Dailydave mailing list archives
Re: VPC
From: Thierry Zoller <Thierry () Zoller lu>
Date: Sat, 23 Feb 2008 01:41:44 +0100
Dear Jared, True, the confusion is simply one of measurement - I was unclear about "better". When I said "better", I meant the resitance against detection. In my eyes a sandbox that is detectable has only limited usefulness - at least in automated systems. Some malware I've seen is actively detecing cwsandbox, sandboxie, norman and vmware and is taking a different execution path and logic from there on. If you try to detect malware using sandboxes in an automatic fashion, that's a bad prerequisite. -- http://secdev.zoller.lu Thierry Zoller _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- VPC Dave Aitel (Feb 21)
- Re: VPC Kurt Baumgartner (Feb 22)
- Re: VPC John H. Sawyer (Feb 23)