I just got back from Black Hat 2007 Las Vegas, where I wasco-presenting with Nate Lawson and Thomas Ptacek regarding detection ofhypervisors. Previously, we had asked Joanna Rutkowska to prove her"100% undetectable" claim, but she had declined. However, we did manageto prove that our methods work.
Joanna agreed that the TLB timing method that I first described in detailin 2006 works against BluePill. As she understood it, though, shethought that I presented it as a 'foolproof method for "BluePilldetection"'. While I did present it as a foolproof method, I didn'trefer to BluePill at all: I said that it would reliably detect ahypervisor, which it does. That it detects BluePill is a corollary.
At the forum last week, she said that it can be defeated, but hermethod to do so is to single-step the code following the RDTSCinstruction. That assumes, of course, that RDTSC is the instructionthat is used as the time source. No need for that - RDMSR of MSR 10hwould work just as well, or in fact as would any other clock (and thereare lots of those, as we showed). Besides, the single-stepping opensother avenues for detection, since the instruction timings are off. Thecounter-claim is that if the detector knows what the proper timingsshould be, then the hypervisor can implement them, too. That's true,but only for the next hypervisor. The first detector, which is releasedafter the first hypervisor, has the advantage in that respect, and thathypervisor will be detectable forever.
Even Joanna admits that the stepping method is weak. So, 100%undetectable malware? Not even close. Detecting the detector? Not goingto work. And with hardware-based hypervisors on the horizon, no onewill be swallowing the BluePill.