Anyone mention that a sandbox is a bit like the Matrix? In a way a sandbox is to a virus, what the matrix is to Neo.
How can Neo find out he's inside the matrix, there are hardly any symptoms, apart from some glitches maybe.
If viruswriters will adept this strategy to check for sandboxes(and they will) it is for AV companies to act on that.
So AV companies have to be creative aswell as viruswriters have to be....
Point being, if sandboxes are essential to AV companies they will have to adjust their sandboxes or else abandon it's concept.
What kind of adjustments could one make:
1 prevent detection of sandbox
2 prevent "exit-ing" by the virus from the sandbox
Ad 1. One way to prevent detecting could be to add a virtual layer by creating a virtual OS inside a sandbox as to camouflage the fact that the virus is being executed inside a sandbox.
(the matrix inside the matrix)
Else abandon the sandbox concept and create an alternative. For instance... one could imagine creating a virus with an monitoring function as to find out malware and analyse it? (Somewhat like "agents" in the matrix.)
-- Just being philosophical. --
Thanks for the link to the redistributable version, I hate these downloading installer things.
-= Too much knowledge never leads to a simple conclusion. =-
Slashdot Mirror
Anyone mention that a sandbox is a bit like the Matrix? In a way a sandbox is to a virus, what the matrix is to Neo. How can Neo find out he's inside the matrix, there are hardly any symptoms, apart from some glitches maybe. If viruswriters will adept this strategy to check for sandboxes(and they will) it is for AV companies to act on that. So AV companies have to be creative aswell as viruswriters have to be.... Point being, if sandboxes are essential to AV companies they will have to adjust their sandboxes or else abandon it's concept. What kind of adjustments could one make: 1 prevent detection of sandbox 2 prevent "exit-ing" by the virus from the sandbox Ad 1. One way to prevent detecting could be to add a virtual layer by creating a virtual OS inside a sandbox as to camouflage the fact that the virus is being executed inside a sandbox. (the matrix inside the matrix) Else abandon the sandbox concept and create an alternative. For instance... one could imagine creating a virus with an monitoring function as to find out malware and analyse it? (Somewhat like "agents" in the matrix.) -- Just being philosophical. --
sharp analysis.
Thanks for the link to the redistributable version, I hate these downloading installer things. -= Too much knowledge never leads to a simple conclusion. =-