Make bare Windows look like it's VM [closed]
Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).
Are there any solutions for that? Or is it even a bad idea for some reason?
windows virtual-machine malware anti-malware
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
closed as unclear what you're asking by harrymc, DavidPostill♦ Jan 23 at 17:15
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).
Are there any solutions for that? Or is it even a bad idea for some reason?
windows virtual-machine malware anti-malware
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
closed as unclear what you're asking by harrymc, DavidPostill♦ Jan 23 at 17:15
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
interesting to hear from those who didn't like the question – why?
– LogicDaemon
Jan 23 at 16:24
You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.
– music2myear
Feb 8 at 0:29
@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.
– LogicDaemon
Feb 8 at 15:46
add a comment |
Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).
Are there any solutions for that? Or is it even a bad idea for some reason?
windows virtual-machine malware anti-malware
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).
Are there any solutions for that? Or is it even a bad idea for some reason?
windows virtual-machine malware anti-malware
windows virtual-machine malware anti-malware
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
asked Jan 23 at 10:00
LogicDaemonLogicDaemon
1,30411329
1,30411329
closed as unclear what you're asking by harrymc, DavidPostill♦ Jan 23 at 17:15
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by harrymc, DavidPostill♦ Jan 23 at 17:15
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
interesting to hear from those who didn't like the question – why?
– LogicDaemon
Jan 23 at 16:24
You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.
– music2myear
Feb 8 at 0:29
@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.
– LogicDaemon
Feb 8 at 15:46
add a comment |
interesting to hear from those who didn't like the question – why?
– LogicDaemon
Jan 23 at 16:24
You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.
– music2myear
Feb 8 at 0:29
@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.
– LogicDaemon
Feb 8 at 15:46
interesting to hear from those who didn't like the question – why?
– LogicDaemon
Jan 23 at 16:24
interesting to hear from those who didn't like the question – why?
– LogicDaemon
Jan 23 at 16:24
You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.
– music2myear
Feb 8 at 0:29
You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.
– music2myear
Feb 8 at 0:29
@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.
– LogicDaemon
Feb 8 at 15:46
@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.
– LogicDaemon
Feb 8 at 15:46
add a comment |
1 Answer
1
active
oldest
votes
Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.
If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.
For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.
answered Jan 23 at 11:59
lx07lx07
594311
I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.
– LogicDaemon
Jan 23 at 16:23
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.
If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.
For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.
answered Jan 23 at 11:59
lx07lx07
594311
I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.
– LogicDaemon
Jan 23 at 16:23
add a comment |
Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.
If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.
For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.
answered Jan 23 at 11:59
lx07lx07
594311
I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.
– LogicDaemon
Jan 23 at 16:23
add a comment |
Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.
If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.
For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.
answered Jan 23 at 11:59
lx07lx07
594311
Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.
If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.
For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.
answered Jan 23 at 11:59
lx07lx07
594311
answered Jan 23 at 11:59
lx07lx07
594311
answered Jan 23 at 11:59
lx07lx07
594311
answered Jan 23 at 11:59
lx07lx07
594311
594311
I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.
– LogicDaemon
Jan 23 at 16:23
add a comment |
I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.
– LogicDaemon
Jan 23 at 16:23
I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.
– LogicDaemon
Jan 23 at 16:23
I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.
– LogicDaemon
Jan 23 at 16:23
add a comment |
interesting to hear from those who didn't like the question – why?
– LogicDaemon
Jan 23 at 16:24
You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.
– music2myear
Feb 8 at 0:29
@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.
– LogicDaemon
Feb 8 at 15:46