Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How safe is an "Experimental PC"?


  • Please log in to reply
22 replies to this topic

#1 Sylveon Fetish

Sylveon Fetish

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 19 April 2016 - 11:13 AM

How safe would it be to have one desktop computer as an experimental computer. For instance, a torrent or some kind of download where some people say there is a virus, some say it is clean, or there may be only one comment on the entire download or torrent claiming it is infected, but who knows if it is credible. Could a computer that is used in this manner spread infections (if it gets any) to other computers if I don't ever plug in a flash drive or anything. Could it infect other computers on our home internet?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 19 April 2016 - 11:27 AM

Network worms are still a thing, so other devices on your network could get infected.

To be honest, you shouldn't do this kind of thing/experiment if you're not familiar with security.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 19 April 2016 - 06:36 PM

The practice of using any torrent, file sharing, peer-to-peer (P2P) program or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 mremski

mremski

  • Members
  • 498 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:01:14 PM

Posted 20 April 2016 - 08:54 AM

The practice of using any torrent, file sharing, peer-to-peer (P2P) program or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft.

 

Once you are running Windows 10, aren't the updates spread in a torrent like fashion?  


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 20 April 2016 - 08:57 AM

There's an option on Windows 10 to get updates via P2P, but you can disable it and that's what I recommend. You can leave it enabled for your own network, which is safer.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 20 April 2016 - 02:19 PM

Why waste upload badwidth to help lower Microsoft’s bandwidth bills? Besides, doing so can use up your bandwidth and data caps in the process.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:14 PM

Posted 21 April 2016 - 01:50 PM

This sort of sacrificial computer would actually be quite pointless, it's a problem faced by security analysts trying to study viruses. Basically, some viruses know they are being run on test machines and thus keep hidden and don't reveal themselves. You could download a suspicious file and on the experimental machine it could realise it was in a testing environment not a normal system and hence pretend to be a legitimate file, for example if it were a virus inside a download that claimed to be a program it could on the test machine act like the legit program, or fake an innocuous sounding error to explain why the normal program wasn't running and do absolutely nothing. But then try the same file on a real computer and it could detect that it was on a real working computer and run the viral parts of itself instead of the pretty face it tries to hide behind. This is a particularly significant problem with virtual machines, because most viruses developed these days recognise virtual machine environments and pretend to be benign when in them, so researchers can't find what the virus really is, because researchers will use virtual machines most of the time.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 21 April 2016 - 01:54 PM

If the computer isn't a virtual machine, and/or isn't configured for dynamic malware analysis, I'm pretty sure that the malware will run normally. In this situation, it doesn't seems like the OP is going to use either a VM (he mentionned a "desktop computer"), nor does it says anything about dynamic malware analysis (hooking it up to a debugger and so on).

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 21 April 2016 - 03:09 PM

It could become just another home based "malware honeypot".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 21 April 2016 - 04:45 PM

One day (soon hopefully), I'll have enough time to set that up (a home-based malware honeypot).

Give me all the samples! :D

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 22 April 2016 - 12:37 PM

This sort of sacrificial computer would actually be quite pointless, it's a problem faced by security analysts trying to study viruses. Basically, some viruses know they are being run on test machines and thus keep hidden and don't reveal themselves. You could download a suspicious file and on the experimental machine it could realise it was in a testing environment not a normal system and hence pretend to be a legitimate file, for example if it were a virus inside a download that claimed to be a program it could on the test machine act like the legit program, or fake an innocuous sounding error to explain why the normal program wasn't running and do absolutely nothing. But then try the same file on a real computer and it could detect that it was on a real working computer and run the viral parts of itself instead of the pretty face it tries to hide behind. This is a particularly significant problem with virtual machines, because most viruses developed these days recognise virtual machine environments and pretend to be benign when in them, so researchers can't find what the virus really is, because researchers will use virtual machines most of the time.

 

It is true that malware uses virtual machine detection. It is not true that malware researchers cannot deal with that. VM detection is rather something annoying, but never a real obstacle. Firstly, we do have standalone machines if necessary; secondly we are able to read the malware's code and modify it, so the VM detection does not work anymore.

 

 

How safe would it be to have one desktop computer as an experimental computer. For instance, a torrent or some kind of download where some people say there is a virus, some say it is clean, or there may be only one comment on the entire download or torrent claiming it is infected, but who knows if it is credible. Could a computer that is used in this manner spread infections (if it gets any) to other computers if I don't ever plug in a flash drive or anything. Could it infect other computers on our home internet?

 

This is not safe, infections do spread via networks. Furthermore your computer would be connected to the internet if you download torrents. Your computer will likely end up being controlled by malware as spam/malware sending machine, as part of denial of service attacks and as bitcoinminer. That means your machine will not only eat up your power and bandwidth, it will become a threat for others. It might even lead to the point were your ISP does not want you anymore as a customer.

 

Generally you should only deal with malware if you are trained in it.



#12 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:14 PM

Posted 22 April 2016 - 03:36 PM

 

your ISP does not want you anymore as a customer

Should you get certain types of malware your ISP wouldnt be very happy continually contacting you about "dangerous" malware on your machine.


How Can I Reduce My Risk to Malware?


#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 23 April 2016 - 06:11 AM

Another risk is with malware that tries to reconfigure the DNS of your router/modem to point to a DNS server under control of the criminals. This will impact other machines on your network too.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:05:14 AM

Posted 23 April 2016 - 07:24 PM

Actually, there is a way to have a malware experimental computer with Internet access, on the same LAN with other computers, with the router/modem and keep it isolated.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#15 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 23 April 2016 - 11:49 PM

It is not isolated by any definition if it has internet access.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users