On 28/04/14 12:00, Chris Walker alug_cdw@the-walker-household.co.uk wrote:
I've just downloaded and installed a copy of Robolinux on a spare desktop machine. It says that it's a replacement for Windows XP as it will keep the Windows stuff secure without fear of a virus or malware.
I paid a few dollars for the basic version as I thought I would be able to configure the XP stuff myself. But it seems they want me to pay for more of it first.
But then the thought occurred to me that I might be able to do all this stuff with VirtualBox anyway. This is the link to the info about the secure bit - http://www.robolinux.org/stealth-vm-info/
There's a video on the site showing how a virus attacks the VM. What I find more than a little annoying is that it says I can do this for free and yet there's no way to get past the donation page.
The question remains though. Is this special software or simply a cunning bit of configuration of a virtual machine on the part of Robolinux?
Interesting - not looked at Robolinux before. I fear making claims such as: "A Windows keylogger, virus or malware cannot attack a native Linux application." and "Windows Viruses and Malware do NOT attack Linux file systems." is just asking for trouble - I can hear the shouts of 'Challenge accepted!' already :-/
Many virii already detect VM environments and self-destruct to avoid the reverse engineering teams who study them, it's only a short step from there to breaking out of the VM via it's 'convenience features' such as drag/drop file transfer, guest-based tools, file shares and clipboard support to infect the host.. game over. Made easier with robolinux using the popular VirtualBox platform too.
I've just spent half an hour trying to find their source code: given it's largely built on a GPL Debian base they are obliged to publish their code under GPL too - nothing found. So I've asked on their official support forum if they are open source or not - if they admit to not I'll shop 'em to gpl-violations.org, if they are, I'll ask for the code and notify gpl-violations.org anyway.
Phil (in hacker/legal mode today!)