Testing Sandboxes vs. Malware -- What/where tests to perform?

Discussion in 'sandboxing & virtualization' started by gogetadbl, Nov 9, 2008.

Thread Status:
Not open for further replies.
  1. gogetadbl

    gogetadbl Registered Member

    Joined:
    Nov 9, 2008
    Posts:
    6
    Hello All,
    I plan on testing multiple pieces of sandbox software to see how each compares. I'm planning on testing Sandboxie, GesWall, DefenseWall, SafeSpace, and BufferZone and browsers w/ sandboxes or something similar like IE8, Chrome, Iron with no other forms of protection to see if a sandbox is enough to protect. These will be run in Xen or VMWare (if I can get a free copy) with a firewall on the host machine so nothing will realistically get through.

    Tests:
    Going to malware infected web sites - list of sites? Ideally not porn since I'd like to cite sources.
    ALT+CTRL+DEL exiting
    Deletion of Files
    Local registry
    Worm propagation
    Virus propagation
    Buffer Overflow
    Botnet infection
    Rootkits
    Keyloggers
    Javascript infections
    Misc. crashes ie JPEG Exploit

    So far: eicar anti virus/malware test files, Comodo leak tests, random keylogger apps, any online malware test I can find. Using IceSword to see whether the malware opened ports or succeeded in infecting with rootkit.

    The questions I have for you guys is
    1) What other tests can be performed?
    2) Where can I get the malware I listed i.e. worms, virus, buffer overflow, botnets, rootkits, keyloggers. Binaries are ideal (I would like it to do something malicious that I can keep track of) but I can compile source assuming there are all necessary #includes
    3) Any apps that test these vulnerabilities that I could use as part of the testing?

    Thanks!
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    There is such a list here. Also, you may check out anti-virus companies blogs for that links.
     
  3. gogetadbl

    gogetadbl Registered Member

    Joined:
    Nov 9, 2008
    Posts:
    6
    thanks, I'm setting my VMs up this weekend I hope.
     
  4. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    Didn't SafeSpace get axe'd?
     
  5. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Yes it did.
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,146

    I can't access that web page can you post a working link?
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,009
    If it's a link to malware, it can't be posted here. Will be removed.

    Pete
     
  8. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Ah, sorry, it's only for VirusInfo staff. Completely forgot about it. You may try to use malwaredomainlist and sunbelt blog information.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,115
    Location:
    Saudi Arabia/ Pakistan
    U must know the details about these security software.

    Some of them don,t block keyloggers by design, some/ many don,t stop crashes due to OS vulnerabiliy exloits, some don,t intercept system shutdown calls, some don,t protect file deletion/ access with some exceptions of course, some don,t block outbound internet access or don,t close the ports, almost all don,t stop copyin of malware n ur HD except that the malware is isolated or virtualized... so on and so forth.

    The main thing u should test is that all these applications claim to keep core OS intact inspite of malware attack.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.