AntiVirus - some fundamental questions
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
AntiVirus - some fundamental questions
I have some more basic and fundamental questions about antivirus tools and how they work (not super technical BTW). So I posted on McAfee's own forum. My questions are generic and not related to their product, but I use their tool so I thought posting there was logical.
There was an answer to my first question (I want to slowly build towards the points I wanted clarified, so there's a series of assumptions I'm seeking feedback on), however already at my second question all has remained without response, almost as if no one is watching (or no one knows?).
Anyway, as this is my favorite forum anyway I was wondering if there mighty be some expertise here and/or if someone could point me to a location where I can try again (with a higher chance of success...).
There was an answer to my first question (I want to slowly build towards the points I wanted clarified, so there's a series of assumptions I'm seeking feedback on), however already at my second question all has remained without response, almost as if no one is watching (or no one knows?).
Anyway, as this is my favorite forum anyway I was wondering if there mighty be some expertise here and/or if someone could point me to a location where I can try again (with a higher chance of success...).
-
- SilverLounger
- Posts: 1612
- Joined: 26 Jan 2010, 20:28
- Location: Ottawa ON
Re: AntiVirus - some fundamental questions
I am sure there are many Loungers here with expertise in AV ranging from basic to expert. Try your questions here. The worse that can happen is that you will be redirected to a more appropriate site. Other Loungers here may also benefit from the thread.
Regards,
Paul
The pessimist complains about the wind. The optimist expects it to change. The realist adjusts his sails.
Paul
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
OK, here we go (I didn't say this would be difficult and I think I know most of the answers but I'm seeking confirmation as well).
First question... In general when working on a computer and not browsing the Internet, if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?
(and if yes, how?)
First question... In general when working on a computer and not browsing the Internet, if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?
(and if yes, how?)
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: AntiVirus - some fundamental questions
You can get infected by a worm if you have a network connection. This could come from another device on your network, or less likely through your router's firewall.
StuartR
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
OK, let's assume the network itself doesn't add anything here... can I get infected if I browse my home network and PC?
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: AntiVirus - some fundamental questions
Yes you can. Because things can lay dormant on your home network waiting for an opportunity to step on to a new computer
StuartR
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
If my computer has an active antivirus program and all is OK, then if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: AntiVirus - some fundamental questions
It is ALWAYS possible, a determined attacker can attack your router and get through it to your computer. This would require zero day vulnerable that can't be detected by your antivirus software. You are probably safe enough unless a government agency or similar is after you.
StuartR
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
Thanks Stuart. I'm fishing for something but realize my formulation of the issue is key here (and I've not been doing well, sorry).
Trying to narrow down on my point: "If my computer has an active antivirus program, all is OK and no outside influences occur, then if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?"
My point being: will just browsing files be able to trigger a virus or malware?
Trying to narrow down on my point: "If my computer has an active antivirus program, all is OK and no outside influences occur, then if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?"
My point being: will just browsing files be able to trigger a virus or malware?
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: AntiVirus - some fundamental questions
What do you mean by browse? Opening a pdf file or jpg file can be sufficient to infect you.
Security experts sometimes need to protect the top level certificates that are used to authenticate other certificates. They shut down the computer, and store it in a safe. Anything less than this involves some risk.
Security experts sometimes need to protect the top level certificates that are used to authenticate other certificates. They shut down the computer, and store it in a safe. Anything less than this involves some risk.
StuartR
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
Browsing is not opening... it is using Windows Explorer to scan files and folders. Maybe looking for a file.
OK, my argument is that if the system is not yet infected already and if all I'm doing is browsing files and folders on my Harddisk or maybe on my NAS, these actions cannot trigger malware or a virus. And if anyone does not agree, I'd really like to understand how browsing could do that.
(again, I will build on this as we continue)
OK, my argument is that if the system is not yet infected already and if all I'm doing is browsing files and folders on my Harddisk or maybe on my NAS, these actions cannot trigger malware or a virus. And if anyone does not agree, I'd really like to understand how browsing could do that.
