Full Disclosure mailing list archives

Re: Imaging Operating Systems

From: S G Masood <sgmasood () yahoo com>
Date: Wed, 26 May 2004 15:10:10 -0700 (PDT)


--- Shawn Cox <shawn.cox () pcca com> wrote:

Norton/Symantec Ghost
PowerQuest Drive Image(I think Norton gobbled this
one up)

Or for the truly crafty vmWare.



Yeah. And do remember that though VMware is the
platform of choice for many testlabs, malware can
change its behaviour when it detects that it is being
run in a VMware virtual machine. 

For example, see this short but interesting article
about how to detect a Virtual OS from a VXers point of
view -  http://29a.host.sk/29a-7/Articles/29A-7.011

I personally have not come across any malware which
changes its behaviour when it detects VMWare, but,
since it's relatively trivial, it may become standard
practice in the near future.

--
S.G.Masood

--
"Fools ignore complexity; pragmatists suffer it;
experts avoid it; geniuses remove it."


--S

----- Original Message ----- 
From: "Michael Schaefer" <mbs () mistrealm com>
To: "Full-Disclosure"
<full-disclosure () lists netsys com>
Sent: Wednesday, May 26, 2004 1:55 PM
Subject: [Full-disclosure] Imaging Operating Systems

Hi all

We are building a Windows test system, to try out

tool bars, spy ware,

malware and trojans on.

Once we learn what we need to know, we obviously

want to get rid of the

junk quickly and cleanly.

I keep hearing suggestions about having a "clean

image" to transfer onto

the computer.

Can anyone send some details?

Is there an official Microsoft way to do this?

Is some sort of over the network OS installation

script in order here?


Are there other vendors that do a better job?

Thanks

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Imaging Operating Systems Michael Schaefer (May 26)
- RE: Imaging Operating Systems Charles Schmidt (CSIS) (May 26)
- Re: Imaging Operating Systems Shawn Cox (May 26)
  - Re: Imaging Operating Systems S G Masood (May 26)
  - Re: Imaging Operating Systems defiance (May 26)
  - Re: Imaging Operating Systems Ondrej Krajicek (May 27)
    - Re: Imaging Operating Systems Curt Purdy (May 28)
    - Re: Imaging Operating Systems Frank Knobbe (May 28)
  - Re: Imaging Operating Systems Epic (May 27)
- Re: Imaging Operating Systems James Riden (May 26)
  - RE: Imaging Operating Systems Lionel Hendricks (May 26)
- Re: Imaging Operating Systems Sam Sharpe (May 26)
- Re: Imaging Operating Systems vertex (May 26)
- Re: Imaging Operating Systems Nick FitzGerald (May 27)

(Thread continues...)