malware detects VM use and prevents execution

This presentation discusses new techniques associated with malware detecting the use of a virtual machine. Researchers typically examine malware on virtual machines. If malware can detect use of a virtual machine and then prohibit execution, reverse engineering the malware becomes a little bit more difficult. Could this mean running a thin client connected to a desktop virtual machine might be more secure? Perhaps, but I think it will be more likely to result in some really bad malware should any of the virtual drivers or virtualization software have any vulnerabilities discovered. It is a bit disappointing still that the virtual machines can be detected (beyond just the drivers saying “vmware display driver,” for instance. Then again, it might be asking a little too much to expect VMs to be indistinguishable from physical systems.