I heard this new virus takes advantage of the vulnerability in windows os. I wonder how I can test my laptop that runs windows using this idea.

I'd say if you wanna test for something like that to see what it does then do it in a virtual machine with snapshots on a Linux box so you can revert changes.

Test for changes that have been made. Use programs like regshot to take snapshots of the filesystem and registry before running exploits. Then take a snapshot of the filesystem and registry after running exploits and compare the diff. You'll be able to see changes that have been made.

I've also written a helper application for regshot in Python called Registry Key Remover which takes the regshot diff file as input and generates an NSIS script from it. This way you can compile it and undo the changes.

That's how I usually go about testing stuff for a system and determining what programs are safe, etc. This is when it's difficult to view the source code for the proprietary app.

You could also use the GNU/Unix command strings to dump all of the strings in a binary to a text file... There's many more things you could do to reverse engineer a problem like this but I'll leave you with that to ponder.

1 members found this post helpful.

Interesting use of words in this article,

http://news.yahoo.com/s/csm/327178

Things like "Stuxnet's massive code", and "I'd agree with the classification of this as a weapon"

It is my considered opinion that people would have to be stupid to run open-network-connected Windows machines to control a nuclear power plant, but I'll go along with Sag47 above and recommend that Windows be run ONLY if absolutely needed, and then only as a virtual machine.