To simulate a real-world situation, they used test systems running slightly-outdated Windows XP SP3, Internet Explorer 7, and Adobe Acrobat Reader 8. Other system elements such as Flash and Java were also left somewhat unpatched. Each product was installed on a separate physical test system and rolled back to a default clean state before each test. A "control" system was left unprotected to aid in analysis. For each threat, the researchers directed all of the systems to the same URL at the same time and observed their behavior.