If you make your machine look like a malware execution sandbox, a lot of malware will terminate to avoid being analyzed. This is just part of the cat and mouse game.
Yea sophisticated malware checks how many CPU cores PC has, how much hard drive space, some even check hardware temperature or if any debuggers are present. Windows malware got pretty sophisticated in the last 30 years.
I'm not a reverse engineer or a white hacker but I like reading about it. Most of the malware is made for Windows OS because of the Windows' enormous market share.
Majority of information about Windows malware I get from big computer security companies' research blogs like:
Majority of the research combes down to researching malware's capabilities regarding malware persistence, anti-VM techniques and anti-debugging techniques.
Here is for example good compilation of malware's anti-debugging and anti-VM techniques:
IIRC the extensions pack has a (very limited) free license for personal and educational use, although I'm not sure if the 'pretending to be a sandbox' usecase would be covered.
To be fair the vast, vast majority of exploitation that we see (especially in the news) comes from sub-par security setups and poor training/architecture. That’s no even going into security monitoring which most companies don’t or barely have.
Zero days account for very small amount of exploitation in comparison and by definition are unpatched so I think the commenter was right to point out the basics.
> If you make your machine look like a malware execution sandbox, a lot of malware will terminate to avoid being analyzed. This is just part of the cat and mouse game.
What? This is an entirely separate concern. If you have a Russian input method installed, malware will terminate to avoid legal repercussions.
They seem to be offering this as another means of getting the malware not to run. I don't read it strictly as an explanation of the Russian keyboard thing.