Blog: Opinions

Thought you had seen FUD? Now see this: a rock can protect your computer from viruses

Ken Munro 22 May 2015

malachite-anti-malware

The fear, uncertainly and doubt employed by many security vendors marketing departments to push product riles me, but I get used to it. Then I saw this last night.

Seasoned infosecurity professionals incredulous that anyone could make such a claim about a lump of rock

https://gadean.de/sigi/malachite-anti-malware.html

Spotted (I think) by @florbrasiko

I’m not here to comment on the effectiveness of alternative therapies, but b******t such as the above makes me really angry. Maybe malachite does have EMF reducing properties, but if you want to reduce electromagnetic radiation, use a Faraday Cage or similar shielding. Reducing EMF will not reduce viruses and malware, unless blocking RF will result in your Wi-Fi connection dropping and you no longer have access to the internet!

Experiment time!

According to the logic in the article, malachite will improve effectiveness of your existing anti-virus. I decided to try a little experiment, admittedly totally empirical & it only concluded when I got bored, decided it was too silly and went to the pub for lunch instead.

I took the metasploit HTTPS reverse shell, dug out a few samples from previous work and evaluated detection rates on A/V in a local VM

Veil-evasion was the only framework to consistently prevent detection. So, could we improve it with malachite?

As instructed, I warmed the malachite in my hand, soaked up negativity from the office (sorry, think they meant cynicism!) and circled my laptop with the stone

malachite-Protection

As can be seen above, the malware sample ran fine and the connection back worked. I added some extra malachite to my laptop to see if that would help matters. It didn’t.

I then wondered if I was doing something wrong, so figured we could try malachite as an in-line filter on my network connection.

Network Stone

That didn’t change much either

I wanted to try micro-sandboxing the samples with malachite to see if that would help, but couldn’t get the rocks inside my laptop without causing extensive damage or grinding them in to a powder and pouring in to the CPU vents. I figured the laptop wouldn’t work for long after that, so I guess the malware wouldn’t have run for long…

What did I learn from this experiment?

That malachite does not substitute or augment anti-virus

That Veil-evasion is still a really cool framework and does not require a template for evading malachite-based detection :-)

That FUD about security extends beyond vendors

That it’s Friday and it’s time for a pint