Make bare Windows look like it's VM [closed]












-2















Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).



Are there any solutions for that? Or is it even a bad idea for some reason?










share|improve this question













closed as unclear what you're asking by harrymc, DavidPostill Jan 23 at 17:15


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.



















  • interesting to hear from those who didn't like the question – why?

    – LogicDaemon
    Jan 23 at 16:24











  • You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.

    – music2myear
    Feb 8 at 0:29











  • @music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.

    – LogicDaemon
    Feb 8 at 15:46
















-2















Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).



Are there any solutions for that? Or is it even a bad idea for some reason?










share|improve this question













closed as unclear what you're asking by harrymc, DavidPostill Jan 23 at 17:15


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.



















  • interesting to hear from those who didn't like the question – why?

    – LogicDaemon
    Jan 23 at 16:24











  • You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.

    – music2myear
    Feb 8 at 0:29











  • @music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.

    – LogicDaemon
    Feb 8 at 15:46














-2












-2








-2








Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).



Are there any solutions for that? Or is it even a bad idea for some reason?










share|improve this question














Knowing that some malware protects itself by restricting malicious functionality in VMs, and also for testing, I'd like to fake this protection on bare hardware, with little or no overhead (so not running real VM).



Are there any solutions for that? Or is it even a bad idea for some reason?







windows virtual-machine malware anti-malware






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 23 at 10:00









LogicDaemonLogicDaemon

1,30411329




1,30411329




closed as unclear what you're asking by harrymc, DavidPostill Jan 23 at 17:15


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.









closed as unclear what you're asking by harrymc, DavidPostill Jan 23 at 17:15


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.















  • interesting to hear from those who didn't like the question – why?

    – LogicDaemon
    Jan 23 at 16:24











  • You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.

    – music2myear
    Feb 8 at 0:29











  • @music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.

    – LogicDaemon
    Feb 8 at 15:46



















  • interesting to hear from those who didn't like the question – why?

    – LogicDaemon
    Jan 23 at 16:24











  • You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.

    – music2myear
    Feb 8 at 0:29











  • @music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.

    – LogicDaemon
    Feb 8 at 15:46

















interesting to hear from those who didn't like the question – why?

– LogicDaemon
Jan 23 at 16:24





interesting to hear from those who didn't like the question – why?

– LogicDaemon
Jan 23 at 16:24













You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.

– music2myear
Feb 8 at 0:29





You would need to identify the specific methods the malware uses to detect it is running on a VM and give it the information that makes it believe the computer is a VM. With this same effort you can just use regular antivirus. You'd have to know how each and every virus does this, and you'd have to keep up with updates as the virus writers learn of your efforts and work on their own to circumvent them. This question is a bad fit here because it is simply too broad to be able to be answered specifically and empirically.

– music2myear
Feb 8 at 0:29













@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.

– LogicDaemon
Feb 8 at 15:46





@music2myear it's only broad if there's no ready-made reasonable solution. Also, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. So that's implied in the question – there's no 100% reliability. It's actually similar to asking about something to fight viruses in general, only difference is there is existing group of software for that called antiviruses. I'd like to sim VM. Forget malware.

– LogicDaemon
Feb 8 at 15:46










1 Answer
1






active

oldest

votes


















2














Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.



If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.



For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.






share|improve this answer
























  • I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.

    – LogicDaemon
    Jan 23 at 16:23




















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.



If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.



For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.






share|improve this answer
























  • I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.

    – LogicDaemon
    Jan 23 at 16:23


















2














Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.



If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.



For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.






share|improve this answer
























  • I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.

    – LogicDaemon
    Jan 23 at 16:23
















2












2








2







Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.



If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.



For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.






share|improve this answer













Probably you can't fake it in a generic way. There are too many places that a program could look to identify if Windows is running as a VM and it is not always easy or even possible to change them. For example they may look at systeminfo, or names of hardware devices.



If it was using wmic to check Win32_BaseBoard.Manufacturer as "Microsoft Corporation", "VMWARE" or "Oracle Corporation" for example then it is not possible to update this information.



For an individual program you could try to trace how it is identifying whether it is running as a VM and depending how you may be able to fool it (a MAC address for example) but for testing it would probably be easier (and safer) to just run in a VM.







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 23 at 11:59









lx07lx07

594311




594311













  • I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.

    – LogicDaemon
    Jan 23 at 16:23





















  • I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.

    – LogicDaemon
    Jan 23 at 16:23



















I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.

– LogicDaemon
Jan 23 at 16:23







I agree about testing part. I also agree about 100% reliability – even if all current info is fake-able, different VMs have different strings and detection methods, and badly written malware may just fail to detect even a proper unexpected VM (like if author only bothered to detect vmware and MS VPC, it may fail to detect VirtualBox), let alone the simulation. The general question still stands in that case tho.

– LogicDaemon
Jan 23 at 16:23





Popular posts from this blog

How to make a Squid Proxy server?

Is this a new Fibonacci Identity?

19世紀