3

I'm training some high school students interested in OS security (specifically, Windows Server 2003/2008), and though I've gone over a lot of the "in-theory" stuff, some hands on would be great. They're interested in learning about common security points in the OS (autorun, BHO's, Windows hooks, email, IIS/web sites, and the like).

What types of harmless applications can I install that they can find? (Stuff that won't actually harm our network, but auto-runs, embeds itself into browsers, pops up messages, anything else you can think of).

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Brandon
  • 2,817
  • 1
  • 24
  • 28
  • You should accept some of the answers to your questions and you would probably get more responses. – Chadddada Jun 27 '11 at 17:11
  • I checked over some of your questions and the ones that *do* have answers on them have no feed back saying that it didn't work and no follow up on your part to give updates. With as many questions that you have asked, 15% shows lack of effort on your part to keep up with the community – Nixphoe Jun 27 '11 at 17:20
  • SO is quite a bit busier then SF, so as Nixphoe states you sometimes have to work at it a little more to get your answer here. SO you will get many blanket responses; If you throw enough at the wall something is bound to stick. There are many of us here on the site that actively look if you need additional help, if our presented solution worked, etc. If you don't respond and followup then people can't continue to work with you on an answer. – Chadddada Jun 27 '11 at 17:56
  • 1
    @Nixphoe @Chadddada FTFY – Brandon Jun 27 '11 at 18:03
  • This question is off-topic under current topicality rules. – HopelessN00b Jan 21 '15 at 21:51

3 Answers3

6

You can use the EICAR virus. It can be used for testing anti-virus software and students.

user9517
  • 115,471
  • 20
  • 215
  • 297
1

I used to test new-hire techs with a computer that had fake viruses on it. I would never install a virus on the computer. I wrote my own scripts to popup error messages and tie them into the OS in the same way I'd seen viruses dig their claws in in the past. Throw them in the run registry key, change the proxy settings on IE, create an image hijack. It may be best not to let your students work with real viruses but create real world scenarios where they can learn how these things actually behave.

Jason Berg
  • 19,084
  • 6
  • 40
  • 55
-2

You could install some VirtualBox instances with a windows guest or two, and then let them surf around and click all the "Fix Windows now" and "Click the Monkey" ads; they wouldn't be harmless, but a quick restore of an earlier snapshot removes them. It would be a good object lesson for them to see exactly how easy it is to get a nasty virus if you're not careful.

Bryan Agee
  • 1,209
  • 2
  • 11
  • 27
  • 3
    -1 - I don't care if it is in a VM, you shouldn't install malicious viruses like those. I wouldn't want all of that botnet traffic on my network. – Jason Berg Jun 27 '11 at 17:08