Im just curious about the power of worms , trojans and toolkits , and the use in a virtual machine environment. I want to do some more research is hacker tools and this would be an ideal test.
Any information on this idea would be appreciated.
Mainly I want to VM a windows 2003 server and use current "kiddie tools" to see changes to the kernel and other places ,

thanks sceaser

So, you want to know whether or not viruses work in a virtual environment? Considering a virus is software side, they should work fine, and you would have a safe environment to test them in.

Yeah Safty is the main concern . If I load them into the virtual Machine , what
are the chances that it could replicate or infect the real machine ? , and Is norton or antivirus going to be mad at me or try and clean it from the VM?

As long as you do it all from within the virtual machine, Norton outside the VM shouldn't have a problem unless it actively monitors the internet connection and notices stuff coming in. If that happens, you can probably just temporarily disable it, because since you're not running any code in the good windows installation you shouldn't have to worry about infection (but I wouldn't expect you'd have a problem).

Basically, it comes down to where the software is being run. The virtual machine is like a box, and the virus or whatever doesn't know that it's in a box... it'll only modify code on hardware that doesn't physically exist... yea you can botch a virtual copy of windows but the good copy you're running the VM from should be fine

ar1stotle wrote:

As long as you do it all from within the virtual machine, Norton outside the VM shouldn't have a problem unless it actively monitors the internet connection and notices stuff coming in. If that happens, you can probably just temporarily disable it, because since you're not running any code in the good windows installation you shouldn't have to worry about infection (but I wouldn't expect you'd have a problem). Basically, it comes down to where the software is being run. The virtual machine is like a box, and the virus or whatever doesn't know that it's in a box... it'll only modify code on hardware that doesn't physically exist... yea you can botch a virtual copy of windows but the good copy you're running the VM from should be fine

Emphasis always on "should be" of course, as all the best nasties are network oriented, so anything less than a *very* tightly controlled connection between the Host and the VM could open up a rather big mess for your host system. My first recommendation is to completely back up your host system somewhere nothing can touch it (DVD-R's are great for the job).

True, anything is possible, but it's more than just a network connection that's separating the VM from the host.

ar1stotle wrote:

True, anything is possible, but it's more than just a network connection that's separating the VM from the host.

That depends entirely on how the pair are configured, if it's anything like any other VM I've worked with, it's either default, or trivial to configure the VM to use either an internal "crossover"-like connection, or (and worse in this case, as it threatens the whole network the host is on even more immediately) share the hosts LAN connection in some way that allows the VM to appear transparently as another system. While there's more than just the LAN involved, the LAN could, and quite likely would, be the path of least resistance for the VMs various infections to make their way back into the wild.

You guys have been great , I think Ill use a VM on a " seperate machine" from my LAN to do my testing just to make sue I dont let some nasties in to da real world
Maybe with another Real machine usin somthing like Norton Internet protection to watch and learn , to see if any little bugs try to multiply throught the VM LAN to other machines

I don't know about microsoft's virtual machine software, but with VMWare, you can enable and disable the virtual LAN adapter so that the virtual computer doesn't have a network connection.