To: tacticalogic
>
Figure out what tests it's running and then figure out how to lie to it. Well, yes, of course. ;-)
The problem is that if it's smart, it won't let you intercept the fact that it's running a test. That's somewhat more challenging in these days of multiple cores and threads, but it can usually be done.
A very interesting problem in either direction.
35 posted on
05/07/2015 7:58:01 PM PDT by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: dayglored
The problem is that if it's smart, it won't let you intercept the fact that it's running a test. That's somewhat more challenging in these days of multiple cores and threads, but it can usually be done. I think you should be able to mitigate some of that by running it in a VM.
38 posted on
05/07/2015 8:05:04 PM PDT by
tacticalogic
("Oh, bother!" said Pooh, as he chambered his last round.)
To: dayglored
The problem is that if it's smart, it won't let you intercept the fact that it's running a test. That's somewhat more challenging in these days of multiple cores and threads, but it can usually be done. They should at least be able to get a read on the outbound payload. If you've got that, you might not be able to prevent the malware from getting in, but you can stop whatever data it's collected from getting back out.
41 posted on
05/07/2015 8:09:19 PM PDT by
tacticalogic
("Oh, bother!" said Pooh, as he chambered his last round.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson