You can create it on a different OS (Linux) and use a virtual machine (windows) in a sandbox environment to test it out.

You can create it on a different OS (Linux) and use a virtual machine (windows) in a sandbox environment to test it out.

The raw code that makes up a virus is harmless on its own, it needs to be deployed in some way. In most cases, a virus is deployed when an unsuspecting user is tricked into doing so, whether that be through downloading and running a malicious executable, clicking a malicious email attachment, or plugging in a malicious piece of hardware.

Some very sophisticated viruses (or those targeting very insecure systems like printers) can self-deploy and spread without input from another user. Modern software is designed to be resistant to this sort of thing, so accomplishing it requires the exploitation of what are called zero-day vulnerabilities; that is vulnerabilities in software and/or hardware that are only known to the attacker. The infamous Stuxnet virus utilized 4 different zero-day vulnerabilities to infect Windows computers worldwide.

As other commenters have pointed out, testing a virus would need to involve an isolated system; something like a Virtual Machine, dedicated computer, or even an air-gapped network (that is a group of systems that have no physical way of connecting to the wider internet).

The raw code that makes up a virus is harmless on its own, it needs to be deployed in some way. In most cases, a virus is deployed when an unsuspecting user is tricked into doing so, whether that be through downloading and running a malicious executable, clicking a malicious email attachment, or plugging in a malicious piece of hardware.

Some very sophisticated viruses (or those targeting very insecure systems like printers) can self-deploy and spread without input from another user. Modern software is designed to be resistant to this sort of thing, so accomplishing it requires the exploitation of what are called zero-day vulnerabilities; that is vulnerabilities in software and/or hardware that are only known to the attacker. The infamous Stuxnet virus utilized 4 different zero-day vulnerabilities to infect Windows computers worldwide.

As other commenters have pointed out, testing a virus would need to involve an isolated system; something like a Virtual Machine, dedicated computer, or even an air-gapped network (that is a group of systems that have no physical way of connecting to the wider internet).

How are grenades made without destroying the factory?
simple! dont test the grenades in the factory, just test it somewhere else

so a person making a virus wouldnt necessarily test the virus on his own pc but rather uses a virtual machine etc

How are grenades made without destroying the factory?
simple! dont test the grenades in the factory, just test it somewhere else

so a person making a virus wouldnt necessarily test the virus on his own pc but rather uses a virtual machine etc

If we are talking about the actual creator, they understand how it works and can handle it accordingly. When you’re trying to forensically analyze a virus, you do it the same way you would a real one. You test it in a controlled environment. Somewhere safe. For example, you would not connect it to a network outside of the testing setup.

If we are talking about the actual creator, they understand how it works and can handle it accordingly. When you’re trying to forensically analyze a virus, you do it the same way you would a real one. You test it in a controlled environment. Somewhere safe. For example, you would not connect it to a network outside of the testing setup.

Computer Viruses arent as dangerous as people think. They dont magically go around destroying machines, and the people who make them know what they can do and how to stop them.

Computer Viruses arent as dangerous as people think. They dont magically go around destroying machines, and the people who make them know what they can do and how to stop them.