Testing Sandboxes vs. Malware -- What/where tests to perform?

Discussion in 'sandboxing & virtualization' started by gogetadbl, Nov 9, 2008.

Thread Status:
Not open for further replies.
  1. gogetadbl

    gogetadbl Registered Member

    Joined:
    Nov 9, 2008
    Posts:
    6
    Hello All,
    I plan on testing multiple pieces of sandbox software to see how each compares. I'm planning on testing Sandboxie, GesWall, DefenseWall, SafeSpace, and BufferZone and browsers w/ sandboxes or something similar like IE8, Chrome, Iron with no other forms of protection to see if a sandbox is enough to protect. These will be run in Xen or VMWare (if I can get a free copy) with a firewall on the host machine so nothing will realistically get through.

    Tests:
    Going to malware infected web sites - list of sites? Ideally not porn since I'd like to cite sources.
    ALT+CTRL+DEL exiting
    Deletion of Files
    Local registry
    Worm propagation
    Virus propagation
    Buffer Overflow
    Botnet infection
    Rootkits
    Keyloggers
    Javascript infections
    Misc. crashes ie JPEG Exploit

    So far: eicar anti virus/malware test files, Comodo leak tests, random keylogger apps, any online malware test I can find. Using IceSword to see whether the malware opened ports or succeeded in infecting with rootkit.

    The questions I have for you guys is
    1) What other tests can be performed?
    2) Where can I get the malware I listed i.e. worms, virus, buffer overflow, botnets, rootkits, keyloggers. Binaries are ideal (I would like it to do something malicious that I can keep track of) but I can compile source assuming there are all necessary #includes
    3) Any apps that test these vulnerabilities that I could use as part of the testing?

    Thanks!
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    There is such a list here. Also, you may check out anti-virus companies blogs for that links.
     
  3. gogetadbl

    gogetadbl Registered Member

    Joined:
    Nov 9, 2008
    Posts:
    6
    thanks, I'm setting my VMs up this weekend I hope.
     
  4. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    Didn't SafeSpace get axe'd?
     
  5. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Yes it did.
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    I can't access that web page can you post a working link?
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    If it's a link to malware, it can't be posted here. Will be removed.

    Pete
     
  8. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Ah, sorry, it's only for VirusInfo staff. Completely forgot about it. You may try to use malwaredomainlist and sunbelt blog information.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U must know the details about these security software.

    Some of them don,t block keyloggers by design, some/ many don,t stop crashes due to OS vulnerabiliy exloits, some don,t intercept system shutdown calls, some don,t protect file deletion/ access with some exceptions of course, some don,t block outbound internet access or don,t close the ports, almost all don,t stop copyin of malware n ur HD except that the malware is isolated or virtualized... so on and so forth.

    The main thing u should test is that all these applications claim to keep core OS intact inspite of malware attack.
     
Loading...
Thread Status:
Not open for further replies.