A safe way to test any Windows antivirus software's anti-malware capabilities
Have you ever wondered if your antivirus is really working at blocking real viruses, or what options can actually protect you from ransomware?
If you want to determine if an anti-virus software is good or not, then it is best to test the software's ability to actually fight malware. Learn how to do this safely in the following article!
Preventive measures
When choosing a computer to use for these tests, you should choose an old computer that you no longer need, or a new, inexpensive computer that doesn't have any of your personal files on it.
Warning: This guide involves downloading real malware – programs designed to do real damage to your computer and data. If you take enough precautions, you will be safe. But be prepared for anything bad that could happen.
Install Windows virtual machine
Since we're running a Windows virtual machine (VM), try starting with a computer using something other than the Windows operating system, such as macOS or Linux. By having the server run a different operating system than the virtual machine, it is less likely that a virus that infects your virtual machine can break in to infect the actual host system.
The article is using Parallels Desktop for Mac on macOS to run the Windows virtual machine in this tutorial. Let's install Parallels with Windows 11; This is very easy and only requires a few clicks to set up.
More virtualization options
If you have a different host operating system or want to use a different provider, you can choose a different virtualization software instead of Parallels. There are many options, depending on your host operating system. A few good options include:
Protect and Power Up Windows
You can limit the potential for malware to spread by preparing various programs and settings before downloading and checking for malware.
Install, update and configure anti-virus software
At this point, you want to install the antivirus program of your choice on your virtual machine. This tutorial is using the default Windows Defender.
1. Open the Settings app and click Privacy & security > Windows Security .
2. Click Virus & threat protection .
3. Scroll down a bit and click Manage settings.
4. On the next screen, make sure that all security options are enabled, especially the Real-time protection option.
5. Click the back button in the top left corner, then scroll down to click Protection updates.
6. Click Check for updates to make sure Windows Defender can identify the latest threats.
Create a non-admin user account
The default account on a Windows virtual machine is usually the admin account. It is more risky to run malware with an admin account because it can make changes to the operating system without requiring a password.
1. Open Settings > Accounts .
2. Click Other users.
3. Click Add account.
4. Click I don't have this person's sign-in information .
5. Click Add a user without a Microsoft account .
6. Enter the user name and password.
7. Scroll down to fill in all the security questions, then click Next.
8. New account will be created as "Standard User" , not "Administrator". Click the Windows Start button , then click your current username and choose a new username.
9. Sign in with your chosen password.
Prepare to run malware
To prepare the virtual machine to run malware and test it, you will need the following items:
Install Python
You will have to install Python 2.7, a safe program, to run the malware archive that will be downloaded later.
1. Open the Settings app and search for App execution aliases in the search bar.
2. Scroll down to find any entries named 'python3.exe' or 'python.exe' and disable them all.
3. Download Python 2.7 from its official website (Windows x86-64 MSI installer file).
4. Go through with settings. In the customization steps make sure you have 'Add python.exe to Path' enabled .
5. Download and install Microsoft Visual C++ Compiler for Python 2.7.
Download and install theZoo
1. Go to theZoo on GitHub. theZoo is a popular open source program that safely browses a collection of known malware. Click Code > Download ZIP . Rest assured, nothing bad will happen to your computer if you just download this .ZIP file. All malware remains encrypted and locked until you complete the final step below.
2. Extract the downloaded .ZIP file and enter the directory. You will see different .PY files and a 'malware' folder.
3. Right-click an empty space in the file explorer and click Open in Terminal .
4. Install and update the additional Python modules that theZoo needs to operate. Type the command pip install --user --upgrade "pip==20.3.4" and press Enter.
5. Enter the following pip install pyreadline command .
6. Type pip install --user -r requirements.txt .
7. You will see the message 'Successfully installed pyminizip-0.2.6' . Don't worry about the warning messages.
Configure Parallels settings for maximum security
1. Shut down your Windows virtual machine.
2. Click the gear icon of the Windows virtual machine in the Parallels Control Center.
3. Go to Hardware > CPU & Memory > Manual , then reduce Processors and Memory to less than half of your physical system capacity. To be safe, reduce it to two processors and 4GB of memory.
4. Click Shared Printers , then uncheck Share Mac printers with Windows 11 .
5. Go to menu Network -> Source and select Disconnected.
6. Select Security and check the Isolate Windows from Mac option .
7. Click the power button on your Windows virtual machine in Parallels Control Center.
8. Log back in to the non-admin user you created earlier.
Even without using Parallels, you can apply the same settings to most other virtualization software.
Run malware
1. To run the malware, open a Terminal window in the theZoo folder as shown earlier.
2. Type python theZoo.py and press Enter.
3. Read the end user license agreement (EULA), then enter YES.
4. Inside the theZoo console, type help to see the various commands. Enter exit to leave theZoo at any time.
5. Type search ransomware to list all ransomware. You will see a list like the one below.
6. Select one of the malware using (replace it with the leftmost number next to the listed malware). For example, enter use 352 to select Petya ransomware.
7. Enter get to download the selected malware.
8. You'll quickly get a Windows Defender notification that it's blocked something.
This means you have good protection. While most good anti-virus programs will just silently block any malware from being downloaded, you should also verify it's working!
You should read it
- 3 ways to check if anti-virus software on PC is working?
- Top best antivirus application for Android phones
- If I don't use the Internet, do I need anti-virus software?
- 17 clear signs that your computer has been attacked by a virus
- Why shouldn't there be more than one antivirus on a Windows PC?
- How to use Malwarebytes Anti-Malware Home to find, remove spyware, ads, malicious ... on your computer
- How do you understand antivirus software?
- 3 things that antivirus software can't do
- Is antivirus software really slowing down your computer?
- Why Uninstall Antivirus on Android Devices
- Does the smartphone come with anti-virus software?
- 3 ways to identify a Mac infected with a virus