How to Safely Test Software Without Messing up Your System
The internet is full of nice apps, but it’s also packed with shady software. Before installing something terrible, educate yourself in information security. Here are the best tools to protect yourself when you experiment with new programs.
If you don’t have spare computers, you need to protect your system when testing software that you don’t trust. In this post, you will learn about several methods that can help contain any malicious changes or prevent rogue apps from doing what you don’t need to. Some methods are focused on maximum security. Others are better at trying apps without breaking your settings, but they can be insecure. We’ll explain which ones work best at the end of each section.
Method 1: virtualize your entire desktop with VirtualBox
Virtual machines are one of the safest ways to test software (without creating a separate computer). This method allows you to simulate a complete operating system, isolated from the rest of your machine. If a program installs malware without your knowledge, it will be contained in the virtual machine. If it changes your wallpaper to a picture of dinosaurs coming to the Last Supper , your regular computer will not be affected. You can also save snapshots of your virtual machine so that no matter what happens, you can restore it exactly as it was before with a single button.
There are several tools you can use to create virtual machines, but we love VirtualBox . It is available for Windows, OS X and Linux and makes it very easy to take the aforementioned snapshots.
Before you start testing your software, you need to create a secluded place where you can be alone with it. Start by creating your virtual machine:
- Install and open VirtualBox. Make sure to install the extension pack from the downloads page .
- Click New to create a new virtual machine. You can check out our tutorial for detailed instructions, but the wizard should make it pretty simple. You will need to download the OS you want to try .
- Install the operating system of your choice on the virtual machine.
- Take a picture before installing anything else. This will allow you to revert to the original “fresh install” state after testing is complete.
At this point, you should have a flawless installation and a quick way to get back to normal. This is a safe place where you can install programs and try them out. However, it is important to remember that this does not mean that everything you do is safe. Here are a few more things you should be aware of if you need to try out potentially malicious software:
- Don’t enable bridged mode: As the How-To Geek points out , bridged mode removes some of the barriers between your VM and your host machine. It can also leave your host computer vulnerable to some malware, so be careful. This should be disabled by default, but if you’ve ever enabled it for any reason, disable it. Ideally, you should keep a separate, clean virtual machine for testing potentially malicious software.
- Disable network activity if necessary: after you have downloaded the software you want to install, you can disable network access for the virtual machine in the menu below. Just right-click your network adapter, select Network Settings and change Connected To: to Not Connected. It’s important to note that this not only disconnects your virtual machine from the Internet, but also disconnects it from other devices on your network, such as the host computer or even your router.
- Remember personal information: if your virtual machine is connected to the Internet, you can still transfer personal information. The virtual machine only protects your computer. It cannot prevent you from sending your credit card information to an untrustworthy merchant. If you absolutely need to enter personal information into an app that you don’t fully trust, disconnect its internet connection first.
Virtual machines are one of the most powerful software management techniques. Anyone who regularly tests applications is strongly advised to create a virtual machine and have it always at hand. However, if you try to run suspicious applications every few months or so, there are other, less cumbersome methods.
Method 2: lightweight virtualization with Cameyo
The downside of virtual machines is that they require a full OS installation and significant overhead. If you only want to see how an application works once without worrying about extra work, Cameyo offers a slightly simpler alternative. You can try out applications in a remote virtualized environment.
As we talked about recently , the service runs a virtualized version of Windows on a remote computer where you can run applications. The downside to this method is that you are limited to only one application, so this is not a perfect solution for everyone. However, if you just want to see what an application looks like before trying it out on your system, or don’t want to go through the hassle of setting up an entire virtual machine, this is a good sweet spot.
If you would like to use Cameyo to test your own applications, follow these steps:
- Create a Cameyo account and log in.
- In the left sidebar, click Add app.
- Select Create New Cameyo Package.
- If you have already downloaded the .exe, download it by choosing Local Computer. If you are not sure you can trust the source, use the URL parameter to link to the file.
- Select a target for storing the repackaged application. In most cases, My Apps will work, but you can save app bundles to your Dropbox space if you need to return to the app after more than a week.
- Click Submit.
When Cameyo finishes creating the repackaged application, you can launch it in a browser window. This method is especially useful if you need to see how an application works when you are using a non-Windows OS, or if you want to make sure that it doesn’t do anything questionable during installation.
Method 3: get basic sandbox protection
Sandboxie is a simpler virtualization alternative that lets you try out software on your own desktop without giving it full control. It allows you to browse the web or install and run applications alongside your existing system, so it can give you the closest idea of what it would be like if you actually installed it. You can quickly delete anything that has been downloaded or installed with a single button. You can think of it as a disposable cover that you put on your apps or browser as a form of protection against infections or unwanted installations.
Of course, Sandboxie is not without compromise. Everything you download or install on your system, is still in it. This means that if it is granted permission to read files, there are no obstacles between applications and your sensitive data. Sandboxie can undo any changes it makes, but reading is fair game. And of course, if something slips past Sandboxie, it could infect your real computer. Strictly speaking, virtual machines are safer, but Sandboxie offers additional protection for your day-to-day life.
You can download Sandboxie here . After installing the application, you can create an isolated browser window, download files and install applications in the sandbox. Everything you do in this sandbox can be deleted with one button. If you would like to download an application for testing, it is recommended that you start with an isolated browser session first to prevent infection from the site itself. To get started, follow these steps:
- Launch an isolated web browser. Sandboxie should have prompted to create a shortcut to your web browser on your desktop when you first installed it. Otherwise, right-click the Sandboxie icon in the taskbar and choose Default Field> Launch Web Browser.
- Open the site with the application you want to test and download it.
- When you upload files, Sandboxie will prompt you to “restore” them, which means they will leave the sandbox and remain always available. If you’re sure it’s a safe file, accept this option, but otherwise leave everything in the sandbox.
- Install the app. In the User Account Control prompt, Sandboxie will appear as an app asking for permission to install software, not as the developer you are testing. You should see a box below the prompt detailing which application is requesting permission.
- Run the application as usual. You should see a yellow outline above all the windows in the sandbox.
- When you’re done, right-click on the Sandboxie icon in the taskbar and select DefaultBox> Erase Content.
When you delete sandbox content, anything you downloaded or installed during those sessions should be removed from your computer. Keep in mind that this does not mean that nothing nefarious can happen: if you use a sandboxed browser to send credit card information to a shady seller, there is nothing Sandboxie can do to prevent this. However, it can uninstall anything that was silently installed or undo any changes made to your system. It’s not 100% effective, but should keep you safer than unprotected browsing.