Gaming Can a program infect you BEFORE you open it?

[Aijelsop]

I am downloading a torrent, yes it's a VIP user on a site, should be safe.

The torrent has no comments, but does have 138 seeders, therefore, I thought it might be safe.

They are VIP and have TONS of files.

However, I don't feel completely safe downloading anything anymore. If I scan it before opening, will I be safe? Can the file infect me BEFORE I open it?

 

[twiztidsinz]

No.*
It needs to be run to execute any code, and then it needs administrative access (Default on XP and lower, UAC requires you to hit an accept button) to get deep into your system. And scanning doesn't execute the code, it just reads it and matches heuristics.



*There are automatic execution scripts, but that's usually done through a site that has an exploit that has been compromised and even then the code is still being run.

 

[Originality]

It is possible to get an infection from a torrent before opening the downloaded file. Any decent AV suite with active scanning/protection would stop that possibility though, and most will scan the file as you open it anyway.

It's a good thing to not feel "completely safe" when downloading anything, for you never know when you'll come across a more tenacious virus. As long as you take the necessary precautions (i.e. make sure you're using a good AV suite, preferably not one of the free ones) and don't download too much from questionable websites (e.g. warez), you should be fine.

And to answer that very last question again, a file CAN infect you before opening it. It's unlikely though (as twiz mentioned, it requires use of exploits and most get patched), and most AV suites will catch it.

 

[Aijelsop]

I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

 

[Urza]

I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

https://www.microsoft.com/security_essentials/

 

[doyama]

There are unfortuantely ways that a file can potentially infect your computer even if you don't execute it directly. Though the way those work assumes you don't have a fully patched system. One way was that selecting the file caused Explorer to scan it, which triggered the virus. I also recall that right clicking to get context on the file was also another vector. Though I'm not sure how much in the wild these kinds of exploits are, and they aren't valid if your system is up to date as well.

My suggestion is to do what I do, download stuff to a sandboxed VM. Scan before install, install, then scan again. Doesn't guarantee you won't get infected but does give you some protection. Always keep your AV and system up to date as well to ensure you aren't vulnerable to older shell based exploits.

 

[Berthenk]

I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

https://www.microsoft.com/security_essentials/

Is Security Essentials a good firewall/antivirus? I removed Kaspersky in favor of Security Essentials because apparently Kaspersky intervenes with alterIWnet.

 

[Aijelsop]

QUOTE(Aijelsop @ Mar 20 2011, 12:04 PM) *
I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

https://www.microsoft.com/security_essentials/

No. I don't have Vista or 7.

XP.

QUOTE

My suggestion is to do what I do, download stuff to a sandboxed VM. Scan before install, install, then scan again. Doesn't guarantee you won't get infected but does give you some protection. Always keep your AV and system up to date as well to ensure you aren't vulnerable to older shell based exploits.

I have TinyXP. Maybe I should try downloading files onto that.

 

[Urza]

I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.
[url=https://www.microsoft.com/security_essentials/]https://www.microsoft.com/security_essentials/[/url]

Is Security Essentials a good firewall/antivirus? I removed Kaspersky in favor of Security Essentials because apparently Kaspersky intervenes with alterIWnet.

No firewall, but its great AV.

Posts merged

QUOTEQUOTE

QUOTE(Aijelsop @ Mar 20 2011, 12:04 PM) *
I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

[url=https://www.microsoft.com/security_essentials/]https://www.microsoft.com/security_essentials/[/url]

No. I don't have Vista or 7.

XP.

Its available for XP.

 

[doyama]

I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

https://www.microsoft.com/security_essentials/

Is Security Essentials a good firewall/antivirus? I removed Kaspersky in favor of Security Essentials because apparently Kaspersky intervenes with alterIWnet.

It's as good as any 'consumer' grade AV/firewall, which is to say it's not that great in terms of performance. Consumer level AV stuff are in general resource hogs and are pretty slow. If you can't get your hands on any corporate versions of popular AV software, then MS Essentials is just as good as any other free AV. Just don't expect too much from it.

 

[Aijelsop]

It doesn't say it works on XP.

Well, I think I live Avira. It's better than AVG.

Microsoft products tend to not be very good.

 

[doyama]

QUOTE(Aijelsop @ Mar 20 2011, 12:04 PM) *
I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

https://www.microsoft.com/security_essentials/

No. I don't have Vista or 7.

XP.

QUOTE

My suggestion is to do what I do, download stuff to a sandboxed VM. Scan before install, install, then scan again. Doesn't guarantee you won't get infected but does give you some protection. Always keep your AV and system up to date as well to ensure you aren't vulnerable to older shell based exploits.

I have TinyXP. Maybe I should try downloading files onto that.

You can use the free version of Sun's VirtualBox. Works fine in XP and has some basic snapshot functionality you can use to roll back anything you feel went 'bad'.

