Products > Computers

If you have to run infected/fishy windows app, how do you do it ?

<< < (4/4)

Nominal Animal:
I agree with LeonR above.

One cannot assume their tools work perfectly and not infected with malware.  We use backups to guard against tool failure, and various software to detect infections and malware.

Having a slower backup computer, say an old laptop, with say $30 SSD (120GB) and 4GB or more of RAM, to run a virtual machine you can roll back after experimentation, is just about perfect -- especially if you wipe the host OS every now and then; say, instead of upgrading the host OS, you wipe and install the new version from scratch.

For a single person having such a machine is probably overkill; accepting the small risk of malware burrowing through the supervisor from the VM to the host makes more sense.  However, if you happen to have one, with a valid Windows license, and you tell your friends and colleagues you have it for such purposes, and are happy to lend it (especially if one were to buy a cup of coffee or something as a thank-you), having such a tool starts to make sense.

Like I said, I don't have one, and I usually avoid even using Wine, but if I had the need, I do believe I have friends who have such machines, and might be willing to run the software for me.

PA0PBZ:
Just to add this to the discussion: Although it is not an option in the program VMWare Player can be made non-persistent by modifying the .vmx file by adding the following: scsi0:0.mode = "independent-nonpersistent" assuming scsi0:0 is your drive.

edavid:
There is also the now freeware program Sandboxie, which is intended for exactly this.  I guess the main difference from using a VM is that you don't have to install and secure a guest OS.

https://www.sandboxie.com/

https://en.wikipedia.org/wiki/Sandboxie

Red Squirrel:
A separate PC running as a VM server is probably your best bet. The VM is optional, but having a separate air gapped network running VMs will let you test more stuff if you want, like see if it tries to infect another machine over the (separate, private) network etc.

If you make sure to use a fully updated VM hypervisor you're probably safe from VM escape exploits though, but if you want to be extra safe then a separate air gapped PC is best.

Navigation

[0] Message Index

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod