10
2
A lot of malware these days is able to detect when it is running virtualized under VMWare, VirtualPC, WINE, or even in a sandbox such as Anubis or CWSandBox.
This essentially means that malware will often "hold back" or not function maliciously when running in a virtual environment in order to thwart analysis of its true intentions.
My thought is then, why not make your PC appear as if it is virtualized? Does anyone know how I might be able to go about this?
3Is simply "run your OS in a VM or hypervisor" too obvious an answer? – Marc Gravell – 2009-07-25T21:13:51.217
Because I want to make the pc's in my environment appear to malware as if they are a VM. By doing this, my hope is that malware that chooses not to run inside of a VM (to prevent analysis) will assume this is system is virtualized, and therefore simply an analysts testbed...and not run itself. It's part of a defense-in-depth strategy...just an additional layer. – None – 2009-07-26T17:39:54.793