Subscribe: Comments on: Undetectable hypervisor rootkit challenge
http://rdist.root.org/2007/06/28/undetectable-hypervisor-rootkit-challenge/feed/
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
code  contest  guess  joanna  nate lawson  pcs times  pcs  probability  sleeps  social engineering  times  zanon zealous  zanon  zealous 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Comments on: Undetectable hypervisor rootkit challenge

Comments on: Undetectable hypervisor rootkit challenge



Embedded security, crypto, software protection



Last Build Date: Wed, 12 Nov 2014 00:43:48 +0000

 



By: Nate Lawson

Sat, 11 Aug 2007 17:59:22 +0000

The contest hasn't occurred yet. Based on the code we'd written and the New Blue Pill code Joanna released, our checks would have detected BP. She would then have a chance to review our code, change NBP to detect our particular detector, and this would go on indefinitely (same as AV ecosystem). Joanna has moved on from talking about whether hiding/detecting is possible to "detectors are just hacks and will be too complex to use in the real world". The changing terms of the debate are frustrating, but a natural outcome of the fact that there is no actual virtualized malware in the world.



By: Nate Lawson

Sat, 11 Aug 2007 17:58:12 +0000

KubuS: I believe your comment should be addressed to atomico only. I didn't say the particular order of guesses (right/wrong) mattered. Your comment regarding 5 PCs versus 2 PCs 5 times doesn't make sense. Remember, the goal was to protect against random guessing, assuming in the latter case that both PCs were fully reverted back to their original state (to keep each round fully independent). If you have 2 PCs and one of them has BP and one does not, a single guess is binary (left or right has BP), 50% probability. With 5 PCs and each of them has BP or not, each PC is a binary guess (BP or not), 50% probability. Probability-wise, these are EXACTLY the same.



By: KubuS

Wed, 08 Aug 2007 03:31:59 +0000

Peter, for the record, she is Polish not Russian. I don't support the idea of paying any money on the development of BluePill for the contest, however. atomico and Nate: Conditional probability while flipping a coin when the sequence DOES NOT matter? Were you sleeping on classes on the subject or what? It doesn't matter if you guess right 3 times in a row, and than 2 times wrong, or the other way around. There is NO connection between those events, so in this case there is a big difference if you use 5 PCs at once or 2 PCs 5 times in a row. Such probabilities are not comparable. I'm curious about the outcome of this contest though.



By: Zanon Zealous

Fri, 06 Jul 2007 20:30:55 +0000

2 dk: Right you are, my dear friend!)))) IMHO, this very SE tool is very popular amoung our superstars)))



By: dk

Fri, 06 Jul 2007 12:50:49 +0000

2Zanon Zealous: She is expert in social engineering. =) This PR action about "blue pill" is one of SE tools =)))



By: Zanon Zealous

Fri, 06 Jul 2007 07:43:36 +0000

Joanna, I'm with you! My experience tells me that it's rather easy to trick most of AV progs))) Not 100%, of cource)) But enough to do the job ;-) And then.. well, let them detect)))) I tested my tool with the most popular AV progs some days ago)) The results are as the following: Symantec - Sleeps... Kaspersky - Sleeps... Panda - Sleeps... Avast - Sleeps as well... BitDefender - Sleeps... And only NOD32 is a little bit nervous))) One more thing I want to say is that the lion's share of success falls on so called social engineering)) The primary target to trick is USER, not AV prog!