Full Disclosure mailing list archives
Re: Imaging Operating Systems
From: S G Masood <sgmasood () yahoo com>
Date: Wed, 26 May 2004 15:10:10 -0700 (PDT)
--- Shawn Cox <shawn.cox () pcca com> wrote:
Norton/Symantec Ghost PowerQuest Drive Image(I think Norton gobbled this one up) Or for the truly crafty vmWare.
Yeah. And do remember that though VMware is the platform of choice for many testlabs, malware can change its behaviour when it detects that it is being run in a VMware virtual machine. For example, see this short but interesting article about how to detect a Virtual OS from a VXers point of view - http://29a.host.sk/29a-7/Articles/29A-7.011 I personally have not come across any malware which changes its behaviour when it detects VMWare, but, since it's relatively trivial, it may become standard practice in the near future. -- S.G.Masood -- "Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it."
--S ----- Original Message ----- From: "Michael Schaefer" <mbs () mistrealm com> To: "Full-Disclosure" <full-disclosure () lists netsys com> Sent: Wednesday, May 26, 2004 1:55 PM Subject: [Full-disclosure] Imaging Operating SystemsHi all We are building a Windows test system, to try outtool bars, spy ware,malware and trojans on. Once we learn what we need to know, we obviouslywant to get rid of thejunk quickly and cleanly. I keep hearing suggestions about having a "cleanimage" to transfer ontothe computer. Can anyone send some details? Is there an official Microsoft way to do this? Is some sort of over the network OS installationscript in order here?Are there other vendors that do a better job? Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Imaging Operating Systems Michael Schaefer (May 26)
- RE: Imaging Operating Systems Charles Schmidt (CSIS) (May 26)
- Re: Imaging Operating Systems Shawn Cox (May 26)
- Re: Imaging Operating Systems S G Masood (May 26)
- Re: Imaging Operating Systems defiance (May 26)
- Re: Imaging Operating Systems Ondrej Krajicek (May 27)
- Re: Imaging Operating Systems Curt Purdy (May 28)
- Re: Imaging Operating Systems Frank Knobbe (May 28)
- Re: Imaging Operating Systems Epic (May 27)
- Re: Imaging Operating Systems James Riden (May 26)
- RE: Imaging Operating Systems Lionel Hendricks (May 26)
- Re: Imaging Operating Systems Sam Sharpe (May 26)
- Re: Imaging Operating Systems vertex (May 26)
- Re: Imaging Operating Systems Nick FitzGerald (May 27)