From the day I started writing web logs (blogging), I always test and make sure that the article I post is truly working at that time. The testing and analysis are done on my desktop computer that is installed with either Windows XP or 7. Every time when I need to test something new and requires a clean Windows installation, I simply do a full restore using the backed up image that I created earlier. This is slightly more time consuming and some people may think that I am stupid to do so because it would probably be easier and faster using virtual machine such as VirtualBox or VMware.
No Virtual Machine
Windows operating system installed in VirtualBox or VMware may look and work the same way as the real windows environment but in fact it doesn’t. First of all is the compatibility issue and here is one example. The upcoming Kaspersky Rescue Disk version 10 is in beta testing and it worked perfectly in VirtualBox but when I burn it to a CD and boot it up on two different desktops, one with older hardware and the other one with newer hardware, both failed to start in graphic mode and spewed tons of error messages in console. Secondly…

Obviously you don’t get the real performance on the software when you are testing it on a virtual environment. You should notice that installing Windows or running a full virus scan on virtual machines takes longer than the Windows installed on the physical hard drive.

Thirdly and most importantly, analyzing malwares and malicious files is something that I love and interested in although I am not working nor affiliated with any antivirus companies. I love to see the techniques that are constantly being improved by malware programmers as they need to always be one step ahead of the antivirus. It is one big mistake to test and analyze malwares in virtual environment because they obviously didn’t know about anti-virtual machine, anti sandboxes and anti debug feature. Some good crypters that can make a malicious file undetectable by any antivirus has the capability to exit the process when it is being analyzed.

For example, if you try to upload it to ThreatExpert and have it analyzed, the report that you get 5 minutes later will not contain anything suspicious and you will end up running it thinking that it is safe. If you try to run it in sandbox such as Sandboxie, you will get an error saying “This program cannot be run in Sandboxes“.
sandboxie failed test

Here are a few screenshot of crypters that has Anti’s feature which bypasses virtual machines, debuggers, online analyzers and debuggers.

TDG Tejon Antis

Incognito antis

Galaxy crypt antis

As for my case, I dare to run any malicious files on my desktop computer because it is a standalone computer and doesn’t contain any password nor login information for the malware to steal. To see the damage that the malware has done to my computer, I simply need to use a software that tracks file and registry changes such as SysTracer which is a shareware that cost only $29.95 for a single user license. So far everything is good especially using the Windows 7 built-in system image backup.

Didn’t find what you want? The links below could help: