
Ask HN: How do I prevent programs actively detecting they're running in a VM? - CoelacanthsKill
Example: &quot;Lockdown Browser&quot; will not start because it detects it&#x27;s running in a VM. It will not start if Windows is running compatibility mode for a different Windows version.
======
greenyoda
This article discusses various ways of detecting if a program is running on a
VM:

[https://stackoverflow.com/questions/498371/how-to-detect-
if-...](https://stackoverflow.com/questions/498371/how-to-detect-if-my-
application-is-running-in-a-virtual-machine)

Some of the methods used, like checking the manufacturer ID of the hardware,
seem like they can't be easily circumvented.

~~~
13of40
At the end of the day, you pretty much need a kernel mode agent that hooks a
couple dozen syscalls, but it's largely doable if you have a team of engineers
at your disposal. Malware detonation shops like FireEye do it.

~~~
eps
Generally - yes, but there's also (cpuid[1] & 0x80000000) test.

[https://en.wikipedia.org/wiki/CPUID#EAX.3D1:_Processor_Info_...](https://en.wikipedia.org/wiki/CPUID#EAX.3D1:_Processor_Info_and_Feature_Bits)

------
wslh
My company developed many lockdown tools but, in general, there is no way to
develop an infallible method since at the end your application can be reverse
engineered and run in a modified way. The techniques are oriented to
inexperienced people in the security field.

------
nivertech
Physicalization [1] - use a separate machine instead of a VM

\--

[1] Physicalization - the opposite of virtualization

[https://en.wikipedia.org/wiki/Physicalization](https://en.wikipedia.org/wiki/Physicalization)

~~~
CoelacanthsKill
Yeah, I was thinking about just partitioning my drive to use just for this
shit that I'm required to run.

~~~
nivertech
Dual boot is less secure than two separate machines. Back in the old days I
was able to capture and pass data from one OS to another via non-volatile CMOS
registers on diskless machines.

------
seanwilson
Is there a good reason why it doesn't want to run inside a VM?

