What I have to know about malware before start testing security software?

[WinAndLinuxTutorials]

I am interested to test security software. But I heard that I have to know about Malware before start this type of adventure. So the question is, what I have to know about malware before start testing security software?
Please help.

 

[Deleted member 178]

long topic, all you need to know is here on the forum, just take time to read it.

 

[Jack]

Testing security products with malware samples is a dangerous activity!

Here you can find the main type of malware threats explained.

Testing security products with malware samples should be done inside a virtual machine , even so this type of activity is very dangerous and could lead to an infection on your host pc.Its advised to be very cautious on what data you have on the system and if possible use a 'junk pc' ( an older PC that you don't need anymore).

If you don't have the necessary knowledge to test security products , it's recommended that you let the professional do this kind of tests.There are a lot of YouTube video tests for each security product which will help you have a general idea on how a product works.


What a users must know and have before start testing security products :

1. You need to know how clean malware on a real operating system (How to use a bootable CD, what tools to use ) and have advanced knowledge in the computer and security fields.

2. You need to back up everything from your host PC.You can use either EaseUS Todo Backup Free 3.0 or Paragon Backup & Recovery 2011 (Advanced) Free.
After installing one of this backup software ,create a disk image and save it on a external hard drive.

3. You need a good protection for your host pc.Start a topic in this forum to properly configure your system.(Please mention that you want to test malware on a VM)

4. You need to install virtual machine (VM) (See what a VM is here ), the best available software is VMware Workstation , however this is a paid software so if you don't want to buy it you can use a free software like Virtual Box

You can find here a guide on How To Install a Virtual Machine.

5. After installing the VM software and following the how-to guide for installing a OS on it you'll have an independent operating system which you can use for test security product.Next step is to customize the operating system from your VM (download need it software like MBAM , Hitman Pro and other tools) and create a snapshot of your system which will allow you to revert the VM to a clean state at any time.


6. After following all this steps you'll most likely need some malware samples, to test the security products...so here is where you can find them. - link

 

[Deleted member 178]

yes, follow those steps. And do malwares tests because it is cool is not a good idea, i fixed many computers of guys wanting to do cool malware things, and finally the only cool things that happened is that my wallet was full

 

[jamescv7]

Malware may define to the damage rate of lowest to highest, since highest rate can do more damage.

Even your using VM sometimes a malware can jump out through the host PC so its really a precautionary measure.

 

[Hungry Man]

It's more than unlikely that you won't run into anything that can hop out of a VM. That said, make sure your host PC is secured as well... you may even want to consider hardening the VM with EMET and/or sandboxing.

I have personally tested malware on my own host machine because I was confident in my setup - nothing got through. I understood how my setup worked and I understood how malware worked so there was really no way I was in danger.

That said, I suggest a VM.

 

[WinAndLinuxTutorials]

@ Jack
1st Point: I would like to know about cleaning malware on a real OS, because I have a little knowledge about it :huh:

2nd Point: None of the data on my PC is important, no need for any type of backup

3rd Point: I will follow what you said

4th Point: I already have VMware Workstation installed

5th Point: I will follow what you said

6th Point: Thanks for this!

@ Hungry man
Can I know how to use EMET?

Thanks to all of you for quick replies.

 

[HeffeD]

you may even want to consider hardening the VM with EMET and/or sandboxing.

If you're wanting to see the effects of malware on the system, you aren't going to want to do any hardening.

I have heard of some people sandboxing their VM, but it's going to be the rare piece of malware that is going to be able to jump out of the virtual environment. If you really want to play it safe, even while testing using VM's, just take it for granted that you're going to have to reformat at some point, so only test malware on a system that you can easily recover.

In other words, always prepare for the worst. That way if you do encounter anything that jumps out of your VM, it doesn't inconvenience you very much.

 

[Hungry Man]

EMET wouldn't effect the VM OS, just the VM... I don't think. And sandboxing the Virtual Box also wouldn't effect the OS.

I agree, it's not really necessary since almost no malware tries to exit VM's. It doesn't hurt to take precautions though.

 

[Deleted member 178]

If you test with malware, you should use a system that is common too much people, means a basic updated Windows without any other protections except the sec apps you want to test.

 

[WinAndLinuxTutorials]

Now I've cleared many doubts, two questions are left:
1. I want to know how to clean malware from an infected PC.
2. I recently installed COMODO Firewall with Defense+ and found an option to run a program sandboxed, will running VMware workstation sandboxed prevents malware to jump from the VM to the host OS?

Please reply.

 

[HeffeD]

will running VMware workstation sandboxed prevents malware to jump from the VM to the host OS?

It's another layer of protection...

 

[Hungry Man]

As HeffeD said it would add another layer of protection. The malware would

a) be programatically designed to break out of the VM
b) by further designed to break out of Comodo's sandbox

very unlikely. I'm not sure if it would cause any issues for the VM though.

It's hard to clean malware from an infected PC without knowing specifically what the malware is. The first thing you should do is try to find out what you're up against.

Otherwise, generic things like running Rkill, TDSSKiller, SAS, MBAM, GMER

 

[WinAndLinuxTutorials]

As HeffeD said it would add another layer of protection. The malware would

a) be programatically designed to break out of the VM
b) by further designed to break out of Comodo's sandbox

very unlikely. I'm not sure if it would cause any issues for the VM though.

It's hard to clean malware from an infected PC without knowing specifically what the malware is. The first thing you should do is try to find out what you're up against.

Otherwise, generic things like running Rkill, TDSSKiller, SAS, MBAM, GMER

So I understand that sandboxing the VM doesn't completely prevent malware from breaking out the VM, but it adds an additional securiy layer, helping to prevent infections, is what I understood right?

Now there is another question,
I forgot to say from the beginning that I have a dual boot of Windows 7 Professional SP1 64-bit and Linux Ubuntu 11.04 64-bit. I have VMware workstation installed in Linux. Is it safer to use Virtual Machines in Linux?

Please reply

 

[jamescv7]

The answer is yes, its safe to use Vmware in Linux, since most of the malware are windows based (executable files) and cannot run correctly in Linux even the malware would jump out. Although there is also Linux malware but less in the wild list.

 

[Deleted member 178]

So I understand that sandboxing the VM doesn't completely prevent malware from breaking out the VM, but it adds an additional securiy layer, helping to prevent infections, is what I understood right?

exactly

 

[illumination]

In other words, always prepare for the worst. That way if you do encounter anything that jumps out of your VM, it doesn't inconvenience you very much.

This would be your first step in testing of any type of product or malware. Back ups are always essential..

 

[WinAndLinuxTutorials]

I think I got all my questions solved. Thanks!

 

[Deleted member 178]

no problem

 

[jamescv7]

Since all the questions were solved, you can start testing security software with malware. If you have still a question to tell don't hesitate to come here.