Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
the next paragraph is extracted from an article of infosecurity
Blockquote
Around 18% of malware detects virtual machines and stops executing if it arrives on one; however, four out of five malware samples will run on virtual machines, meaning that these systems need regular protection from malware as well.
I don't understand why virus stops if they detect virtual machine ?
is that to avoid being analysed by tools like cukoo or there is another reason ?
Indeed this is done to prevent security analysis. However, such prevention becomes more rare, as more and more systems are virtualized and stopping operations would make it impossible for malware to infect the virtualized system.
Yes malwares prevent them self to run on virtual machines so a malware analyst cannot monitor its behavior. Malware author detects the virtual environment in there code and they put checks in their code so that if they found that they are running in a VM then they stop themself to do malicious behavior. These type of malwares also known as polymorphic malwares.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I set up a virtual machine with Ubuntu Server edition.
When I boot it up, the output from the console appears on VirtualBox's virtual screen. This means the machine is wasting resources trying to display output on a screen. It's just a text terminal, I know, but it still requires resources. Why waste them when I'm going to only access remotely through PuTTY?
I know that VirtualBox can start a virtual machine in "headless" mode, but I fear it will just disable VirtualBox's output window, with no real impact on the virtual machine itself.
My questions are:
Will my virtual machine still detect a monitor attached when it runs in headless mode?
If so, how big is the performance impact of this situation? Is there any way to avoid it?
It does not require any additional resources. Just a tty device and a blocking getty process which requires no CPU resources and which has would both have been created anyway. (Every Linux system that I know starts 6 ttys by default).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I am a Windows 7 user and now I want to use linux. However I am beginner for linux. Currently I have linux mint in a usb and load it from there. The problem is, it doesn't save stuff like everytime I have to enter my wifi password, or change the default search to google, etc etc. Now I am thinking of installing ubuntu alongside windows. Now after googling a little I realized that I can do it in 2 ways: Using a windows installer, or Using something called a virtual box. My question is, which option should I choose and why? What is a virtual box anyway? Also, is this the right link? I need the 64 bit version. Shall I choose the first one?
virtual box allows you to run an OS over the one you are currently working in. You must download virtual box for windows those links are for linux,ubuntu etc.. You might wanna use http://dlc.sun.com.edgesuite.net/virtualbox/4.3.6/VirtualBox-4.3.6-91406-Win.exe link instead.
The issue with a virtual machine is that it is running your native OS and another "virtual" OS; as you can imagine, this can be slow. Booting up your virtual OS also takes longer seeing as you functionally need to boot two OSs rather than one.
In terms of dual booting (installing an OS alongside your native OS -- in this case Windows), the resultant OS typically will run faster and won't be bogged down as much. If you have a lot of RAM you might not notice the speed loss though. That being said, it is much easier to install multiple virtual machines than it is to install multiple OSs; your hard drive won't be chaotically partitioned since virtual machines don't need separate partitions.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I'm currently doing some database benchmarking on a virtual machine running Ubuntu 12.04. I've noticed that the second time I execute a query it runs significantly faster. This ist most likely due to the OS caching that just keeps all the data in main memory. To keep the cache from screwing up my measurements I thus want to clear it between subsequent runs.
I found the following commands to achieve this on the google:
sync;echo 3 > /proc/sys/vm/drop_caches
and
sysctl -w vm.drop_caches=3
which all yield in a permission denied error even when I'm logged in as root. It seems like it is just not possible to clear the system's cache from the guest system. I guess this is because it uses the hosts cache. As I don't have access to the host I have to find a workaround. Currently I have two ideas.
First idea is to reboot the machine between runs as this clears the cache. As I want to perform a couple dozen runs I really need to automate this. So I could put a program into autostart let it perform a query and reboot and continue with the next query on the next startup. Feels like writing a virus though.
Second idea is to just flood the memory with other data. As my machine has quite a bit of RAM i would e.g. generate some large file of random data an just read it into /dev/null.
So finally my question is, has anyone a better idea to clear the cache, or maybe avoid the usage of the cache all together? Or has anyone some suggestions on how to implement one of my two ideas easily?
Thank you very much in advance,
Antigo
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
If the host machine has antivirus, antimalware, etc. then I would think the virtual machine accesses the Internet through the host, and doesn't need its own protection. Is that correct?
There aren't any reported cases of a breach wherein a vm which begins running malicious code is able to infect a host. However, theoretical concerns have been raised over this very issue. Worse, if a vm gets infected, it will likely end up running a bot that will scan your network (including possibly the host) and could easily discover a hole in your defenses.
So, even if you don't care much about the vm, it is highly advisable to engage in a rigorous strategy of protecting those machines with AV software and scheduled updates. It can be challenging if you don't turn the systems on that often. So, it's generally a good idea to schedule a time every few weeks that you turn on all vm/images and get them all up to date.
If you'd mention a particular virtual host vendor or package, more specific advice may be available as for how to go about developing your vm security protocol.
you should treat the virtual machine as if it were a real machine.
give it some protection.
If you use the virtual machine to do actual work besides testing - yes it should have antivirus, because it might jump over to the main machine if you move a file there. If it's just for sandbox testing of a program, you don't need antivirus or anything else, simply because you can always wipe the virtual harddrive.
No, Virtual machines will need the same treat as the real machine. But if you are not going to use it, I suggest you to turn on backups. It'll be easier to recover if your virtual machine has backups.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Is there a htop/top on Linux where I get to sort processes by network usage?
NetHogs is probably what you're looking for:
a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.
Since NetHogs heavily relies on /proc, most features are only available on Linux. NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes...
Also iftop:
display bandwidth usage on an interface
iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?"...
iptraf is my favorite. It has a nice ncurses interface, and options for filtering, etc.
jnettop is another candidate.
edit: it only shows the streams, not the owner processes.
ntop or nagios
Check bmon. It's cli, simple and has charts.
Not exactly what question asked - it doesn't split by processes, only by network interfaces.
Another option you could try is iptstate.