I'm getting into analyzing Malware and am wondering what the standard is on setting up a malware lab for both behavioral and static analysis. 

Assuming I am analyzing malware targeted at Windows machines, I realize that behavioral analysis will be on a windows machine as well - running in a VM or secure environment.

What I wonder more about is static analysis.  In the past, I've been using linux distributions, as there is no worry about infections.  However, I'm starting to want to use tools more often that can only be found in Windows. 

Is it standard practice to set up a fully patched Windows box for static analysis of malware?  Would I simply tell an antivirus scanner to ignore my samples directory (otherwise it will definitely go crazy) and be sure not to execute any pieces in attempts they still work on the patched machine?  I suppose for extra caution it could be re-imaged after each analysis just in case, but that makes it more difficult to keep an updated repository of malware on the system, OS patches, etc.

I'm just curious to see what other people do or what is standard in the professional world.  As I said earlier, I've been using linux but am thinking about setting up a Windows box instead - it seems nearly every tool or script will run on Windows but only some on linux...

Just remember, some malware will detect that it is in a VM environment and will not operate to avoid these malware labs, and some can even break out of the VM environment and attack the host system

~TheXero