Recommended Posts

Hello everyone! I am interested in using the IA-32 Emulator Bochs. I intend to use this to do testing on malware and various fixes. My concern is the security of this emulator. Since I do intend to be infecting the emulated OSes using Bochs, I want to be sure that it poses no risk to my physical machine. Basically, I want to know if it will function as successfully and securely as VMWare. Unfortuantely, I cannot afford VMWare, nor do I have a test box for this type of thing. If anyone has used this before, let me know what you think.

Thanks,

Matt

Link to post
Share on other sites

AFAIK you can install whatever you want on it. Grab the player and one of the sample images, edit the config file for the image to point at your install media (I've only used ISO images, but I think it can coaxed into reading a drive), and install over the sample system. I used a Syllable image to test Syllable, ReactOS, FreeDOS, Debian, Fedora, (I think) Ubuntu, Solaris, and a couple other systems.

Edited by jcl
Link to post
Share on other sites
  jcl said:
AFAIK you can install whatever you want on it. Grab the player and one of the sample images, edit the config file for the image to point at your install media (I've only used ISO images, but I think it can coaxed into reading a drive), and install over the sample system. I used a Syllable image to test Syllable, ReactOS, FreeDOS, Debian, Fedora, (I think) Ubuntu, and a couple other systems.

Heh, way over my head jcl :lol:

I think I'll try Bochs, (once I return home) and see how it works out. I just spoke with a developer of Bochs, and they said that (as with any emuator) there is the risk that if the malware travels over a network, it could send packets to my host machine. Users of VMWare that do malware testing say they have never had an issue of being infected via connection to the emulated OS--so that's good.

Do you see any advantages of QEMU over Bachs?

Thanks,

Matt

Link to post
Share on other sites

Ack. I just remembered what a pain QEMU was on Windows the last time I tried it. It only ran within a MinGW/MSYS session and networking didn't work. I ended up using VMware Player because it was easier to munge Player configs.

Edited by jcl
Link to post
Share on other sites

just a note...

it is common pratice to use an OS that is not infetable with the exploits you are testing.. even with a good VM like VMWARE, a network exploit can still infect you main system..

BSD or Linux is a great host for testing windows exploits and no fear of it infecting your system..

just a thought

Link to post
Share on other sites

to add agian..

Gentoo is a good choice as it has boch, quemm (and kquemm) and vmware in its portage package system. its simple to install, just takes a little more time as you compile it.. but its a simple emerge command..

Link to post
Share on other sites

you can cheat snapshots.. just make a copy of the folder you have the "system" in.. this works well but takes up more space.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.