Backups [was Re: Is tape dead?]

Liam Proven lproven at
Sun Sep 20 05:57:17 CDT 2015

On 20 September 2015 at 05:58, John Foust <jfoust at> wrote:
> Someone's demonstrated you can hide in the firmware of hard drives.

And access the hypervisor layer of an OS in various ways from programs
executing inside a VM.

So, for instance, much malware self-inactivates if it detects that
it's running inside a guest instance, so that anti-malware
investigators cannot examine its behaviour.

What is now being investigated (doubtless by both sides) is malware
that can inject code into the hypervisor from within a guest. Once
you've reached x86-64 Ring -1, then you're a god, you can do anything
you like to any VM and no anti-malware in the VMs can prevent it.

There is also research into using the increasingly industry-standard
remote-management features in core chipsets to hide or distribute
malware, again out of reach of any OS-level task.

And there is the very controversial claim of malware that could
transmit itself from machine to machine using speakers and microphone.

It's a jungle out there, with all that that implies about parasitism,
zombieism, concealment and stealth and creepy disgusting infections
that hide for a lifetime then apparently explode out of nowhere.

Liam Proven • Profile:
Email: lproven at • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven at • Skype/AIM/Yahoo/LinkedIn: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

More information about the cctalk mailing list