(again, I will build on this as we continue)
-
- Administrator
- Posts: 7262
- Joined: 15 Jan 2010, 22:52
- Location: Middle of England
Re: AntiVirus - some fundamental questions
I think you need to differentiate between use Windows Explorer to 'browse' folders, where you are simply displaying a list of files, and using a Web 'browser' where you are, by definition, opening files.
Leif
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
Right... that's why I clarified: browsing for files and folder on a local HD or NAS (or any attached local device)
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: AntiVirus - some fundamental questions
It is still possible to be infected. But not very likely. The Stuxnet virus managed to get industrial systems that only ran one known safe program and had no network connection.
StuartR
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
Sorry... don't get that... The system is as it is. I look at a folder, can I get infected BECAUSE I do that? I don't believe so... For a virus to launch it needs to be in memory and to get there something should 'bring' it there and that must be something that executes. If I browse I don't trigger that
-
- Microsoft MVP
- Posts: 1324
- Joined: 24 May 2013, 15:33
- Location: Warminster, PA
Re: AntiVirus - some fundamental questions
Two points...
First, if all you do is browse your local storage, then what's the point of having a computer? At some point you're going to open some file, and that's when you need AV protection.
Second, even when you're just browsing -- or even when the computer is "idle" -- the operating system opens and closes lots of files, such as log files and event files. Get a process monitor like Sysinternals ProcMon and watch what goes on when "nothing is going on".
First, if all you do is browse your local storage, then what's the point of having a computer? At some point you're going to open some file, and that's when you need AV protection.
Second, even when you're just browsing -- or even when the computer is "idle" -- the operating system opens and closes lots of files, such as log files and event files. Get a process monitor like Sysinternals ProcMon and watch what goes on when "nothing is going on".
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
With respect but I indicated I'm building something here. Of course I know how a PC works (I've been doing that for a long time). I'll get to the 'open a file' part, just allow me to get to that point. And yes, I also use ProcMon (for years), I'm not a beginner who wants to know how antivirus works but an active computer user which -as you can see- has been active in this forum since 2010.
When I opened this thread I indicated clearly that I'd present "a series of assumptions I'm seeking feedback on". There's no tricks here, all I seek is confirmation on -I believe- some simple questions. There's no need to 'think extreme cases', like "what if I browse and someone else puts an infected USB drive in my system without me seeing that". Let's not make this more complex that it is please.
If that's not possible, I'll try to get my simple answers somewhere else.
When I opened this thread I indicated clearly that I'd present "a series of assumptions I'm seeking feedback on". There's no tricks here, all I seek is confirmation on -I believe- some simple questions. There's no need to 'think extreme cases', like "what if I browse and someone else puts an infected USB drive in my system without me seeing that". Let's not make this more complex that it is please.
If that's not possible, I'll try to get my simple answers somewhere else.
-
- 4StarLounger
- Posts: 578
- Joined: 24 Jan 2010, 16:02
- Location: Recently moved to Bracebridge - in the heart of Muskoka.
Re: AntiVirus - some fundamental questions
Would this discussion or this site be helpful?
John
A Child's Mind, Once Stretched by Imagination...
Never Regains Its Original Dimensions
A Child's Mind, Once Stretched by Imagination...
Never Regains Its Original Dimensions
-
- PlutoniumLounger
- Posts: 16070
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: AntiVirus - some fundamental questions
They were BOTH of great interest to me. Good reading, too.
Thanks Rebel
Cheers, Chris
The most expensive thing a man can own is ignorance.
-
- BronzeLounger
- Posts: 1306
- Joined: 03 Feb 2010, 19:59
- Location: Terneuzen, the Netherlands
Re: AntiVirus - some fundamental questions
Interesting, but most indicate that always something has to run or execute to get infected. The preview example is such an example, but that is almost the same as opening the file in Word (as in order to preview, that is done in the background).
I was waiting for the answer that unless something is already present (and I indicated the system was clean), or something is executed somehow (I also indicated there was no browsing on the Internet), in normal / most / all cases nothing can happen. Can we agree that this is generally true then?
And if yes, I'd argue that e.g. opening a harmless file (if it would indeed be harmless; which would include that it wouldn't open something else), also would not trigger anything harmful. Still generally OK here?
(there's more to come, but first seeking confirmation - OK, for 99.999% of the cases if you will??)