About VPN and Malware testing tips?

TheMalwareMaster

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Forum Veteran
Jan 4, 2016
1,066
5,726
1,978
Europe
Good morning, I will soon have a spare PC, so i decided to start antivirus tests on it (performing execution test also), I have a few questions.. First, I'd like to know more about VPNs. I have never used them, and I'd like to know why it is better to test using one of them. Then, when i will start to test Avs, I won't only use common sites like vx-vault, malcode database, clean mx but I'd like to surf the web looking for malware. Is it difficult to find malware while surfing? (my favourite targets are fake flash player and Java downloads). Thank in advance and Good weekend ;)
 
  • Like
Reactions: brambedkar59, AtlBo, upnorth and 2 others
TheMalwareMaster said:
Good morning, I will soon have a spare PC, so i decided to start antivirus tests on it (performing execution test also), I have a few questions.. First, I'd like to know more about VPNs. I have never used them, and I'd like to know why it is better to test using one of them. Then, when i will start to test Avs, I won't only use common sites like vx-vault, malcode database, clean mx but I'd like to surf the web looking for malware. Is it difficult to find malware while surfing? (my favourite targets are fake flash player and Java downloads). Thank in advance and Good weekend ;)
Click to expand...
Even if you have a spare PC do it in a VM also sandbox the VM to prevent malware escaping from it, a VPN when it is activated will change your IP, it's mainly used for privacy...
 
  • Like
Reactions: AtlBo, upnorth and DracusNarcrym
Fake flash, java and download Ads usually result in Adware or other unwanted software (PUP).

Finding dangerous malware requires a lot more time, money and patience.

Where did you find that "Testing using a VPN is better"?
 
  • Like
Reactions: AtlBo, DracusNarcrym and TheMalwareMaster
Huracan said:
Fake flash, java and download Ads usually result in Adware or other unwanted software (PUP).

Finding dangerous malware requires a lot more time, money and patience.

Where did you find that "Testing using a VPN is better"?
Click to expand...
I wrote malware but i was meaning general threats, both malware and adware/PUPs. I read here "remember your firewall and VPN client enabled" How to start analyzing malware (Guide)
 
  • Like
Reactions: AtlBo, upnorth and DracusNarcrym
First things first, even if it is a testing PC, I would recommend you conduct the tests within virtual machines.
Virtual machines are emulated computer systems which are capable of running so-called guest operating system installations. They are essentially completely isolated from the host machine (the machine which contains and runs the virtual machine software), which means that malware will not be able to harm your system and you will be able to freely test any malware sample and essentially any other software.
Do note however, that (although rarely) some malware samples incorporate certain routines which are able to detect whether they are trying to be executed within an emulated environment. Thus, some specific malware samples may not run at all. (however, the vast majority of malware is not coded to be virtual machine-aware, so you will most probably not run in such issues)

One of the best virtual machine deployment and management applications is VirtualBox which is also free and open-source.
Virtual machines also have some handy features like guest snapshots (instant backups of a specific state of a virtual machine, which you can use to restore the guest OS to that state), which may facilitate the testing procedure. (you won't have to re-install or repair the system after antivirus or malware testing)

VPNs (virtual private networks) are private networks (such as the local network in your home) which is extended over a public network (such as the Internet) by means of dedicated endpoint-to-endpoint connections (computers "talking" to each other thus creating "endpoint-to-endpoint" connections) and/or virtual network tunneling protocols (tunneling protocols allow for the providing and access of a network service, that the underlying, actual network, does not directly provide/support - think of a tube inside another tube), both options usually also incorporating traffic encryption.
As far as VPNs are concerned, I do not believe they are necessary parts of software testing procedures, and even when it comes to malware testing, VPNs can actually hinder the tests (since most VPN services filter malicious domains), than facilitate them. VPNs can only shield your local network in the case of malware testing, so that it cannot infect your other PCs connected in the network. (malware will be forced recognize the VPN connection and not your local network)

All in all, I recommend you install some sort of virtual machine software, create and deploy a virtual machine, and run your tests there.
There is no need to run any type of tests (either software/antivirus tests or malware tests) in a physical machine.
 
