Which one would you use and why? I'll be using it for testing AV's and other software. I like Virtualbox, which do you prefer?
- Aug 23, 2011
- 2,291
Maybe the answer is here 
: http://malwaretips.com/Thread-Malware-Testing-VMware-workstation-or-Oracle-VirtualBox
I think either of them is fine for me if the issues of VirtualBox mentioned in the thread in the link above got fixed. That thread is old, so maybe the information there is outdated.
: http://malwaretips.com/Thread-Malware-Testing-VMware-workstation-or-Oracle-VirtualBoxI think either of them is fine for me if the issues of VirtualBox mentioned in the thread in the link above got fixed. That thread is old, so maybe the information there is outdated.
- Aug 23, 2011
- 2,291
MalwareCenter said:
Never thought about that. Do you advise us to avoid installing VMware tools/VirtualBox Additions on a VM with malware testing?
Littlebits
Retired Staff
- May 3, 2011
- 3,893
It depend on which Windows you are going to use.
VirtualBox works excellent with Windows XP and Linux, however I have ran into a lot of problems trying to get Windows 8 to run in it correctly. I have ran into other issues with Windows Vista and 7. But VirtualBox is free and most users who test malware still use Windows XP.
VMware doesn't seem to give me many issues running any OS but it costs $249.00 unless you just run the 30 Days trial version until it expires.
If you shop around, you could probably buy a cheap computer for the same price.
Now if you want to test malware correctly don't use a virtual system.
Get yourself a cheap real system dedicated to testing only.
Some products and malware don't function properly in virtual systems, so your results will not be accurate.
Thanks.
VirtualBox works excellent with Windows XP and Linux, however I have ran into a lot of problems trying to get Windows 8 to run in it correctly. I have ran into other issues with Windows Vista and 7. But VirtualBox is free and most users who test malware still use Windows XP.
VMware doesn't seem to give me many issues running any OS but it costs $249.00 unless you just run the 30 Days trial version until it expires.
If you shop around, you could probably buy a cheap computer for the same price.
Now if you want to test malware correctly don't use a virtual system.
Get yourself a cheap real system dedicated to testing only.
Some products and malware don't function properly in virtual systems, so your results will not be accurate.
Thanks.
- Aug 23, 2011
- 2,291
Littlebits
Retired Staff
- May 3, 2011
- 3,893
WinAndLinuxTutorials said:
They are only good to test products or malware that doesn't require you to reboot your system. Most security products require system reboots to start their services. If you want to test how malware effects the system in detail, they are not a good option. Also applies to DeepFreeze and Returnil. Some products that don't require system reboots and some malware may not function properly in them either. I'm not completely convinced that your real system could be protected from advanced malware.
Thanks.
WinAndLinuxTutorials said:
Yes. Also don't run Camtasia in the virtual machine, run it in the real system. It's also sometimes detected by malware.
For example, Win32/Simda is:
Checking list of running processes, registry keys, etc.
Code:
HKEY_CURRENT_USER\SOFTWARE\ZxSniffer
Explorer\MenuOrder\Start Menu2\Programs\Debugging Tools for Windows (x86)
HKEY_CURRENT_USER\Software\Win Sniffer
Uninstall\ERUNT_is1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\VBoxGuest
HKEY_CURRENT_USER\Software\B Labs\Bopup Observer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Wireshark
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Win Sniffer_is1
HKEY_CURRENT_USER\SOFTWARE\B Labs\Bopup Observer
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\SbieDrv
HKEY_CURRENT_USER\SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASCon.1
HKEY_CURRENT_USER\SOFTWARE\Cygwin
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\SDbgMsg
HKEY_CURRENT_USER\SOFTWARE\SUPERAntiSpyware.com
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\IRIS5
HKEY_CURRENT_USER\Software\Classes\*\shell\sandbox
Uninstall\Oracle VM VirtualBox Guest Additions
Uninstall\Sandboxie
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Bopup Observer
HKEY_CURRENT_USER\Software\Classes\Folder\shell\sandbox
Uninstall\APIS32
PEBrowseDotNETProfiler.DotNETProfiler
HKEY_CURRENT_USER\Software\CommView
HKEY_CURRENT_USER\Software\Syser Soft
HKEY_CURRENT_USER\Software\eEye Digital Security
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\MenuOrder\Start Menu2\Programs\APIS32
HKEY_CURRENT_USER\SOFTWARE\Cygwin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
App Paths\wireshark.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\SOFTWARE\SUPERAntiSpyware.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\SOFTWARE\Classes\
HKEY_CURRENT_USER\SOFTWARE\APIS32
VBoxTray.exe
CamRecorder.exe
observer.exe
IrisSvc.exe
ERDNT.exe
Regshot.exe
windbg.exe
SBIEDLLX.DLL
ERUNT.exe
WinDump.exe
irise.exe
EtherD.exe
OLLYDBG
SandboxieRpcSs.exe
SandboxieDcomLaunch.exe
dumpcap.exe
Sniffer.exe
wireshark.exe
PEBrowseDbg.exe
SUPERAntiSpyware.exe
DBGHELP.DLL
apis32.exe
SbieSvc.exe
SbieCtrl.exe
CamtasiaStudio.exe
Aircrack-ng Gui.exe
tcpdump.exe
Syser.exe
wspass.exe
VBoxService.exe
SBIEDLL.DLL
ZxSniffer.exe
ollydbg.exe
DrvLoader.exe
cv.exe
SymRecv.exeIt's also checking Windows ID. If it's blacklisted (belongs to Anubis and etc.), then Simda won't run.
- Jun 21, 2013
- 1,492
- Oct 23, 2012
- 12,527
Virtual box and it's ease of changing the MAC Address
It's free and have never had a problem running it on XP or Windows 7.Have not tried it on Windows 8 because I don't use Win 8 that often.
It's free and have never had a problem running it on XP or Windows 7.Have not tried it on Windows 8 because I don't use Win 8 that often.
- Status
