Virtualization Setup for Testing Malware Removal Software

Discussion in 'sandboxing & virtualization' started by TheKid7, Nov 18, 2010.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    What is the typical virtualization setup that people use to run tests on malware removal products?

    Are you allowed to virtualize the same Windows XP license that you would be using for the OS of the test PC?

    Thanks in Advance.
     
  2. wat0114

    wat0114 Guest

    The little testing I've done is the vm running in the host's Standard account. No problems ever. Keep in mind there's a lot of vm-aware malware, which, based on what I've seen, just seems to sit dormant when it detects the vm environment.

    Not sure about XP. With Win 7, technically, no, but......depending on the license type, time could be your friend ;)
     
  3. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    With regards to licensing,strictly speaking you should have a separate key for the VM;although I'm not sure how many people actually do that.:doubt: If you wish to be legit,yet don't have a spare licence,Microsoft provide 90 day Virtual PC images for testing purposes (IE mainly) and these are regularly updated.

    http://www.microsoft.com/downloads/...90-958f-4b64-b5f1-73d0a413c8ef&displaylang=en

    Wat0114 makes a good point that whilst running a VM offers the best isolation from the host system,a significant number of malware are VM aware so you might get incorrect results.
     
    Last edited: Nov 18, 2010
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well I suppose you can extend, reset the trial. I'm using the subscription service MSDN so I don't have to worry about that only outside of testing.

    I currently use VMWare Workstation 7.x and I get to update but the free ones are great. Read up on vm aware malware and the current techniques on anti-anti vm within the vm, registry and vmx file. Here's one for the vmx file,
    make sure you got everything setup first in the vm before inserting that line into the vmx file as if effectively renders vmware tools benign.

    Here's some I've used also,
    but forgive me for not digressing more in public on my config. The more you learn, read and try for yourself the better.

    Be aware your sample, program may require .NET.

    More often there are no substitutes for a real test machine when tracing a malware with no fear of terminating if a vm is suspected.
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    VBox Forum
    Does this include the Nvidia driver issue?
     
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What about VMWatcher? How can I get this software addition for VM's

    VMWatcher allows you to do an AM scan comparison in the guest and outside the guest, from what i've read. I haven't found anything on where to obtain it though.

    XuXiang Jiang
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Not a new idea in cross view diff or validation, VMM. You may have also heard of LibraVM.
     
  8. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I haven't heard of LibraVM, but since you mentioned it I have read the PDF.
    Very cool.

    Would you know where to get them to trial?
    If you don't I could e-mail the developers and see what happens. :)

    VMWatcher seems to be geared more for Server VM's.
    LibraVM seems like it's geared towards the everyday user.
    LibraVM appears to cover additional areas not handled by VMWatcher.
     
  9. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    checked vmlite? offers xp mode
     
Loading...
Thread Status:
Not open for further replies.