Not exactly

They are aquired through downloads, that fail scans (positive IDs), or directly from sites on occasion (IE SubSeven). My "real" OS rarely sees the internet, I spend most of my time in my "test" OS trying out programs and configs, which if they prove useful and safe migrate.

My System configuration goes like this
200GB RAID5, without any OS loaded (no system partition)
3x selectable ( Romtec Trio IDE Switcher one at a time is selectable) 40GB HDDs (IDE 0 Master)
2x manually switched 40GB HDDs (IDE 1 Master) or the 2GB ZOO

When I test the security of a fresh OS config or new dezien, I select the appropriate HDD and OS and hookup the ZOO, and try to import the file or exe, its fun to see which program detects first, and which miss all together, since Ive got Ghosts and ISO backups Ive even gone as far as disabling security until the infection took, and then attempt repairs for practice, observe what they did (with a filechecker and comparitive system root. Generally even when I think Im successful I still wipe the drive and Image back). But I havent let any communication to the net take place (wouldnt want to reveal my IP)
I generally take my RAID and NIC offline when I try this, just to be safe.
Im still learning about interogating a Trojan using TDS-3 and havent worked up the courage to actually do it yet.


With 400GB of usable storage and (currently) 8 or so OS installations (98\ME\W2K\XP) Im slowly learning about security by trial and error, my next phase will be setting up a network and playing with Linux (want to build a Bastille hardened firewall)

I collect Blackhat links and read how they compromise systems, as well as preventative measures to be had in the security forums and reading rooms (SANS) Right now though Im still boning up on W2K and XP Pro Group Policy security features and Intruder Detection schemes