite the attention we give to POC leaktests, theoretically conceivable rootkits and malware targeting VMs, the reality is that malware writers are really concentrating on evading protection from AVs. Once they do that, they will get the great majority of users. Any additional effort to get the more security conscious users is not well spent. Forget about trying to cover every theoretical base. Focus on real world trends and minimizing risks associated with these trends.

Companies generally use VM's for two reasons. 1) Malware research 2) Operational efficiency for firms whose core business is IT service provision.
VM checking is designed to prevent malware being analyzed in scenario 1.

I've never heard of a firm that uses VMs to contain malware on desktop computers. The model employed by most firms is to have strong perimeter security using firewall and virus scanning at the gateway. Endpoint is generally AV. Firewall for laptops as they are taken outside the perimeter

 

Relax man ! Your stament that VM is mainly used for malware research and IT service provision is simply not true.As per statements from VMWare itself,companies in all kinds of business from governments to banks and everything inbetween are using VM,and the numbers are growing ( self advertising ha ha),but truth is that future wise still more companies adapt to virtualisation for their infrastructure,networks etc.Big players like Microsoft and Intel are preparing for it,so we can expect quite naturally that malwarewriters will all the more often target these virtual environments.

 

I should have googled 'USB Wacom Tablet' before, sorry.
I didn't know what you were talking about.

 

Quite true, has always been the key target market.

What features aren't working and what workarounds have you found looking around?

 

I am relaxed but thanks for considering my stress levels. VMware is marketing as many applications for their product as possible. Reality is that at this point in time, virtualization is been used to either research malware or to improve hardware efficiency. There are other more creative uses such as using it as an alternative to imaging and endpoint access management etc that VMware is trying to sell their product as. However, the idea that companies and governments are using it to isolate malware is not true.

The MS technology is distinct from VMware and works much more closer to the hardware level. If MS does roll it out, malware attacks will look at this bare metals virtualization implementation rather than the hosted model used in VMware.

 

I never meant to say that their main objective is malware prevention,its a side benefit of using VM. This technology knows many advantages but initially their interest was and is cost effective deployment/management(hardware efficiency) of their infrastructure.Like you said current use of VM is also in malware research.....but thats not my point !

I think its inevitable that because of the many benefits with Virtualisation it will destinied to become mainstream in the near future and likewise become a main target for the bad guys as is obvious.

 

Yes it will become mainstream, but for what purpose? If it is not for malware isolation/containment, it won't be targeted for malware writers.

 

Like i said virtu. is much more then only cost efficiency in deployment alone but prevention of malware to enter your huge networks has also to do with cost efficiency in managing your infrastructure so virtu.will fit nice in using it this way among others,and if it become the main protection then surely it shall be target for malware writers.

 

Yes different view on technological development then.

 

as always allowed,thanks we live in a free world.