VCM4: Safe environments for virus management and replication
Safe environments for virus management and replication
by VirusBuster
Have you been collecting viruses for some time? Then I bet you infected yourself at least one time.
A silly mistake like double clicking or pressing ENTER key while you are managing your collection from Windows Explorer for example.
If you are lucky enough you run accidentally a silly virus or worm. If you are not this mistake could lead to data corruption or even to total HD deletion.
Maybe you want to run a virus on purpose to check if it replicates or just to see how it works, but you are afraid of this because you could infect your whole system.
In this article I will talk briefly about possible solutions to this.
Let's start talking about how to prevent accidental infections...
When you manage viruses, there is always a possibility of running a file by mistake, but having some protocols you will reduce chances.
If you manage your collection under Windows:
- Do not use Windows Explorer to manage files. Use instead some file management utility that does not allow file execution.
If you manage your collection under DOS:
- Take care when you run commands like MOVE. You could be executing a virus and not the operating system file. You can use some kind of utility to copy/move/delete virus files as Norton Commander. Be aware that, as Windows Explorer, Norton Commander allows to execute programs, so would be a good idea to modify it in order to do not allow execution.
- Take care when you execute any command and be sure you are actually running the proper file and not a virus that is in the same directory you are in. For this, a good politic is renaming files to a hash, like CRC-32 or MD5. The chances of running by mistake a virus with a file name being something like EF5620FE are really low. ;-)
Of course have always a recent backup of your collection to avoid tears.
And now some tips about virus replication...
There are two common ways of replicating virus samples safely:
- Using a dedicated computer.
- Be sure the computer is isolated. This means no internet connection and no LAN connections to other computers.
- You can create an image of the clean HD before replicating and use it to restore the computer after infection.
- Using a virtual machine.
- You can use a software like VMWare to create a virtual machine.
As soon as you have created the virtual computer make a backup of it. Use the backup to replace the infected machine.
You must know that virtual machines are not 100% exact to real machines. This can lead to strange behaviours by viruses or wrong replications.
You can pass infected samples from virtual to real machine through disk.
