Can the accessed website detect if i'm using a Virtualized like machine vmware, vbox, etc?

Question

If i access an website, it can detect if im using a virtual machine ?

More specifically an Vmware image?

And if the website is able to.. How can i prevent it?

Thankful, Chinchila

Answer 1

The accepted answer is not exactly correct. This can sometimes be done even simply using JavaScript by detecting your screen resolution to detect a windowed operating system as explained here: http://carnal0wnage.attackresearch.com/2009/04/detecting-vmware-with-javascript-or-how.html

or by detecting your MAC address (VMware uses fixed MAC ranges) as explained here: http://jeremiahgrossman.blogspot.co.il/2009/08/web-pages-detecting-virtualized.html

To circumvent these problems, don't use re-sized windows and change your machine's MAC address. There are other ways to detect you are in a VM using JAVA applets maybe ActiveX plugins and probably other things as well...

Answer 2

There are few ways to determine whether you are on a Virtual Machine and below are the most used

1. Through WebGL: WebGL is a Javascript API that comes with the browsers like Google Chrome, Firefox, etc. This will leak the GPU name and the Vendor name of the renderer. While using a Virtual Machine, It will leak different rendered data than while using the browser on a physical machine. For example, Google Chrome shows Renderer's name as "Google SwiftShader"(It is used on machines without 3D graphics hardware.), Firefox Shows the renderer's name as "llvmpipe"(This is also a software renderer). It will lead to understanding to the website that you are on a Virtualised Machine. For more information regarding WebGL Check this link.

2. Through WebRTC: It will leak the local IP address to the website(Tested on chrome) but firefox is not leaking somehow
   
   Also, the Virtual box adds a string "VirtualBox" in the prefix to the webcam name. Suppose you are using a Virtual machine and gave webcam access to some website, it will be able to see the webcam name along with the prefix "VirtualBox”. To prevent that you can check this solution once (https://askubuntu.com/a/1357986/699463)

If you want to know more about this kind of leaks, then definitely use this website https://browserleaks.com/ to perform leaking tests like webrtc, webgl, and more. It will also show the ways to avoid this kind of leaks.