I made my VM think it has a CPU fan

Ensuring user privacy and data security is a central theme.

Malware Evasion Techniques and Detection

A significant portion of the discussion revolves around the technical methods malware employs to avoid detection and analysis, and how security software attempts to counter these.

"Using such tricks might seem like a cute way for malware to make analysis difficult, but often times calling these obscure system APIs can be detected statically, and you bet that it will flagged as suspicious by AV software." - lpapez
"It won't stop less sophisticated malware, but running stuff inside of a VM can definitely have viruses kill themselves out of fear of being \ analysed." - jeroenhd
"The folks behind xz util within libzma aspire to cause the amount of damage companies like ClownStrike and SolarWinds have caused." - xyst
"Malware has bugs. In fact some viruses have done far more damage than the author intended due to bugs." - hinkley
"Mitre ATT&CK's T1497.001 (VM Detection) lists SMBIOS checks as a known vector means its open for injection anyways." - b0a04gl

Virtualization and Sandboxing for Security

The conversation frequently touches upon the use of virtual machines (VMs) and sandboxing as a security measure, with debate on their effectiveness and limitations.

"So, from a security perspective, maybe we should run all software inside a VM then?" - amelius
"you'd lose things like hardware acceleration." - jeroenhd
"This is increasingly less true. SR-IOV and S-IOV are becoming increasingly common even in consumer hardware and OS manufacturers are increasingly leaning on virtualisation as a means to protect users or provide conveniences." - OneDeuxTriSeiGo
"But then you have your "VMs" accessing the real hardware, so the benefits of the VM reduce if not disappear. You literally can't have the cake and eat it too." - AshamedCaptain
"Microsoft is even now provides full ephemeral Windows VM "sandboxes". The feature that came with them that surprised me was that they support enabling proper GPU virtualisation as well." - OneDeuxTriSeiGo
"Or perhaps the other way around? That is making VMs totally unaware they've been virtualised, as I believe IBM's lpars work…" - bear8642
"How about set it to default "Asus", and computer shop has tool to override it" - mrheosuper

System Information Falsification (SMBIOS, etc.)

A significant portion of the discussion explores the manipulation of system information, such as SMBIOS data, to fool malware or security analysis tools.

"The trick is to become a company like "CrowdStrike", get your crappy software that runs at kernel level signed, then you can run all of the "suspicious" calls to sys apis all you want. Forget determining if it’s a VM or not." - xyst
"I am yet to see any consumer-oriented motherboard where SMBIOS descriptions have even a passing relationship to the actual hardware." - AshamedCaptain
"I'd even call them "counterproductive" for the malware authors!" - lpapez
"My guess is that people who build their own PCs probably don't care about SMBIOS serial numbers being properly populated, so why bother?" - gruez
"But that’s smol pp way of thinking. We can do better." - This quote and its associated discussion highlight a debate about profanity and tone in technical discourse.
"Can we remove casual body shaming from our language please?" - photon_garden
"i hate every last thing about what people in this world have become. i would like to ask for an asteroid the size of the one that killed the dinosaurs to strike the earth at the same velocity and at the same angle as that one. immediately. our species is an enormous failure." - naikrovek
"This reminds me of how having the right SMBIOS was necessary to create a working Hackintosh. There are so many of these relatively obscure APIs which have been added to the PC over the years, which are often overlooked by those writing virtualisation software, and malware and other VM detection software often tries to poke at them to see how real they look." - userbinator
"A next step to making the VM look real is having simulated temperature sensors that actually change in response to CPU load." - userbinator
"Maybe adding some VM like flags to throw off some malware?" - ajd555
"I feel like we could make our operating system more secure and make things easier for researchers by simply making a normal OS look like a virtual machine. Any program that needs to access resources in a non-virtualized way would have to ask for permission first." - Grimblewald
"There are so many of these relatively obscure APIs which have been added to the PC over the years, which are often overlooked by those writing virtualisation software, and malware and other VM detection software often tries to poke at them to see how real they look." - userbinator

Code Signing Certificates and Trust

The reliability and security of code signing certificates are questioned, particularly concerning their misuse by malware.

