While reading the trapkit blog, my attention was drawn to the following post: Commercial usage of ScoopyNG. ScoopyNG, in case you didn’t know about it before, is a proof of concept tool to detect VMWare. In the post the author of ScoopyNG details how the makers of a commercial product (Atempo Time Navigator) use the code and asked him for permission to do so which he says is very nice, and I agree.
However :-), my question here is: why does a backup software need to know if it is being run inside of a VM? Such measures, besides slowing down (not stopping, mind you), the perceived threat have a lot of negative impact:
- It slows the product down with unnecessary code
- It can lead to the application being detected by security software (much the same way as packing your application can)
- It can annoy legitimate users who want to use a VM to test the product
My message to all of the companies is: don’t overthink the security of your products. It hurts and annoys users and doesn’t generate revenue (someone who pirates your product is very unlikely to buy it, even if s/he is prevented from using it without paying – it is much more likely that s/he will use a competing product which can be used for “free”).