Can Malware infect your pc without Executing??

Discussion in 'other anti-malware software' started by arran, Oct 10, 2008.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    like the title says Can Malware infect your pc without Executing and running??
    because how can it infect if it can't run in the first place?

    anyway my point is if it can't infect without running why do we need to learn HIPS with so many advanced rules?

    all we would really need is something like Anti-Executable.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    exactly,no instalation=no infection:)
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it is good to learn some rules and play with hips,plus is fun to get to know how hips can protect your pc even without the help of any antivirus or antispyware.
     
  4. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    Classical HIPS are nice tools and can do more like stopping malwares in action, etc. I vote for HIPS. It's the best friend of your firewall and antivirus, the missing link ;)
     
    Last edited: Oct 11, 2008
  5. rolarocka

    rolarocka Guest

    And what about right clicking on a infected file and opening lets say properties? Can u be infected this way?
     
  6. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Without execution, No.

    But malware can fool the system, into thinking its executing a different app and then piggy bank on it to get executed. Plus there are always OS vulnerabilities which may allow code execution by intruder/malware.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Do kids, relatives and friends count as malware? ;)
     
  8. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    there was some .zip archives which do not need execution to do some damage, very small archive when AV tries to scan/unpack it generate few TB of useless code on disk, I think malware name is "archbomb" or similar... such scan can crash AV and OS, it can be categorized as DOS attack.
     
    Last edited: Oct 11, 2008
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I suppose it's a bit of a complicated question.

    While the answer seems obvious:

    What about a script (is that malware or not, not always that black and white) that installs malware without actually (=immediately) executing it ? That seems 'infecting'. Malware on your computer, even when it's just dormant, is an infection by my standards. Or you could download software that has malware in it, but remains dormant till ...
     
  10. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Yes but you can always execute relatives...:D
     
  11. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Was it called a decompression bomb? I think I read something about that a long time ago.
     
  12. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    It can be (name suggest that), simple per file scan time limitation can disable DOS scenario...
     
    Last edited: Oct 11, 2008
  13. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
  14. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    That kind of malware are known as archive bombs.

    All the below in a 42kb zip.
     
    Last edited: Oct 11, 2008
  15. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    yes, that is it :)
     
  16. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    thats interesting, if we were to download something and it ended up being the zip bomb, what security products can protect us from this zip bomb?
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    sandboxie:thumb:
     
  18. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    You mean manual unpack? I guess one's brain should be enough to protect you from endlessly unpacking such stuff. You can set yourself a restrictive disk quota if your users do not meet the above condition. :D

    Other than that, any decent AV can limit the recursion depth for nested archives.
     
  19. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Wrong. Files decompressed inside the sandbox take up just as much space as they would if decompressed outside.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it doesnt matter it is still sandbox and can be eliminated as soon you close the sandbox(delete the content)still not do any harm.
     
  21. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Why would you need a sandbox to delete it?

    You can delete it with or without the sandbox, which offers no extra defense.
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    probably you dont get it,there are malware that can not be remove that easy.remenber some are undeted by antivirus thats when sandboxie comes to the rescue.
     
  23. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Hot topic now is decompression bomb, not malware :)
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    maybe,but look at the title what it says any way:D
     
  25. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Probably YOU don't get it.

    arran asked in post #16 which security products can defend against decompression bombs. In post #17, you quoted arran's post and replied "sandboxie" along with a :thumb: icon.

    The question asked was specifically regarding decompression bombs, NOT other malware. You provided an erroneous answer; Sandboxie offers no extra defense whatsoever against decompression bombs.
     
Loading...
Thread Status:
Not open for further replies.