Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [inbox] Re: Virtual Machine Trojans: a new type of threat?

From: "Exibar" <exibar () thelair com>
Date: Sat, 18 Apr 2009 12:25:23 -0400
You're not correct, sorry.  Or maybe you're just confused about the
question... 
  I don't know of any AV products running on the host operating system that
will scan within a virtual machine.  You have to run AV on the virtual
machine itself in order for anything downloaded to be scanned/cleaned.

  What products do you claim that only have to be installed on the host
machine? 

  Exibar 

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Peter Ferrie
Sent: Friday, April 17, 2009 5:10 PM
To: full-disclosure () lists grok org uk
Subject: [inbox] Re: [Full-disclosure] Virtual Machine Trojans: a new type
of threat?


When a user downloads a virtual machine from the Internet, and then
runs it on his/her computer, the antivirus installed in the host machine
simply does not have access to the virtual machine, so the virtual machine
does not get scanned.


That is simply not true.  AVs can see inside VM images, and scan the files.
The user can also install the AV inside the VM, which will also see the
files.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: