Hi,
I am new to this.
I have a question about disclosure reports.
I get a message when I try to look up disclosure reports that link to test URLs on websites.
After clicking the link, it opens up a new tab window with an “external link warning” that advises me to use a separate browser or virtual machine before continuing.
What does that mean?
Does this mean I need to get Linux installed?
That message is just a general warning and should be the moment where you should think about “what will happen next” and that highly depends on the report that you read. Let me give you a few examples:
A report about crashing Internet Explorer 11 by visiting a specially crafted html page
Be prepared that if you open the test URL in IE 11 the IE will crash and close unexpectedly.
So if your day to day browser is e.g. Firefox and you use IE just to open that single website you can simply try that out. If you use IE as your main browser (hopefully not) it would be better to e.g. create a new windows user and try this out in a separate user account to prevent your browser profile from getting corrupted.
Side-note: In this case you can’t even try it under linux because IE is windows only.
A report about an XSS in Firefox below version 50
A normal XSS demonstration will only show something like an alert and therefore there is nothing to worry about and you can simply try it out with your main browser as long as you are using a version smaller than Firefox 50. If you already have a newer version of Firefox your main problem will be: how do I get that older version running on my computer… maybe you can use a portable version or you spin up a virtual machine where you install that specific version.
A report about a system crash for Chrome up to version 15
A crashing system could lead to all kind of problems like corrupting open files, loosing unsaved data etc. so the easiest thing to try this out is a virtual machine or a dedicated (old) lab computer where you don’t run any important stuff and can mess around freely without risking the loss of important data.
Final conclusion
You can get away without a virtual machine and don’t need linux but i would highly recommend to try out virtualisation software like Virtual Box because they make your life so much easier. You can for example create a snapshots of your virtual machine… so before you install a crazy old version of some software to try something out, you simply save the state of that virtual machine, start to fiddle around with that old software and as soon as you’ve finished your research, you can simply restore that saved snapshot. After that your virtual computer is in a clean state again, ready for next tests.
Wow thank you for this information.
I was thinking I would be subject to malware or viruses but data being corrupted doesn’t sound too bad.
I guess if you can just use a browser on a new windows account (I use windows 
), then that isn’t too bad a route to take as well.
I like the virtual machine idea, but I’m so new to hacking and such that I only know vaguely how to install ubuntu.
Thank you though. Now I have a better idea to expect going into this.
All in all its a really simple and straightforward process to get ubuntu running in a virtual machine. Take a look at this Tutorial for an idea about the process and feel free to open a new topic in the Starter Zone if you run into problems. Just keep in mind… its only a virtual pc with no important things in it… so if you screw up at some point you can just delete that Virtual PC and start over again 
thats the beauty of virtualisation 
That is amazing! This is what I had in mind but, didn’t know what I would be asking!
Yes! To use a virtual machine that takes the brunt force of unknown links and be able to still operate a computer as normal if things go south!
Thank you kannix. I am going to check out the tutorial now. 