If a human virus researcher decided to test a new virus they’ve created by just releasing it to the world and seeing what happens, then that’s the start of a horror movie. Needless to say, this is something they try to avoid.
As Cyber Security researchers, we should try the same. Releasing a virus into the wild just to see what happens is an extreme example, but still, it’s something to avoid. Malware is often run in a sandbox to prevent this, but malware authors often do their best to avoid the sandbox. It’s a never ending game, the malware researchers make a move to study the malware and the authors make a move to avoid the study.
It’s tempting to skip the sandbox to study malware. If malware attempts to hide from the sandbox, take the sandbox away. This isn’t quite the same as releasing a computer virus, but it is still affecting the Internet. Malware is malicious for a reason, it wants to spread, control computers, steal, and in general, cause trouble.
If we don’t contain the software, then we become part of the problem while we’re trying to solve it. But if we contain the software, the software knows this and acts accordingly. It’s a Catch-22 situation and one we have to navigate carefully in research.
DTRAP supports the use of containment in research, as we don’t want our research to affect the Internet while we study Digital Threats.