Originally posted here by zencoder
For $DIETY's sake, if you're gonna go through with this, do it in a virtual environment running on a secured platform. For example, a Linux host with a Windows guest OS.

Not to be offensive, but are you sure you know WTF you're doing? This is *NOT* a good idea, unless you are a skilled and competent code, network, and systems analyst. And even then, it's probably a bad idea. From the content of your posts in this thread, I don't get the impression that you are an uber-techno-wizard, so this sort of behavior is probably a BAD IDEA(C)

Hey Zencoder; I have to say that when I started into the virus research field, I didn't know what I was doing. I started way back in 1991 - 92 and started by getting ahold of Michelangelo (at the time a rather nasty bug). I used softice to decompile it and read it's code, ran the virus on my system and debugged/traced its route through my 'puter and then cleaned it off. Back until about 2001 the only virus I ever was unable to get rid of - even with a lowlevel format - was the jackal virus. At that time I didn't know about virtual machines (I was running in DOS and Windows 3.11 for WorkGroups) and just ran it on my system. Of course I had backups, but they didn't help with a virus that infected everything... and I mean EVERYTHING

So as far as being a technowiz, skilled code/network/systems analyst, that I wasn't. Noone gets to that point unless they are willing to learn and try things that - yeah - sometimes might just totally screw their system. Bad idea? what's so bad about wanting to learn?

Originally posted here by Tiger Shark
Zen:

Give the guy a bit of a break here.....

It sounds like he wants to learn....

Sgt: You goal might be worthy but you need to know your virus before your start. It's not good enough to just get yourself a virus and fire it off in the hope that you can undo the damage. You need to get your virus, identify it, research _exactly_ what it can/will do and then come up with your mitigating techniques. For the most part this can be done on a standalone machine using the tools I pointed you at. Worst case you may want to connect this box to another with a crossover cable and a sniffer so that you can see what the virus sends out. In both cases I would have the drives imaged so that you can return the box to a "sensible" state.

This isn't something you take on casually.... Think before you act... If you don't have a solution for a problem the virus would present you with then the exercise ends right there... you don't activate the thing..... capiche?

Well, Tiger, I guess I failed your suggestion (see above).

Seriously, though, you make a valid point. After being in the virus research field for the past 13 years, I would never do what I did back then to research viruses. I agree that you NEED to know exactly what it can/will do and have a plan to stop/block it if it appears to be getting out of control. Had I done that with Jackal, I would have saved a $2000.00 computer system that had to be trashed (at the time I didn't know you could just replace the HDD and such). Now I use a win98SE system crossed to my primary, with firewall and AV blocking to avoid infecting the primary. With the setup I have I can run it on my old system, and use the main to watch what happens.

Blessings;

Carenath