Blue Pill Myth Debunked

njyoder writes "As previously posted about, Joanna Rutkowska claimed to have discovered an allegedly undetectable vulnerability in Vista that takes advantage of AMD cpu's virtualization capabilities. a virtualization professional (Anthony Liguori of the Xen project) has now voiced his opinion to state this is bunkum. There are two parts two this — the ability to take over the machine and seamlessly drop the OS into a VM (which is very difficult, but possible) and the ability to have windows run in the VM undetectably (which is impossible). In fact, Rutkowska's prototype is VERY detectable. This is unfortunate mistake that people make when they jump to conclusions based on what is unfounded speculation and that includes the assumption that this would somehow be Vista specific, if it worked (noting that Vista doesn't run with administrator privileges by default)."

Detection

[CastrTroy]

I think the problem is not whether or not it can be detected by a professional, or a malware detection program, but whether or not it can be detected by the user of the computer. If you can run the entire OS in a VM, without the user knowing, then there's a lot of stuff you can do that would probably be a lot harder to do if you were just running regular malware. Although it's reassuring that this wasn't as bad as we expected, I still expect to see a few exploits that use this method to install malware, and spy on what the user is doing.