Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: how to safely test malware?

17 Jun 2010   #11
Jaxryley

 
 

Yes we have a malware tester over at Malwarebytes forum that only runs samples on the real system and images back.

There are also rollback type apps such as RollbackRX, FD-ISR, AyeRecovery and Comodo Time Machine but I haven't really tried any of those.

Another Shadow Defender/Returnil type app and free ATM is Wondershare Time Freeze.
http://www.wondershare.com/blog/wond...otection-tool/


My System SpecsSystem Spec
.
18 Jun 2010   #12
WindowsStar

Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
 
 

Quote   Quote: Originally Posted by malexous View Post
Some malware will detect that they are running in a sandbox or virtual machine and change their behaviour, therefore, best to test in a real environment.

Most won't have a machine specifically for testing. As has been suggested, Shadow Defender or creating an image and reverting back to it after the testing is good.

It's probably not a good idea to test on a machine that has sensitive data. Some malware will want to steal it and call home.
Yes sir! This is my point exactly. Malware is no longer written by 15 year old kids, it is being written by sophisticated originations that have all the resources we have plus the resources of a large company. They know about VM or sandboxie etc., and they have many ways around it. Don't kid yourself in thinking you are perfectly safe because you are testing in a VM type, or sandbox type of environment.
My System SpecsSystem Spec
18 Jun 2010   #13
Jaxryley

 
 

And that's where you can use the hidedriver.sys within the Buster Sandbox Analyser to hide Sandboxie's processes but even then some malware still won't run.

Why I prefer to use Sandboxie rather than a VM or virtualised real system is that it's way easier to find any droppers in the sandbox rather than searching system wide.

If you know any ways that bypasses Sandboxie please elaborate over at Sandboxie's forum. You can only help an excellent security app get better.

My System SpecsSystem Spec
.

18 Jun 2010   #14
WindowsStar

Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
 
 

Quote   Quote: Originally Posted by Jaxryley View Post

If you know any ways that bypasses Sandboxie please elaborate over at Sandboxie's forum. You can only help an excellent security app get better.
Great point!
My System SpecsSystem Spec
18 Jun 2010   #15
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

Quote   Quote: Originally Posted by Jaxryley View Post
Sandboxie, Returnil and VM's are used here.

The main machine is always virtualised with Returnil and malware testings carried out in a sandbox or a VM.

Buster Sandbox Analyser is used to monitor what the sample gets up to in the sandbox.

And sometimes I run malware through Sandboxie in a VM which is virtualised by Returnil. LOL.

Some malware can send out a call to reboot or shutdown the system. Returnil nor Shadow defender can't stop the call but Sandboxie contains the system call to reboot/shutdown.

We all have our ways to do things and whatever suits you and you're comfortable with then use it.
interesting, i´ve tested both Returnil & Sandboxie, and was thinking about enhancing the security by running both of them,
first start Returnil & then run fx. Firefox in a sandbox.
hmmm, going to try that combination...

"Buster Sandbox Analyser" ?
link ?

do you mean this program ?
Released Buster Sandbox Analyzer 1.23 | Offensive Computing
My System SpecsSystem Spec
18 Jun 2010   #16
Jaxryley

 
 

Here's the link to Buster Sandbox Analyzer over at Sanboxie's Forum.
www.sandboxie.com :: View topic - Buster Sandbox Analyzer

And another over at Wilders.
Buster Sandbox Analyzer - Wilders Security Forums
My System SpecsSystem Spec
18 Jun 2010   #17
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

thanks Jaxryley, that´s the program that is mentioned on the website i posted.
My System SpecsSystem Spec
18 Jun 2010   #18
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

If you have no idea what you're doing while testing malware .... please stay off the Internet
My System SpecsSystem Spec
18 Jun 2010   #19
AussieGuy92

 
 

i know what i am doing on the internet i just wanted to know how how other people test it.
My System SpecsSystem Spec
Reply

 how to safely test malware?




Thread Tools




Similar help and support threads
Thread Forum
Malwarebytes Anti-Malware 2.0.3 Beta Test
Malwarebytes Anti-Malware 2.0.3 Beta Test For those interested we have released the next public beta of our software. We would like to request that users test the new beta and post your feedback so that we can continue to improve the product. ...
System Security
EmsisoftAntiMalware the ONLY program to detect ALL Malware in a test !
hi ! i found this on TWC-forum: "The independent Malware Research Group started an interesting series of tests on September 1. 19 well-known security programs were challenged to a "duel" with ten of the most dangerous and widely spread Malware pests. At the start of September 2010 the...
System Security
Browser Security / Financial Malware test
MRG Tests Malware Research Group
System Security
MRG's latest malware test
No particular surprises for me: MRG Tests Malware Research Group
System Security
Site designed to test your malware protection
I did not see this posted anywhere so I thought I would share it with you guys. I have only tested this site running in a virtual environment but it seems to work really well. I scanned my system throughly after testing and found no traces of spyware. I thought some of you might be interested in...
System Security
The newest test: 0-Day Malware - 11/2009
Results: http://www.anti-malware.ru/files/dynamic_test_results_2.gif Read more...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:40.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App