On Fri, Oct 18, 2019 at 11:54:18AM +0100, cho...@jtan.com wrote:
Virtualisation is not a panacea. I have managed to achieve data loss through destructive actions taken within a "safe" virtualised sandbox.
How did you manage that feat?
If the only thing that can demonstrate what a piece of code does is to run it blindly, rather than to work it out by reading and study, then the code is faulty and should be replaced. I expect the code I use to be in this state before I will even begin to trust its documentation because if the developer doesn't understand what it does how can his explanation be at all enlightening? Executing code in a test environment should only be to *verify* the assumptions and calculations you have *already made*.
In the world of malware analysis, running code blindly (in a virtual machine) in order to figure out what it does (by comparing "before" and "after" snapshots) is standard operating procedure. (standard operating procedure doesn't necessarily make it a good idea, but it is what it is)
