Safe Virtual Environment For File Analyzing?

#1 spook

Private First Class

Group: Members
Posts: 48
Joined: 05-November 04

Posted 24 May 2005 - 03:17 AM

Is there some kind of tool capable of analyzing a file in a "safe virtual environment"

Norman AV has Sandbox, it emulates a real computer inside your computer. This is used to see how the file acts.

For Linux you have WINE to emulate win32 programs, so virusses as well right?

So basically what I'm looking for is some kind of tool to check the behaviour of win32 virusses (so with desktop and stuff.. everything like a normal windows)

Thanks,

spook

#2 FiNaLBeTa

Master Sergeant

Group: Specialist
Posts: 461
Joined: 26-December 03

Posted 24 May 2005 - 03:40 AM

Didn't know that norman thing. but what I use is a virtual PC with restore disk, bit of work....

#3 belgther

Master Sergeant

Group: Specialist
Posts: 650
Joined: 06-October 04

Posted 24 May 2005 - 04:15 AM

vmware or virtual pc are great programs that do this job. Just create a small HDD file, and back it up, then analyze your file there without harming your own computer...

"The wisest one is the one who knows himself/herself." Quote of the life
belgther... aka... belgther

#4 spook

Private First Class

Group: Members
Posts: 48
Joined: 05-November 04

Posted 24 May 2005 - 07:04 AM

FiNaLBeTa, on May 24 2005, 12:40 PM, said:

Didn't know that norman thing.

<{POST_SNAPBACK}>

Here's some more information about it if you're interested:
hxxp://sandbox.norman.no/

I'll give VMware and Virtual PC a go tomorrow or so, thanks
Now to verify if I'm looking at the right sites:
hxxp://www.microsoft.com/windows/virtualpc/default.mspx
hxxp://www.vmware.com/products/desktop/ws_features.html

Correct?

Thanks for the help :)

#5 FiNaLBeTa

Master Sergeant

Group: Specialist
Posts: 461
Joined: 26-December 03

Posted 24 May 2005 - 09:25 PM

yep, that is the software.
You could back up the virtual HD like belgther said, or you could use a restore partition.
That way every time you close the Virtual PC, it will ask you if you want to undo all changes made in the last session.

#6 SkitZZ

Private First Class

Group: Members
Posts: 138
Joined: 04-December 03

Posted 24 May 2005 - 11:21 PM

i'd go for VMware Workstation has a nice snapshot feature

quote from the help file

Quote

With Workstation, you can take a snapshot of your virtual machine and preserve its state � including the data on its virtual disks � at a particular moment in time. You can continue working with the virtual machine and, if desired, return to the snapshot state at any time.

This is useful if you wish to undo changes you made to the virtual machine. You can take a snapshot of a virtual machine at any time and revert to that snapshot at any time, whether the virtual machine is powered on, powered off, or suspended.

SkitZZ

#7 genxweb

Corporal

Group: Members
Posts: 189
Joined: 14-December 03

Posted 25 May 2005 - 02:07 AM

I suggest vmware also but als o configure a seperate vlan for it so traffic that may get generated does not find its way onto your trusted network.

#8 FiNaLBeTa

Master Sergeant

Group: Specialist
Posts: 461
Joined: 26-December 03

Posted 25 May 2005 - 02:50 AM

the two posts above count for virtual PC 2. When talking windows, I would probebly take virtual PC.

#9 sefe

Private First Class

Group: Members
Posts: 20
Joined: 19-June 05

Posted 19 June 2005 - 10:35 AM

i tested both MS VPc and WMware. WMware is MUCH better, its fast, its stable and has a lot of options.

MSVPC is better for total begginers.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Forums: Safe Virtual Environment For File Analyzing? - Forums