Question (hard to describe in subject line)

CZroe

Lifer
Jun 24, 2001
24,195
857
126
I have been looking for a certain program for a long time, and I suspect that the executable file sent to me is malicious. Is there a way to run a program in a restricted mode, denying it the ability to modify/delete files or tamper with the registry?

If there is no way to do this with WinXP, is it possible to create a program which runs the executable in an emulated PC environment? (possibly simulating your own registry and file system and allowing it to make virtual changes to it)

edit:
An interesting idea, no?
If someone were to create such a program, it could be used to safely test any program even if it is a new virus, not found in any virus database. You could even temporarily install and run programs which include spyware. The spyware (and the program itself) is gone when you are done using it :)
 

IndyJaws

Golden Member
Nov 24, 2000
1,931
1
81
You could create a small partition on your HD and install an OS in that. That way, you could see what it (the program in question) did and if it had any ill-effects on your system without hurting your main OS.

Hmmm...you've got me intrigued! ;) What could it be???
 

CZroe

Lifer
Jun 24, 2001
24,195
857
126
Writing a program to temporarily simulate your current file/directory/registry structure and restrict access to the internet would be extremely useful. After the executable has finished, you could view a log of all the "changes" it attempted to make.
 

IamDavid

Diamond Member
Sep 13, 2000
5,888
10
81
You could send it to me to test out.. I like having to redo my system whenever possible.. :)
A program to test it would be a neat idea though..
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Dont run it as an administrator. If you are using Windows, not DOS (like win9x), and have it setup correctly, this will prevent any important files from being replaces/modified. You could also install Windows in VMWare on that machine and test it out there. Running a HIDS that keeps a database of file checksums (like tripwire) you could easily find out what has been changed.
 

Muse

Lifer
Jul 11, 2001
38,960
9,020
136
To me, the question would be whether or not the damage that could be incurred could be limited to one partition or at least one HD. If I wanted to test that program (that is to run it and see what happened), I would Ghost my entire Primary Master HD and disconnect my 2nd HD (assuming I was worried about it). I would then run the program and if I was worried that some damage had been done I would Ghost back my HD and all would be as if nothing had happened. For sure.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Something else you may want to think about is where you are getting these executables. I would test this executable and notify the creator if you find that it is infected. If the creator is distributing trojaned software there could be hundreds or thousands of users that are infected, and maybe a server or two cracked. Of course, if you are getting this through warez you get what you deserve. :p