Can a program infect you BEFORE you open it?

Discussion in 'Computer Games and General Discussion' started by Aijelsop, Mar 20, 2011.

Mar 20, 2011
  1. Aijelsop
    OP

    Newcomer Aijelsop Question Asker

    Joined:
    Sep 11, 2010
    Messages:
    1,000
    Country:
    United States
    I am downloading a torrent, yes it's a VIP user on a site, should be safe.

    The torrent has no comments, but does have 138 seeders, therefore, I thought it might be safe.

    They are VIP and have TONS of files.

    However, I don't feel completely safe downloading anything anymore. If I scan it before opening, will I be safe? Can the file infect me BEFORE I open it?
     


  2. twiztidsinz

    Member twiztidsinz Taiju Yamada Fan

    Joined:
    Dec 23, 2008
    Messages:
    4,981
    Country:
    United States
    No.*
    It needs to be run to execute any code, and then it needs administrative access (Default on XP and lower, UAC requires you to hit an accept button) to get deep into your system. And scanning doesn't execute the code, it just reads it and matches heuristics.



    *There are automatic execution scripts, but that's usually done through a site that has an exploit that has been compromised and even then the code is still being run.
     
  3. Originality

    Member Originality Chibi-neko

    Joined:
    Apr 21, 2008
    Messages:
    5,156
    Location:
    London, UK
    Country:
    United Kingdom
    It is possible to get an infection from a torrent before opening the downloaded file. Any decent AV suite with active scanning/protection would stop that possibility though, and most will scan the file as you open it anyway.

    It's a good thing to not feel "completely safe" when downloading anything, for you never know when you'll come across a more tenacious virus. As long as you take the necessary precautions (i.e. make sure you're using a good AV suite, preferably not one of the free ones) and don't download too much from questionable websites (e.g. warez), you should be fine.

    And to answer that very last question again, a file CAN infect you before opening it. It's unlikely though (as twiz mentioned, it requires use of exploits and most get patched), and most AV suites will catch it.
     
  4. Aijelsop
    OP

    Newcomer Aijelsop Question Asker

    Joined:
    Sep 11, 2010
    Messages:
    1,000
    Country:
    United States
    I only have Avira free. I seriously can't afford to buy a good one.

    Lol, I could torrent it, but nah... Not safe.
     
  5. Urza

    Member Urza hi

    Joined:
    Jul 18, 2007
    Messages:
    6,493
    Country:
    United States
  6. doyama

    Member doyama GBAtemp Maniac

    Joined:
    Nov 30, 2006
    Messages:
    1,288
    Country:
    United States
    There are unfortuantely ways that a file can potentially infect your computer even if you don't execute it directly. Though the way those work assumes you don't have a fully patched system. One way was that selecting the file caused Explorer to scan it, which triggered the virus. I also recall that right clicking to get context on the file was also another vector. Though I'm not sure how much in the wild these kinds of exploits are, and they aren't valid if your system is up to date as well.

    My suggestion is to do what I do, download stuff to a sandboxed VM. Scan before install, install, then scan again. Doesn't guarantee you won't get infected but does give you some protection. Always keep your AV and system up to date as well to ensure you aren't vulnerable to older shell based exploits.
     
  7. Berthenk

    Member Berthenk Epitome of Awesomeness

    Joined:
    May 16, 2008
    Messages:
    1,314
    Country:
    Netherlands
    Is Security Essentials a good firewall/antivirus? I removed Kaspersky in favor of Security Essentials because apparently Kaspersky intervenes with alterIWnet.
     
  8. Aijelsop
    OP

    Newcomer Aijelsop Question Asker

    Joined:
    Sep 11, 2010
    Messages:
    1,000
    Country:
    United States
    I have TinyXP. Maybe I should try downloading files onto that.
     
  9. Urza

    Member Urza hi

    Joined:
    Jul 18, 2007
    Messages:
    6,493
    Country:
    United States
    Its available for XP.
     
  10. doyama

    Member doyama GBAtemp Maniac

    Joined:
    Nov 30, 2006
    Messages:
    1,288
    Country:
    United States
    It's as good as any 'consumer' grade AV/firewall, which is to say it's not that great in terms of performance. Consumer level AV stuff are in general resource hogs and are pretty slow. If you can't get your hands on any corporate versions of popular AV software, then MS Essentials is just as good as any other free AV. Just don't expect too much from it.
     
  11. Aijelsop
    OP

    Newcomer Aijelsop Question Asker

    Joined:
    Sep 11, 2010
    Messages:
    1,000
    Country:
    United States
    It doesn't say it works on XP.

    Well, I think I live Avira. It's better than AVG.

    Microsoft products tend to not be very good.
     
  12. doyama

    Member doyama GBAtemp Maniac

    Joined:
    Nov 30, 2006
    Messages:
    1,288
    Country:
    United States
    You can use the free version of Sun's VirtualBox. Works fine in XP and has some basic snapshot functionality you can use to roll back anything you feel went 'bad'.
     
  13. Originality

    Member Originality Chibi-neko

    Joined:
    Apr 21, 2008
    Messages:
    5,156
    Location:
    London, UK
    Country:
    United Kingdom
    My KAV license runs out in a couple weeks (3+1 users), but I will be renewing it because I've seen time and time again how effective it is.

    If KAV does interfere with one of your programs, just add it to the exception list. I've only had to do it a couple times for games under BETA, but it's not hard to do.
     
  14. twiztidsinz

    Member twiztidsinz Taiju Yamada Fan

    Joined:
    Dec 23, 2008
    Messages:
    4,981
    Country:
    United States
    I personally think MSE is worse than Avira Free...
    It's definitely lighter on resources, but it missed a few files I knew were infected (as in ACTUALLY infected and not just false positives).

    Also, Eugene Kaspersky is a prick (I wish I still had the article).
     
  15. Berthenk

    Member Berthenk Epitome of Awesomeness

    Joined:
    May 16, 2008
    Messages:
    1,314
    Country:
    Netherlands
    I added it to the exceptions, but it didn't work, something else did the trick though, so I guess I'll reinstall Kaspersky and see if it screws thing up again.
     
  16. Urza

    Member Urza hi

    Joined:
    Jul 18, 2007
    Messages:
    6,493
    Country:
    United States
    I think you're confused as to what some of these posters are referring to.

    "Opening a file" is different from code execution. While the former generally leads to the latter, its a specific action which takes places on a user interaction level, rather than code execution which is a generic term which can refer to many things.
     
  17. Originality

    Member Originality Chibi-neko

    Joined:
    Apr 21, 2008
    Messages:
    5,156
    Location:
    London, UK
    Country:
    United Kingdom
    You can fit a virus in the header of a file. The very first chunk is enough to carry the virus, and depending on how it's delivered, it might be enough to trigger itself. That's not the only way to get a virus from a torrent though - there's also packet spoofing, packet hijacking, IP attacks and a couple morethat vary depending on the target software. That's why I answered twice in two different ways - it's possible to get infected from torrents (whilst the file is incomplete) and from completed files.

    Saying it's possible doesn't mean that much though, since in practice it rarely happens. More common is it for a hacker to just target you with more direct methods, rather than indirect and unreliable attempts to use viruses/trojans.
     
  18. twiztidsinz

    Member twiztidsinz Taiju Yamada Fan

    Joined:
    Dec 23, 2008
    Messages:
    4,981
    Country:
    United States
    Sure... the data would be downloaded as that, but when the Torrent program checks the information it would most likely throw those parts out.
    If it DIDN'T throw them out, good luck having it be injected so that it executes normally and doesn't just crash.
     
  19. Berthenk

    Member Berthenk Epitome of Awesomeness

    Joined:
    May 16, 2008
    Messages:
    1,314
    Country:
    Netherlands
    Who says you'd need a .exe?
     
  20. twiztidsinz

    Member twiztidsinz Taiju Yamada Fan

    Joined:
    Dec 23, 2008
    Messages:
    4,981
    Country:
    United States
    Because it's the most common way of sending virus'?
    If you mean other executable files, then replace ".exe" with ".whatever".

    I suppose you could try to get them into a video or a picture, but I think those rely more on player/viewer exploits than actual execution of code.
     

Share This Page