[Dailydave] VPC

[Thierry Zoller]

Dear Jared,
True,  the  confusion  is  simply  one  of measurement - I was unclear
about "better". When   I  said  "better",  I meant the resitance against
detection. In my eyes a sandbox  that  is detectable has only limited
usefulness - at least in automated systems.

Some malware I've seen is actively detecing cwsandbox, sandboxie, norman and vmware
and is taking a different execution path and logic from there on. If you try to
detect  malware  using  sandboxes in an automatic fashion, that's a bad
prerequisite.

-- 
http://secdev.zoller.lu
Thierry Zoller