Virus , malawre, spyware... question

hi

if i have downloaded to computer a virus\spyware

but havent opend it , does it harming the pc

if so , does it apply to any malawre in the pc that havent executed??

 

No 1st question and Yes to 2nd

 

i guess some malware can execute by itself.
but if you download a malware inside an archive (zip or rar) i guess you don't have to worry. ^^
unless you take it out :>

 

Malicious file (malware) doesn't execute by itself .

Yes.

 

I think malware can run without user interaction..

for example: a USB malware with autorun.

 

That's not the malware per se at work. Malware executed via an autorun file runs because you've configured your system to do precisely that, generally for convenience on attachment/discovery of a USB device. This is true for any executable specified in the autorun file, be it malware or not.

The autorun.inf file simply automates things you could do with a mouse/keyboard, up to and including execution of a program. It looks like it happens out of thin air simply because, as you note, there is no deliberate user intervention or initiation of the events unless the user has configured the system so that this doesn't occur.

Blue

 

hmm... so there's no meaning for using LUA/SRP/DEP or even an AV?
I could download any malware and just have to make sure not to execute it by myself?

 

No, just don't download malware and you don't have to worry at all

 

Where precisely did this conclusion come from?

Blue

 

my example, indeed is wrong about the autorun forcing malware to execute and misinterpreted your words making me think that I don't have to worry about malwares as long as I don't execute them myself.

I just wanted to tell TeflonShield that even if he/she didnt execute the downloaded malware, there's no way he/she would know if it can or cannot harm the PC. :>

 

Years ago during the XP days, Outlook would automatically execute attachments without user interaction (just opening the email was enough). This was a security disaster, of course, so MS finally decided it wasn't a good idea and changed it.

Another way malware can execute itself is by utilizing an exploit in the browser or some other app. The damage this can cause can be mitigated by running from a LUA or a sandbox.