Blog: Opinions

Thought you had seen FUD? Now see this: a rock can protect your computer from viruses

Ken Munro 22 May 2015


The fear, uncertainly and doubt employed by many security vendors marketing departments to push product riles me, but I get used to it. Then I saw this last night.

Seasoned infosecurity professionals incredulous that anyone could make such a claim about a lump of rock

Spotted (I think) by @florbrasiko

I’m not here to comment on the effectiveness of alternative therapies, but b******t such as the above makes me really angry. Maybe malachite does have EMF reducing properties, but if you want to reduce electromagnetic radiation, use a Faraday Cage or similar shielding. Reducing EMF will not reduce viruses and malware, unless blocking RF will result in your Wi-Fi connection dropping and you no longer have access to the internet!

Experiment time!

According to the logic in the article, malachite will improve effectiveness of your existing anti-virus. I decided to try a little experiment, admittedly totally empirical & it only concluded when I got bored, decided it was too silly and went to the pub for lunch instead.

I took the metasploit HTTPS reverse shell, dug out a few samples from previous work and evaluated detection rates on A/V in a local VM

Veil-evasion was the only framework to consistently prevent detection. So, could we improve it with malachite?

As instructed, I warmed the malachite in my hand, soaked up negativity from the office (sorry, think they meant cynicism!) and circled my laptop with the stone


As can be seen above, the malware sample ran fine and the connection back worked. I added some extra malachite to my laptop to see if that would help matters. It didn’t.

I then wondered if I was doing something wrong, so figured we could try malachite as an in-line filter on my network connection.

Network Stone

That didn’t change much either

I wanted to try micro-sandboxing the samples with malachite to see if that would help, but couldn’t get the rocks inside my laptop without causing extensive damage or grinding them in to a powder and pouring in to the CPU vents. I figured the laptop wouldn’t work for long after that, so I guess the malware wouldn’t have run for long…

What did I learn from this experiment?

That malachite does not substitute or augment anti-virus

That Veil-evasion is still a really cool framework and does not require a template for evading malachite-based detection :-)

That FUD about security extends beyond vendors

That it’s Friday and it’s time for a pint