"Malware is signed surprisingly often these days, you can't rely on malware companies not to sign their binaries anymore. Hacked code signing certificates seem to be all over the place and Microsoft seems very reluctant to revoke trust out of fear of actually breaking their original customers' software." - jeroenhd
"AFAIK most (all?) code signing CAs are cracking down on this (or maybe Microsoft is pushing them) by mandating that signing keys be on physical or cloud hosted HSMs." - gruez
"It's a change to the CA rules that was passed in \ https://cabforum.org/2022/04/06/ballot-csc-13-update-to-subs... to align OV certificate requirements with the EV ones (that enforces the use of HSMs/hardware tokens/etc) that was meant to go into effect for new certificates issued after November 2022, but was delayed and eventually implemented on June 1 2023." - Deathmax

System Configuration and Hardware Quirks

Users discuss various quirks and inconsistencies in system configurations, hardware implementations, and adherence to standards, impacting software behavior and detection.

"I normally think PC cases are gaudy and boring even when trying to evoke some style. That stuff in Streacom website however makes me want to build something with it." - irusensei
"But that’s smol pp way of thinking. We can do better." - This quote and its associated discussion highlight ethical considerations in language usage during technical discussions.
"If you want to fuck up surveillance capitalism, you send plausible but wrong information to the trackers. There are a zillion ways to do this: let one through now and again and replay it, do a P2P browser extension that proxies you and someone near you through each other, subtly corrupt it, bounce it off a mullvad node. The possibilities are endless." - benreesman
"The problem is not the fan, it’s the fan controller on the motherboard. I doubt a nonfancy fan controller will bother to drop off the bus/whatever if it doesn’t have fans connected, and the comment by 'patrakov upthread seems to confirm this." - mananaysiempre
"The computer knows there's a fan because it sees tacho output. If it doesn't see tacho, shrug. You can get an external temperature-controlled PWM controller for a few units of your local currency on AliExpress, steal 12V from somewhere (Molex header or whatever) and run the fans off that. Figure out where to put the temp sensor to get the desired effect." - theodric
"I haven't bought a computer cooled by a fan in over 13 years." - 1vuio0pswjnm7
"The computer knows there is a fan because it knows when there isn't a fan. By subtracting where there is a fan from where there isn't a fan, or where there isn't from where there is (whichever is greater) it obtains a difference, or deviation..." - KokomoIsALie
"I worked in PC stores for a long time and never had any such access to such a tool. Sounds like something only the big OEM's would get honestly." - theshackleford
"It's mentioned in some ASUS docs, but it's not available on their support anywhere. Probably reserved for big OEMs, yeah." - smileybarry
"If the OEM hadn't messed up and reused UUIDs, it would be "Microsoft letting companies do whatever they want with their device", which is not unreasonable. OEMs reusing UUIDs for some ridiculous reason is breaking down the chain of "whose device is it"." - sweetjuly
"I still can't believe that microsoft allows companies to essentially brick machines they don't even own like that. Seems criminal to me." - snickerdoodle12
"If you buy a motherboard to build your own (or any, even if it is for someone else) PC, you are the OEM." - dragonwriter
"I did one little expirement on faking VM's powersupply. done it with 'HotReplaceable=Yes' and 'Status=OK', and you suddenly look like a $5k baremetal server." - i did one little expirement on faking VM's powersupply. done it with 'HotReplaceable=Yes' and 'Status=OK', and you suddenly look like a $5k baremetal server.

User Experience and Permissions Models

The discussion also touches on user experience related to software permissions and system access, drawing parallels to mobile operating systems.

"It happened on mobile because Android (dunno iOS's permission model well enough) is more on the developers' side than the user's side, or at least they're more concerned with everything just working (for some values of "just work") than with giving users a chance to make sure that things don't work that the users don't want to work." - JadeNB
"Every app would have a long permissions dialog. Every app would want to read your CPU fan for no good reason (just as another piece of fingerprint) so you'd get use to clicking accept so you could use any apps at all. The malware would still get through. This already happened on mobile." - immibis
"Either way, everyone except the malware creators wins." - Grimblewald
"I prefer the software I run to know its place, but there are enough people who enjoy multiplayer games that hate cheaters more than they hate what amounts to spyware." - orthoxerox