July 6th, 2010, 09:03 PM #1
Discussion on isolating an install and then analyzing the results
I have a possibly infected, custom "multi-installer" application, that I use on new builds.
It consists of a package containing freeware games, and it installs them as a batch and auto-creates icons.
I didn't create this but someone I trust did...
He hasn't had any issues using it, but lately when I've installed it on clients PC's, they end up getting various versions of scareware infestations.
It was on a USB thumbdrive that has been used hundreds of times to install security software and fixes for "compromised" machines so I'm guessing that is how this install has been corrupted.
What I'm asking is...
What are your suggestions for using a "sandbox" style install and then monitoring what its actually doing.
Has anyone done this sort of thing, and what did they use?
This could be helpful in many other instances as well.
July 7th, 2010, 01:50 PM #2
- Join Date
- Jan 2003
- Outside the box
- Blog Entries
Hmm no replies yet, I was actually wondering if there was an easier way than what I was going to suggest.
What I usually do for software testing is run an install via either a VM (virtual box mainly) or a secondary HDD that can be sandboxed. If I use the 2nd HDD I simply disable the other drives in the machine from the bios so there is no chance of cross infection. Then for monitoring use sysinternals, process monitor and reg monitor.
Probably not the easiest way to go but it gives you a pretty good idea of what's going on. I've heard of a few pieces of software like InCtrl5, WhatChanged and InstallRite but most of those are older and not updated so I haven't tested them out.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By Chuckiechan in forum DebateIMO: Politics, Religion, ControversyReplies: 19Last Post: September 14th, 2010, 11:57 PM
By Flav_cool in forum Technical SupportReplies: 2Last Post: December 9th, 2006, 12:42 PM
By Mave Datthews in forum General Tech DiscussionReplies: 13Last Post: November 21st, 2004, 10:49 AM
By VERT in forum General Tech DiscussionReplies: 9Last Post: April 1st, 2003, 07:17 PM
By nodnerb2 in forum Distributed ComputingReplies: 2Last Post: September 1st, 2002, 06:08 PM