VM detection is of limited use

[jpbarraca]

Describe the Bug The Virtual Machine detection function tries to determine if the software is running on a host with some "blacklisted" Manufacturers and Models (VMWare, Virtualbox,...). However this verification is fragile as these strings can be changed in the virtualizer, or additional products can be used (ex, QEMU). This allows running SEB on a VM, easily bypassing the VM detection function.

Steps to Reproduce Steps to reproduce the behavior:

1. Run windows on QEMU
2. Install SEB
3. Run SEB
4. It runs correctly and no error is provided.

Expected Behavior SEB should detect that it is running on a VM and an error message should be provided.

Screenshots

Version Information

• OS: Any windows
• SEB-Version: 2.3

[Enrico204]

There are a lot of challenges to the VM detection, but I agree that a stronger detection mechanism is needed. For example, checking specific instructions (for example MMX registries presence) or particular IO ports may be feasible. I think that there are a lot of libraries for this :-)

(more info: https://www.cyberbit.com/blog/endpoint-security/anti-vm-and-anti-sandbox-explained/ or Google)

[danschlet]

SEB 3.x implements improvements in VM detection, but some of the new code introduced false positives. We close this issue for now, you can create a new one for SEB 3.0 (seb-win-refactoring repository) if you think the improvements are not sufficient.

[Yoruiopz]

why? do you want to ruin it for millions of people?