 

[Originality]

My KAV license runs out in a couple weeks (3+1 users), but I will be renewing it because I've seen time and time again how effective it is.

If KAV does interfere with one of your programs, just add it to the exception list. I've only had to do it a couple times for games under BETA, but it's not hard to do.

 

[twiztidsinz]

It is possible to get an infection from a torrent before opening the downloaded file. Any decent AV suite with active scanning/protection would stop that possibility though, and most will scan the file as you open it anyway.
[...]
And to answer that very last question again, a file CAN infect you before opening it. It's unlikely though (as twiz mentioned, it requires use of exploits and most get patched), and most AV suites will catch it.A partial file downloaded CANNOT infect your system since code that isn't executed CANNOT infect your system.
Sites that have been compromised will deliver a virus like it's content for the site and then execute it remotely (on your PC). That means it's still being executed.
It has to be run before it can do anything, that's why Antivirus' stop the program from running BEFORE it infects your PC, and that's why virus' in the Quarantine folder are not infecting your system.

QUOTE(Aijelsop @ Mar 20 2011, 12:04 PM) I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.

https://www.microsoft.com/security_essentials/

I personally think MSE is worse than Avira Free...
It's definitely lighter on resources, but it missed a few files I knew were infected (as in ACTUALLY infected and not just false positives).

Also, Eugene Kaspersky is a prick (I wish I still had the article).

 

[Berthenk]

If KAV does interfere with one of your programs, just add it to the exception list. I've only had to do it a couple times for games under BETA, but it's not hard to do.

I added it to the exceptions, but it didn't work, something else did the trick though, so I guess I'll reinstall Kaspersky and see if it screws thing up again.

 

[Urza]

It is possible to get an infection from a torrent before opening the downloaded file. Any decent AV suite with active scanning/protection would stop that possibility though, and most will scan the file as you open it anyway.
[...]
And to answer that very last question again, a file CAN infect you before opening it. It's unlikely though (as twiz mentioned, it requires use of exploits and most get patched), and most AV suites will catch it.

A partial file downloaded CANNOT infect your system since code that isn't executed CANNOT infect your system.
Sites that have been compromised will deliver a virus like it's content for the site and then execute it remotely (on your PC). That means it's still being executed.
It has to be run before it can do anything, that's why Antivirus' stop the program from running BEFORE it infects your PC, and that's why virus' in the Quarantine folder are not infecting your system.

I think you're confused as to what some of these posters are referring to.

"Opening a file" is different from code execution. While the former generally leads to the latter, its a specific action which takes places on a user interaction level, rather than code execution which is a generic term which can refer to many things.

 

[Originality]

A partial file downloaded CANNOT infect your system since code that isn't executed CANNOT infect your system.
Sites that have been compromised will deliver a virus like it's content for the site and then execute it remotely (on your PC). That means it's still being executed.

You can fit a virus in the header of a file. The very first chunk is enough to carry the virus, and depending on how it's delivered, it might be enough to trigger itself. That's not the only way to get a virus from a torrent though - there's also packet spoofing, packet hijacking, IP attacks and a couple morethat vary depending on the target software. That's why I answered twice in two different ways - it's possible to get infected from torrents (whilst the file is incomplete) and from completed files.

Saying it's possible doesn't mean that much though, since in practice it rarely happens. More common is it for a hacker to just target you with more direct methods, rather than indirect and unreliable attempts to use viruses/trojans.

 

[twiztidsinz]

You can fit a virus in the header of a file. The very first chunk is enough to carry the virus, and depending on how it's delivered, it might be enough to trigger itself.Too bad the EXE file wouldn't be valid and therefor wouldn't run.

QUOTE(Originality @ Mar 20 2011, 03:41 PM) That's not the only way to get a virus from a torrent though - there's also packet spoofing, packet hijacking, IP attacks and a couple morethat vary depending on the target software.

Sure... the data would be downloaded as that, but when the Torrent program checks the information it would most likely throw those parts out.
If it DIDN'T throw them out, good luck having it be injected so that it executes normally and doesn't just crash.

 

[Berthenk]

You can fit a virus in the header of a file. The very first chunk is enough to carry the virus, and depending on how it's delivered, it might be enough to trigger itself.

Too bad the EXE file wouldn't be valid and therefor wouldn't run.

Who says you'd need a .exe?

 

[twiztidsinz]

You can fit a virus in the header of a file. The very first chunk is enough to carry the virus, and depending on how it's delivered, it might be enough to trigger itself.

Too bad the EXE file wouldn't be valid and therefor wouldn't run.

Who says you'd need a .exe?

Because it's the most common way of sending virus'?
If you mean other executable files, then replace ".exe" with ".whatever".

I suppose you could try to get them into a video or a picture, but I think those rely more on player/viewer exploits than actual execution of code.