Attacking Sandboxes 110
SkiifGeek writes "Many anti-malware applications use a sandbox as a tool to help identify potentially malicious software. Now knowledge is spreading about techniques and methods that can allow sandboxed software to target the sandbox itself (and by extension the application that applied it). While attacks that specifically target sandboxing applications are probably a little way off, this technology can be considered the logical extension of techniques and procedures to identify the presence of hosted systems (VMWare, Virtual PC, etc.)."
Old news (Score:4, Informative)
"Thwarting Virtual Machine Detection" is a nice paper on virtual machine detection.
Re:Sandbox the sandbox (Score:3, Informative)
Does that mean the use is restricted to the users own computers or any others that has the correct interface and software which is able to send the key-fob data to the bank's server at the correct time?
A password will work with *any* computer, but a piece of hardware, whether key-fob or biometric scanner will only work with a computer that has the correct software installed on it. That software would have to be standardized and work with every OS and all hardware that can at present access the bank's systems wit a password. All security, computer or physical, ultimately based on something you know, or something you have or both.