Dailydave mailing list archives

Re: VPC

From: Thierry Zoller <Thierry () Zoller lu>
Date: Sat, 23 Feb 2008 01:41:44 +0100

Dear Jared,
True,  the  confusion  is  simply  one  of measurement - I was unclear
about "better". When   I  said  "better",  I meant the resitance against
detection. In my eyes a sandbox  that  is detectable has only limited
usefulness - at least in automated systems.

Some malware I've seen is actively detecing cwsandbox, sandboxie, norman and vmware
and is taking a different execution path and logic from there on. If you try to
detect  malware  using  sandboxes in an automatic fashion, that's a bad
prerequisite.

-- 
http://secdev.zoller.lu
Thierry Zoller

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

VPC Dave Aitel (Feb 21)
- Re: VPC Jared DeMott (Feb 21)
  - Re: VPC Thierry Zoller (Feb 22)
    - Re: VPC Thierry Zoller (Feb 22)
    - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC Andrew R. Reiter (Feb 22)
    - Re: VPC Eduardo Tongson (Feb 22)
    - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC Thierry Zoller (Feb 23)
    - Re: VPC Joanna Rutkowska (Feb 25)
    - Re: VPC dan (Feb 25)
    - Re: VPC Joanna Rutkowska (Feb 25)
    - Re: VPC Kurt Baumgartner (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
- Re: VPC Thorsten Holz (Feb 21)
  - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
  - Re: VPC Halvar Flake (Feb 27)
- Re: VPC Thierry Zoller (Feb 22)

(Thread continues...)