Comment Re:Another "news for tabloids" article. (Score 1) 107
install it in a VM instead, or does it detect that one as well?
Since TFA (more than TFS) mentions that these various attacks are in response to the virus "realising" that it is running in a "sand box" type environment, then I's expect it to detect many un-stealthed VM environments too.
I read TFA for about 5 minutes before I came across something remotely interesting. I got it that the malware had substantial checks to make it *harder* for an investigator (virus researcher, forensics investigator after a break-in) to understand what the virus is doing, and that the virus writer wasn't particularly interested in hiding from the user, but in avoiding being analysed by specialists. Fixing an MBR - trivial. User's home directory encrypted - well whoopie-dee, as if that's going to faze a decent investigator (they'll probably put the home directory on the network and sniff to record write instructions but not necessarily carry them out). So that's a [SHRUG]. But this
If Rombertik detects an instance of Firefox, Chrome, or Internet Explorer,
So, virus writers really are getting over the IE monopoly? I hadn't noticed, not having used Windows for myself for several years, and not having used IE for even longer, if at all possible to use anything else.