https://wiki.spybot.info/index.php?action=history&feed=atom&title=Virtual_MachinesVirtual Machines - Revision history2026-06-03T20:01:37ZRevision history for this page on the wikiMediaWiki 1.39.15https://wiki.spybot.info/index.php?title=Virtual_Machines&diff=885&oldid=prevPepiMK: first draft2008-06-26T07:56:21Z<p>first draft</p>
<p><b>New page</b></p><div>Virtual Machines are a key instrument in analyzing malware, since they allow a separate environment that can be quickly reset.<br />
<br />
==Precautions==<br />
Even if code runs in a virtual machine, that machine usually has network connections to the outside set up. It is essential to have a sensible setup everywhere else on the local network as well, which means for example absolutely no network shares that are not user/password protected, no XP machines that haven't seen a recent Windows Update, and similar standard security precautions.<br />
<br />
==Problematics==<br />
Advanced malware might be able to detect that it is running in a virtual machine, and would then behave differently, making runtime analysis complicated. Our small tool [[VMDetectInfo]] demonstrates how many different criteria malware can use for this purpose.<br />
<br />
==Available Software==<br />
In alphabetical order. No recommendations given because the problematics described account for the need for more than one solutions to have at hand.<br />
<br />
===Bochs===<br />
[http://bochs.sourceforge.net/ Bochs] is aiming at emulating an x86 CPU, making it possible to port emulation even to other hardware platforms. It is open source.<br />
<br />
* [http://en.wikipedia.org/wiki/Bochs Wikipedia on Bochs]<br />
<br />
===QEMU===<br />
[http://bellard.org/qemu/ QEMU] is another solution that allows emulation of processor hardware, with more options than just the x86 CPU.<br />
<br />
* [http://en.wikipedia.org/wiki/QEMU Wikipedia on QEMU]<br />
<br />
===Virtual PC===<br />
[http://www.microsoft.com/windows/downloads/virtualpc/default.mspx Virtual PC] is Microsofts virtualization solution. It is available as a free download in Microsofts download center.<br />
<br />
* [http://en.wikipedia.org/wiki/Microsoft_Virtual_PC Wikipedia on Virtual PC]<br />
<br />
===VMware===<br />
====VMware Workstation====<br />
[http://www.vmware.com/ VMware] is probably one of the oldest commercial tools that allows you to use virtual machines, and grows more powerful with every release. The standard single user product is called [http://www.vmware.com/products/ws/ VMware Workstation]. It offers a GUI to set up virtual machines, and one of the most important features that was added in the last years were snapshots that allow you to jump between various states of a machine without having .<br />
<br />
* [http://en.wikipedia.org/wiki/VMware_Workstation Wikipedia on VMware Workstation]<br />
<br />
====VMware Player====<br />
[http://www.vmware.com/products/player/ VMware Player] is the lite version of the product above, without the ability to create new virtual machines and without snapshots. It might still be a good start to look into, since it is available as a free download.<br />
<br />
* [http://en.wikipedia.org/wiki/VMware_Player Wikipedia on VMware Player]<br />
<br />
===Wine===<br />
[http://www.winehq.org/ Wine is not an emulator], but a subsystem layer for Linux/Unix. It can be helpful in automated malware analysis solutions, but needs good knowledge of the system to be set up correctly for this purpose. Wine has currently reached the first state describes as stable, it's version 1.0.<br />
<br />
* [http://en.wikipedia.org/wiki/Wine_(software) Wikipedia on Wine]</div>PepiMK