Matt Posted December 27, 2005 Report Share Posted December 27, 2005 Hello everyone! I am interested in using the IA-32 Emulator Bochs. I intend to use this to do testing on malware and various fixes. My concern is the security of this emulator. Since I do intend to be infecting the emulated OSes using Bochs, I want to be sure that it poses no risk to my physical machine. Basically, I want to know if it will function as successfully and securely as VMWare. Unfortuantely, I cannot afford VMWare, nor do I have a test box for this type of thing. If anyone has used this before, let me know what you think.Thanks,Matt Quote Link to post Share on other sites
jcl Posted December 27, 2005 Report Share Posted December 27, 2005 (edited) VMware Player is free. It's not as featureful as the commercial products but it's done everything I've needed.Anyway, Bochs should be fine if performance isn't an issue. QEMU is also worth a look. Edited December 27, 2005 by jcl Quote Link to post Share on other sites
Matt Posted December 27, 2005 Author Report Share Posted December 27, 2005 jcl said: VMWare Player is free. It's not as featureful as the commercial products but it's done everything I've needed.I will be needing to run Windows OSes. Correct me if I'm wrong, but you cannot load your OS into VMWare Player, you have to use one they offer? Quote Link to post Share on other sites
jcl Posted December 27, 2005 Report Share Posted December 27, 2005 (edited) AFAIK you can install whatever you want on it. Grab the player and one of the sample images, edit the config file for the image to point at your install media (I've only used ISO images, but I think it can coaxed into reading a drive), and install over the sample system. I used a Syllable image to test Syllable, ReactOS, FreeDOS, Debian, Fedora, (I think) Ubuntu, Solaris, and a couple other systems. Edited December 27, 2005 by jcl Quote Link to post Share on other sites
Matt Posted December 27, 2005 Author Report Share Posted December 27, 2005 jcl said: AFAIK you can install whatever you want on it. Grab the player and one of the sample images, edit the config file for the image to point at your install media (I've only used ISO images, but I think it can coaxed into reading a drive), and install over the sample system. I used a Syllable image to test Syllable, ReactOS, FreeDOS, Debian, Fedora, (I think) Ubuntu, and a couple other systems.Heh, way over my head jcl I think I'll try Bochs, (once I return home) and see how it works out. I just spoke with a developer of Bochs, and they said that (as with any emuator) there is the risk that if the malware travels over a network, it could send packets to my host machine. Users of VMWare that do malware testing say they have never had an issue of being infected via connection to the emulated OS--so that's good.Do you see any advantages of QEMU over Bachs?Thanks,Matt Quote Link to post Share on other sites
jcl Posted December 27, 2005 Report Share Posted December 27, 2005 Matt said: Do you see any advantages of QEMU over Bachs?Better performance. Quote Link to post Share on other sites
Matt Posted December 27, 2005 Author Report Share Posted December 27, 2005 Thanks jcl. I'll play with both of them, and I'll probably mess around with VMWare Player. This most likely won't be the last you hear from me on this, as I'll most likely hit some road bumps along the way.Matt Quote Link to post Share on other sites
jcl Posted December 27, 2005 Report Share Posted December 27, 2005 (edited) Ack. I just remembered what a pain QEMU was on Windows the last time I tried it. It only ran within a MinGW/MSYS session and networking didn't work. I ended up using VMware Player because it was easier to munge Player configs. Edited December 27, 2005 by jcl Quote Link to post Share on other sites
Matt Posted December 27, 2005 Author Report Share Posted December 27, 2005 Alright, thanks. Like I said, this won't be that last you hear from me on this. I'll return once I get it set up if I need OS install help, persuade VMPlayer to use windows, or other things. Thanks again jcl. Quote Link to post Share on other sites
Matt Posted December 31, 2005 Author Report Share Posted December 31, 2005 Just an update: jcl, I'm going to try to do this with VMware Player. I did some snooping online and found a simple way to do it. Thanks for this tip!Matt Quote Link to post Share on other sites
iccaros Posted January 1, 2006 Report Share Posted January 1, 2006 just a note...it is common pratice to use an OS that is not infetable with the exploits you are testing.. even with a good VM like VMWARE, a network exploit can still infect you main system..BSD or Linux is a great host for testing windows exploits and no fear of it infecting your system..just a thought Quote Link to post Share on other sites
Matt Posted January 1, 2006 Author Report Share Posted January 1, 2006 Hey iccaros. Yeah, I was considering that. I may decide to reinstall ubuntu for this. The person I talked to who was a Bochs developer told me the same thing.Matt Quote Link to post Share on other sites
iccaros Posted January 1, 2006 Report Share Posted January 1, 2006 to add agian..Gentoo is a good choice as it has boch, quemm (and kquemm) and vmware in its portage package system. its simple to install, just takes a little more time as you compile it.. but its a simple emerge command.. Quote Link to post Share on other sites
Matt Posted January 1, 2006 Author Report Share Posted January 1, 2006 Well, I installed and used VMware player. Unfortunately, it doesn't have one feature that I really need: snapshot. Without that, I can not revert back after infecting my machine. I may give VM Works a whirl now... Quote Link to post Share on other sites
iccaros Posted January 2, 2006 Report Share Posted January 2, 2006 you can cheat snapshots.. just make a copy of the folder you have the "system" in.. this works well but takes up more space. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.