A safe way to test any Windows antivirus software's anti-malware capabilities

If you want to determine if an anti-virus software is good or not, then it is best to test the software's ability to actually fight malware. Learn how to do this safely in the following article!

Preventive measures

When choosing a computer to use for these tests, you should choose an old computer that you no longer need, or a new, inexpensive computer that doesn't have any of your personal files on it.

Warning: This guide involves downloading real malware – programs designed to do real damage to your computer and data. If you take enough precautions, you will be safe. But be prepared for anything bad that could happen.

Install Windows virtual machine

Since we're running a Windows virtual machine (VM), try starting with a computer using something other than the Windows operating system, such as macOS or Linux. By having the server run a different operating system than the virtual machine, it is less likely that a virus that infects your virtual machine can break in to infect the actual host system.

The article is using Parallels Desktop for Mac on macOS to run the Windows virtual machine in this tutorial. Let's install Parallels with Windows 11; This is very easy and only requires a few clicks to set up.

More virtualization options

If you have a different host operating system or want to use a different provider, you can choose a different virtualization software instead of Parallels. There are many options, depending on your host operating system. A few good options include:

Protect and Power Up Windows

You can limit the potential for malware to spread by preparing various programs and settings before downloading and checking for malware.

Install, update and configure anti-virus software

At this point, you want to install the antivirus program of your choice on your virtual machine. This tutorial is using the default Windows Defender.

1. Open the Settings app and click Privacy & security > Windows Security .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 1

2. Click Virus & threat protection .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 2

3. Scroll down a bit and click Manage settings.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 3

4. On the next screen, make sure that all security options are enabled, especially the Real-time protection option.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 4

5. Click the back button in the top left corner, then scroll down to click Protection updates.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 5

6. Click Check for updates to make sure Windows Defender can identify the latest threats.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 6

Create a non-admin user account

The default account on a Windows virtual machine is usually the admin account. It is more risky to run malware with an admin account because it can make changes to the operating system without requiring a password.

1. Open Settings > Accounts .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 7

2. Click Other users.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 8

3. Click Add account.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 9

4. Click I don't have this person's sign-in information .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 10

5. Click Add a user without a Microsoft account .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 11

6. Enter the user name and password.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 12

7. Scroll down to fill in all the security questions, then click Next.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 13

8. New account will be created as "Standard User" , not "Administrator". Click the Windows Start button , then click your current username and choose a new username.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 14

9. Sign in with your chosen password.

Prepare to run malware

To prepare the virtual machine to run malware and test it, you will need the following items:

Install Python

You will have to install Python 2.7, a safe program, to run the malware archive that will be downloaded later.

1. Open the Settings app and search for App execution aliases in the search bar.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 15

2. Scroll down to find any entries named 'python3.exe' or 'python.exe' and disable them all.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 16

3. Download Python 2.7 from its official website (Windows x86-64 MSI installer file).

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 17

4. Go through with settings. In the customization steps make sure you have 'Add python.exe to Path' enabled .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 18

5. Download and install Microsoft Visual C++ Compiler for Python 2.7.

Download and install theZoo

1. Go to theZoo on GitHub. theZoo is a popular open source program that safely browses a collection of known malware. Click Code > Download ZIP . Rest assured, nothing bad will happen to your computer if you just download this .ZIP file. All malware remains encrypted and locked until you complete the final step below.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 19

2. Extract the downloaded .ZIP file and enter the directory. You will see different .PY files and a 'malware' folder.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 20

3. Right-click an empty space in the file explorer and click Open in Terminal .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 21

4. Install and update the additional Python modules that theZoo needs to operate. Type the command pip install --user --upgrade "pip==20.3.4" and press Enter.

5. Enter the following pip install pyreadline command .

6. Type pip install --user -r requirements.txt .

7. You will see the message 'Successfully installed pyminizip-0.2.6' . Don't worry about the warning messages.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 22

Configure Parallels settings for maximum security

1. Shut down your Windows virtual machine.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 23

2. Click the gear icon of the Windows virtual machine in the Parallels Control Center.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 24

3. Go to Hardware > CPU & Memory > Manual , then reduce Processors and Memory to less than half of your physical system capacity. To be safe, reduce it to two processors and 4GB of memory.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 25

4. Click Shared Printers , then uncheck Share Mac printers with Windows 11 .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 26

5. Go to menu Network -> Source and select Disconnected.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 27

6. Select Security and check the Isolate Windows from Mac option .

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 28

7. Click the power button on your Windows virtual machine in Parallels Control Center.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 29

8. Log back in to the non-admin user you created earlier.

Even without using Parallels, you can apply the same settings to most other virtualization software.

Run malware

1. To run the malware, open a Terminal window in the theZoo folder as shown earlier.

2. Type python theZoo.py and press Enter.

3. Read the end user license agreement (EULA), then enter YES.

4. Inside the theZoo console, type help to see the various commands. Enter exit to leave theZoo at any time.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 30

5. Type search ransomware to list all ransomware. You will see a list like the one below.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 31

6. Select one of the malware using (replace it with the leftmost number next to the listed malware). For example, enter use 352 to select Petya ransomware.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 32

7. Enter get to download the selected malware.

8. You'll quickly get a Windows Defender notification that it's blocked something.

A safe way to test any Windows antivirus software's anti-malware capabilities Picture 33

This means you have good protection. While most good anti-virus programs will just silently block any malware from being downloaded, you should also verify it's working!

Samuel Daniel

Update 17 February 2023