Implementing malware with VMs – Subvirt

Microsoft Research (MSR) along with University of Michigan have an interesting paper that showcases a new type of malware specifically for Virtual Machines and hosts running the VM’s (Hper-V, VMWare Server, etc). This malware installs a monitor underneath the host of the VMs as a Virtual Machine Monitor (VMM). All VMM’s run in Ring 0 (kernel mode).

Essentially this is similar to a rootkit and they call this a VM based rootkit (VMBR). A VMBR looks to get itself installed underneath the host and essentially runs the target OS as guest. It needs to manipulate the boot sequence to load it self before the ‘guest’ OS. This allows them to run silently with the ‘guest’ OS not even aware of their presence. Of course this makes their detection quite difficult (if not impossible) by the ‘guest’ OS.

They go on to implement a couple of prototypes which subvert both XP and Linux. The paper discusses ways to detect and prevent VMBR’s such as such as security software running even below the VMBR in an isolated layer which is not controlled by the VMBR. Another option is to boot up from a ‘safe’ medium like a ROM drive or a secure VMM which won’t stop a VMBR, but can at least help detect it.

Linux Hater blog

I was looking for something else and came across the Linux Hater Blog. I am not a Linux hater (am writing this on Ubuntu). Some people might think this is funny, but there is a dark undercurrent running in the posts. I honestly stopped reading after a couple of posts. I don’t know why is there so much hate against Linux in this blog.

Am surprised by the negativity on the blog. I am no Linux expert and am more comfortable in Windows, but having used more of Ubuntu (9.04 and 9.10) over the last few weeks for my studies has made be appreciate some aspects even more. Is it perfect? Of course not, and nor is Windows or OS X or insert-your-favourite-OS-here. Maybe I should try and start a blog hater blog.

Suggestions on how best to configure Permalink Settings?

Any suggestions how best to configure the Permalink settings in WordPress? I still need to fix all my old links from this blog when it was running on Community Server 2007. CS 2007 use to use something like /archive/year/month/day/unique-id. Is that the best way to go now as well or are there better and more flexible options?

Also I tried using the %tag% field, but it does not like it and had to revert to using %categories% as you probably can see. Again, any suggestions there?

Add-in recommendation for displaying code in a post?

I searched and found a lot of WordPress addins/widgets for displaying code in a post and was wondering if there are any recommendations? I need to be able to show XML, C++, C, C# primarily. F# and Haskell would be nice but not essential.

Update: Also should be able to use Windows Live Writer when posting the code. Am I asking for too much here? 🙂

Goodbye Community Server; Hello WordPress

After thinking about it for a long time and then wanting to do it for probably an even longer time, I have finally moved this blog to WordPress from Community Server. Overall the move was mostly painless and did not have to write any code to move the posts and tags over which was excellent. I would have loved to write some code to do that, but I don’t have much bandwidth these days so anything I could use (as a user) without writing code or customizing is just great.

I will post the details on how I did the move in a few days. I know there are many others out there wanting to move from Community Server to WordPress and as part of the move I took some screenshots so watch out for that.

I also had to move hosting providers as the place where this blog was earliest hosted is a Microsoft only shop and they did not offer PHP and MySQL. So there might be a few things still breaking or missing. For example, I still need to figure out how to redirect the url from the old url (/weblog/amit) to the new one (/blog/amit). I think WordPress has a built in option and there is also a plug in available. Of course, there is also the .htaccess file which I can use. Let me know if you have any recommendations on which is the best way to go about this based on your experience?

So far am quite pleased with WordPress and happy with the move. 🙂

%d bloggers like this: