Some unsolicited advice from a from a former certified CISSP
A) unless you know what you’re doing, don’t simply decide one day to “try some viruses”. Playing around with real viruses is like playing with fire. Do some research on the Morris worm of 1988 or Stuxnet to get an idea of what could go wrong
B) Ideally to prevent contamination of the host, you’d run your experiments on dedicated hardware on its own network.
C) if you insist on playing in a VM, the VM has to be as isolated as possible so that you do not cross-contaminate the host. That means turning off drag/drop, copy/paste and shared folders at an absolute minimum. You also would want to keep networking to NAT or ideally host-only with the host not having an IP address on the custom network. Even if you do these things you need to be aware that there may be vulnerabities in the hypervisor that could allow viruses to spread to the host.
D) in the interest of safety should anything go horribly wrong, back up every host on your network before doing anything and air-gap it so it can’t be contaminated. A make sure you know how to recover everything should you have to restore any system from bare metal. And make sure anything on your network is running a good, up to date AV product
E) If your ISP is blocking sites that provide viruses there is nothing you can do to get around that in Workstation or your host system. You’d have to resort to using another network provider that doesn’t block or maybe a VPN. But there’s no guarantee that a VPN won’t block those sites as well.
F) To find the EICAR test file, you could do a web search for it, That would get you here https://www.eicar.org/download-anti-malware-testfile/
The EICAR test file is the safest method because it is not a real virus, but will trigger a response from AV scanners as if it was. Since it’s benign, it doesn’t require the precautions of A through E above.
- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides
