Can Malware infect your pc without Executing??

like the title says Can Malware infect your pc without Executing and running??
because how can it infect if it can't run in the first place?

anyway my point is if it can't infect without running why do we need to learn HIPS with so many advanced rules?

all we would really need is something like Anti-Executable.

 

exactly,no instalation=no infection

 

it is good to learn some rules and play with hips,plus is fun to get to know how hips can protect your pc even without the help of any antivirus or antispyware.

 

Classical HIPS are nice tools and can do more like stopping malwares in action, etc. I vote for HIPS. It's the best friend of your firewall and antivirus, the missing link

 

And what about right clicking on a infected file and opening lets say properties? Can u be infected this way?

 

Without execution, No.

But malware can fool the system, into thinking its executing a different app and then piggy bank on it to get executed. Plus there are always OS vulnerabilities which may allow code execution by intruder/malware.

 

Do kids, relatives and friends count as malware?

 

there was some .zip archives which do not need execution to do some damage, very small archive when AV tries to scan/unpack it generate few TB of useless code on disk, I think malware name is "archbomb" or similar... such scan can crash AV and OS, it can be categorized as DOS attack.

 

I suppose it's a bit of a complicated question.

While the answer seems obvious:

What about a script (is that malware or not, not always that black and white) that installs malware without actually (=immediately) executing it ? That seems 'infecting'. Malware on your computer, even when it's just dormant, is an infection by my standards. Or you could download software that has malware in it, but remains dormant till ...

 

Yes but you can always execute relatives...

 

Was it called a decompression bomb? I think I read something about that a long time ago.

 

It can be (name suggest that), simple per file scan time limitation can disable DOS scenario...

 

Zip bomb / zip of death

http://en.wikipedia.org/wiki/Zip_of_death

 

That kind of malware are known as archive bombs.

All the below in a 42kb zip.

 

yes, that is it

 

thats interesting, if we were to download something and it ended up being the zip bomb, what security products can protect us from this zip bomb?

 

sandboxie

 

You mean manual unpack? I guess one's brain should be enough to protect you from endlessly unpacking such stuff. You can set yourself a restrictive disk quota if your users do not meet the above condition.

Other than that, any decent AV can limit the recursion depth for nested archives.

 

Wrong. Files decompressed inside the sandbox take up just as much space as they would if decompressed outside.

 

it doesnt matter it is still sandbox and can be eliminated as soon you close the sandbox(delete the content)still not do any harm.

 

Why would you need a sandbox to delete it?

You can delete it with or without the sandbox, which offers no extra defense.

 

probably you dont get it,there are malware that can not be remove that easy.remenber some are undeted by antivirus thats when sandboxie comes to the rescue.

 

Hot topic now is decompression bomb, not malware

 

maybe,but look at the title what it says any way

 

Probably YOU don't get it.

arran asked in post #16 which security products can defend against decompression bombs. In post #17, you quoted arran's post and replied "sandboxie" along with a icon.

The question asked was specifically regarding decompression bombs, NOT other malware. You provided an erroneous answer; Sandboxie offers no extra defense whatsoever against decompression bombs.