You wouldn’t do it on your own daily driver. You would either spin up a virtual machine (e.g. VMWare) or simply use some other computer that you can easily reformat.

You wouldn’t do it on your own daily driver. You would either spin up a virtual machine (e.g. VMWare) or simply use some other computer that you can easily reformat.

A virus or other piece of malicious software (“malware”) is just a computer file. It’s not dangerous unless it’s in a place where it is going to get executed.

A big part of how viruses spread is by tricking people into putting them into places where they will be executed. (For example, a Trojan Horse hiding inside a cute animated greeting card.)

And for testing viruses, both creators and researchers use isolated computers or small networks that can be completely wiped after testing.

The source code is just a text file that sits on your computer and is totally harmless until you make the computer run it. You don’t have to run the code on the same computer you are writing it on. There is a technique called remote debugging, where the code is written on one computer but runs on another one so you can debug it (inspect what the code is doing while it is running). That other computer can be a virtual machine built from an image (a kind of template), so if it gets trashed, you can easily reset it from the template and start over fresh without losing anything. To test the ability for it to spread, you can restrict the network access of the virtual machine so the malware can spread to other virtual machines but not back to the main machine.

The malware author can put backdoors or safety mechanisms in the code so that it won’t perform harmful actions if the machine has a certain name, a certain address or file present, etc. This is sometimes how malware authors get caught because the name or address in the backdoor provides clues that lead back to the author.

A virus or other piece of malicious software (“malware”) is just a computer file. It’s not dangerous unless it’s in a place where it is going to get executed.

A big part of how viruses spread is by tricking people into putting them into places where they will be executed. (For example, a Trojan Horse hiding inside a cute animated greeting card.)

And for testing viruses, both creators and researchers use isolated computers or small networks that can be completely wiped after testing.

The source code is just a text file that sits on your computer and is totally harmless until you make the computer run it. You don’t have to run the code on the same computer you are writing it on. There is a technique called remote debugging, where the code is written on one computer but runs on another one so you can debug it (inspect what the code is doing while it is running). That other computer can be a virtual machine built from an image (a kind of template), so if it gets trashed, you can easily reset it from the template and start over fresh without losing anything. To test the ability for it to spread, you can restrict the network access of the virtual machine so the malware can spread to other virtual machines but not back to the main machine.

The malware author can put backdoors or safety mechanisms in the code so that it won’t perform harmful actions if the machine has a certain name, a certain address or file present, etc. This is sometimes how malware authors get caught because the name or address in the backdoor provides clues that lead back to the author.

The creating computer has to take the vaccine first before creating the virus. This ensures that it won’t get sick.

The creating computer has to take the vaccine first before creating the virus. This ensures that it won’t get sick.

A virus is a piece of software just like any other, and therefore the writer of that software can build in certain safeguards that allow them to test the software “safely.” For example, if I have a program that encrypts all someone’s files and holds them at ransom, I also have the key to that encryption. Or if I create a software that tracks all your keyboard presses, I know where the file gets “hidden” and what to delete.

Basically, knowing how the virus works in advance makes it trivial to prepare for and create countermeasures. The majority of cyber arms races is just examining other peoples’ software and figuring out how they works.

A virus is a piece of software just like any other, and therefore the writer of that software can build in certain safeguards that allow them to test the software “safely.” For example, if I have a program that encrypts all someone’s files and holds them at ransom, I also have the key to that encryption. Or if I create a software that tracks all your keyboard presses, I know where the file gets “hidden” and what to delete.

Basically, knowing how the virus works in advance makes it trivial to prepare for and create countermeasures. The majority of cyber arms races is just examining other peoples’ software and figuring out how they works.