  • Like
Reactions: AtlBo, mal1, TheMalwareMaster and 1 other person
DracusNarcrym said:
First things first, even if it is a testing PC, I would recommend you conduct the tests within virtual machines.
Virtual machines are emulated computer systems which are capable of running so-called guest operating system installations. They are essentially completely isolated from the host machine (the machine which contains and runs the virtual machine software), which means that malware will not be able to harm your system and you will be able to freely test any malware sample and essentially any other software.
Do note however, that (although rarely) some malware samples incorporate certain routines which are able to detect whether they are trying to be executed within an emulated environment. Thus, some specific malware samples may not run at all. (however, the vast majority of malware is not coded to be virtual machine-aware, so you will most probably not run in such issues)

One of the best virtual machine deployment and management applications is VirtualBox which is also free and open-source.
Virtual machines also have some handy features like guest snapshots (instant backups of a specific state of a virtual machine, which you can use to restore the guest OS to that state), which may facilitate the testing procedure. (you won't have to re-install or repair the system after antivirus or malware testing)

VPNs (virtual private networks) are private networks (such as the local network in your home) which is extended over a public network (such as the Internet) by means of dedicated endpoint-to-endpoint connections (computers "talking" to each other thus creating "endpoint-to-endpoint" connections) and/or virtual network tunneling protocols (tunneling protocols allow for the providing and access of a network service, that the underlying, actual network, does not directly provide/support - think of a tube inside another tube), both options usually also incorporating traffic encryption.
As far as VPNs are concerned, I do not believe they are necessary parts of software testing procedures, and even when it comes to malware testing, VPNs can actually hinder the tests (since most VPN services filter malicious domains), than facilitate them. VPNs can only shield your local network in the case of malware testing, so that it cannot infect your other PCs connected in the network. (malware will be forced recognize the VPN connection and not your local network)

All in all, I recommend you install some sort of virtual machine software, create and deploy a virtual machine, and run your tests there.
There is no need to run any type of tests (either software/antivirus tests or malware tests) in a physical machine.
Click to expand...
I forgot to mention that the spare PC is a really old intel Pentium 4 with only 1 gig of ram , which I will only use for malware testing. I don't think it can support a virtual machine! If needed, I will format it if i get infected
 
  • Like
Reactions: upnorth and DracusNarcrym
TheMalwareMaster said:
I forgot to mention that the spare PC is a really old intel Pentium 4 with only 1 gig of ram , which I will only use for malware testing. I don't think it can support a virtual machine! If needed, I will format it if i get infected
Click to expand...
In that case, virtual machines will indeed not be able to run properly.
However, instead of formatting the PC every time, I would recommend you use Paragon Backup & Recovery Free Edition or similar backup software, to create backup system images of a known clean state of your system (e.g. immediately after installing the OS and all required updates), and then use Paragon's bootable rescue media to restore that clean state from those system images after the malware tests.
The whole process of restoring your system from system images should take around 10-30 minutes.
 
  • Like
Reactions: AtlBo, frogboy and TheMalwareMaster
DracusNarcrym said:
In that case, virtual machines will indeed not be able to run properly.
However, instead of formatting the PC every time, I would recommend you use Paragon Backup & Recovery Free Edition or similar backup software, to create backup system images of a known clean state of your system (e.g. immediately after installing the OS and all required updates), and then use Paragon's bootable rescue media to restore that clean state from those system images after the malware tests.
The whole process of restoring your system from system images should take around 10-30 minutes.
Click to expand...
Thank you :)
 
  • Like
Reactions: AtlBo and DracusNarcrym
Well as a casual web surfer you may found little difficulty to encounter a virus due to websites implements vulnerability prevetion unless going to unknown sites.
 
  • Like
Reactions: AtlBo and DracusNarcrym
You must log in or register to reply here.

You may also like...