> How does once check for the presence of a VM from inside the VM
for example by enumerating the connected PCI devices and looking for common VM vendors virtual devices.
>Doesn't that defeat the purpose of the VM to begin with
that depends on your use-case. If it's about separating mostly trusted applications and/or servers, then absolutely not.
If it's about investigating known-bad code, then, yes, absolutely - malware is often intentionally disabling itself when it detects it's running in a VM.
Theoretically speaking you can make a VM that is indistinguishable to a real computer. In reality most VM solutions do not attempt to do so. For example, many install specialized drivers to communicate to the host that can be readily checked.
for example by enumerating the connected PCI devices and looking for common VM vendors virtual devices.
>Doesn't that defeat the purpose of the VM to begin with
that depends on your use-case. If it's about separating mostly trusted applications and/or servers, then absolutely not.
If it's about investigating known-bad code, then, yes, absolutely - malware is often intentionally disabling itself when it detects it's running in a VM.