Blayne Sucks

Virtual machines have been a big thing for the last several years, particularly in the server environment. They also have some interesting implications from a security standpoint. For example, with a virtual machine it would be possible to get more data on malware, viruses and security breaches as they run. This could be done regardless of what they do to hide themselves to the host operating system. Virtual machines would also increase the ability to recover from attacks. It would be possible to save an image of a system that was up and running fine as a backup and then cut over to it as soon as something went wrong.

Of course, as with any new technology, there are potential security problems. For example: The Blue Pill. Maybe I am a little late to the party in finding out about this, but it’s the first one I’ve found. I’m not entirely familiar with AMD’s SVM technology, but it’s probably something worth learning more about. I’m interested in seeing how virtual machine based malware is addressed. What happens if the system is already running on a virtual machine? Is there really any way to detect the Blue Pill on a running system in which it resides?