Products > Computers
If you have to run infected/fishy windows app, how do you do it ?
BravoV:
Just curious how do you run a "suspicious" Windows program in Windows OS, even you suspect its false positive by virus scanner ? But you need to run it, say even using non admin user privilege.
I'm not talking about pirated programs here, but official programs supplied by the equipment's manufacturers, say like the latest Dave's video on Riden RD6006 PSU that he skipped the supplied Windows program as it didn't passed virus scanners, or other example like the popular MiniPro TL866 Universal Programmer that is also questionable, even its downloaded from legit source and many other examples.
Understand that the safest path is having a fully air gaped PC, aka separate sacrificial physical machine that is solely for running these dirty programs, with disposable OS installation that can be refreshed from whole boot drive image restoration, but this is not always affordable for everybody, including me as I'm running out of working space at the bench.
While currently my practice is running inside virtualization, I'm on Win7 with VMWare with various disposable OSes like DOS,XP and 7s, but with the latest hacks recently (HERE), that the hacker can easily breach out into host OS starting to worry me.
Appreciate if you can share your current setup and workflow regarding this situation.
AndyC_772:
Submitting any suspect code to VirusTotal isn't a bad start. Just because one virus scanner flags up a warning doesn't mean there's anything wrong with the code at all, and it would be a mistake to think of it as 'dodgy' because of a false positive.
Mechatrommer:
You dont need a complete sacrificial pc for this, just a $20 ssd with its own OS inside will do the job stuck inside your main pc. Just switch sata cable or set in bios for boot drive. disable working drive and important data. But it will be pointless anyway if you dont know what to look about virus behaviour, or if you dont have enough 'soft' sensors to trigger malicious behaviour.
Av usually will trigger if later an allowed app creates another process/exe in another dir, or possibly terminate it if av recognizes it.
As on my side, i built an app to log every files in drives before running unknown app and then later look for what have been added and removed to decide if the app is behaving or not. Or simply... just run it.. if it destroys your system/os, just restore from your external backup, so it means you must made backup beforehand or occasionally so is advisable.
RoGeorge:
Ideally, on a completely isolated machine.
If that is not possible, install VirtualBox or VMware Player, then create a virtual machine with a clean Windows install. Don't forget to isolate the virtual machine before installing on it the suspected software.
BravoV:
--- Quote from: Mechatrommer on November 29, 2019, 01:15:55 pm ---You dont need a complete sacrificial pc for this, just a $20 ssd with its own OS inside will do the job stuck inside your main pc. Just switch sata cable or set in bios for boot drive. disable working drive and important data. But it will be pointless anyway if you dont know what to look about virus behaviour, or if you dont have enough 'soft' sensors to trigger malicious behaviour.
--- End quote ---
Just don't want to juggle around cables or anything physical, its just cumbersome and also error prone, as you only need one mistake hooking up the dirty viral drive on boot up while forgetting to unplug/detach the main boot drive or any other clean drives.
Navigation
[0] Message Index
[#] Next page
Go to full version