Sunday, July 31, 2005

Setting up a test computer

You CAN try THIS at home!

You can try this at home (or in an office or lab), but a certain amount of expertise and extra hardware is required. If you do not have expertise and extra hardware as described below, you would be well advised not try any of this -- at home or otherwise.

As for expertise, I would suggest performing your own malware experiments only if
  1. you know how to set the little master/slave jumpers on hard drives, and
  2. you have experience installing hard drives, including going into computer CMOS on startup.

As for extra hardware, if you have an extra, Win XP capable hard drive which you do not mind reformatting, you are set up to perform your own malware tests. The extra hard drive is already in an existing computer, all the better, but this is not necessary. An extra hard drive only needs to be 4 gigs or bigger, and these can typically be purchased for about $10-20 at used computer stores.

To perform malware tests with your extra hard drive ("test drive") on an existing computer, open up your computer, unplug the drive cables from your permanent hard drives, plug in the test drive as the primary master, and then install Win XP on the test drive. You do not need to permanently mount the test drive -- rather leave the permanent drives mounted, and just set the test drive in a convenient location that the length of the cables will allow. To determine whether you picked up any malware after performing the tests, plug your regular drive back in -- as far as it is concerned, it will be as if nothing happened. Plug in the test drive in instead of the CD drive, and then scan the test drive with your normal virus scanner.

When I first tried malware testing, I was visiting my parents, and used my mom's computer. (When I went to visit, I had brought along an extra hard drive -- doesn't everyone?) A picture of the setup is here.

In general, it is best to reformat the drive and reinstall Win XP before you begin. This is to insure you are testing a bare Win XP install only, without any anti-virus software -- you want to test least privilege, not anti-virus software. You would also reformat the drive to wipe clean any malware or spyware you might get in your tests. You should also start with a clean install if you want to do tests for spyware. Spyware scanners will detect "problems" even on a fresh Win XP install that has never been exposed to the Internet. So to scan for any spyware, you should first do a "baseline" scan, perform your tests, do an "after" scan, then compare the after against the baseline.

If the test system is on a network with other computers, make sure the workgroup on the test system is not the same as any other computer on the network. Clever malware might be able to propagate to other computers through the network connection. To check or change the workgroup, from an administrator account, click on Start, and you will see "My Computer" about half way down the right column. Click right, and then choose Properties. Click on the Computer Name tab. The workgroup is identified on the line half way down. Use the "Change" on the last line to change the workgroup. After rebooting, using Windows Explorer, verify that you cannot access the files on any other network computer.

And after all that, you are ready to test malware.


Post a Comment

<< Home