AntiVirus - some fundamental questions

User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

AntiVirus - some fundamental questions

Post by ErikJan »

I have some more basic and fundamental questions about antivirus tools and how they work (not super technical BTW). So I posted on McAfee's own forum. My questions are generic and not related to their product, but I use their tool so I thought posting there was logical.
There was an answer to my first question (I want to slowly build towards the points I wanted clarified, so there's a series of assumptions I'm seeking feedback on), however already at my second question all has remained without response, almost as if no one is watching (or no one knows?).
Anyway, as this is my favorite forum anyway I was wondering if there mighty be some expertise here and/or if someone could point me to a location where I can try again (with a higher chance of success...).

User avatar
PaulB
BronzeLounger
Posts: 1598
Joined: 26 Jan 2010, 20:28
Location: Ottawa ON

Re: AntiVirus - some fundamental questions

Post by PaulB »

I am sure there are many Loungers here with expertise in AV ranging from basic to expert. Try your questions here. The worse that can happen is that you will be redirected to a more appropriate site. Other Loungers here may also benefit from the thread.
Regards,
Paul

The pessimist complains about the wind. The optimist expects it to change. The realist adjusts his sails.

User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

OK, here we go (I didn't say this would be difficult and I think I know most of the answers but I'm seeking confirmation as well).

First question... In general when working on a computer and not browsing the Internet, if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?

(and if yes, how?)

User avatar
StuartR
Administrator
Posts: 12598
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: AntiVirus - some fundamental questions

Post by StuartR »

You can get infected by a worm if you have a network connection. This could come from another device on your network, or less likely through your router's firewall.
StuartR


User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

OK, let's assume the network itself doesn't add anything here... can I get infected if I browse my home network and PC?

User avatar
StuartR
Administrator
Posts: 12598
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: AntiVirus - some fundamental questions

Post by StuartR »

Yes you can. Because things can lay dormant on your home network waiting for an opportunity to step on to a new computer
StuartR


User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

If my computer has an active antivirus program and all is OK, then if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?

User avatar
StuartR
Administrator
Posts: 12598
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: AntiVirus - some fundamental questions

Post by StuartR »

It is ALWAYS possible, a determined attacker can attack your router and get through it to your computer. This would require zero day vulnerable that can't be detected by your antivirus software. You are probably safe enough unless a government agency or similar is after you.
StuartR


User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

Thanks Stuart. I'm fishing for something but realize my formulation of the issue is key here (and I've not been doing well, sorry).

Trying to narrow down on my point: "If my computer has an active antivirus program, all is OK and no outside influences occur, then if I only browse my harddrive / NAS / external devices and do not execute anything infected itself, can I get 'infected' by a virus or malware?"

My point being: will just browsing files be able to trigger a virus or malware?

User avatar
StuartR
Administrator
Posts: 12598
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: AntiVirus - some fundamental questions

Post by StuartR »

What do you mean by browse? Opening a pdf file or jpg file can be sufficient to infect you.

Security experts sometimes need to protect the top level certificates that are used to authenticate other certificates. They shut down the computer, and store it in a safe. Anything less than this involves some risk.
StuartR


User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

Browsing is not opening... it is using Windows Explorer to scan files and folders. Maybe looking for a file.

OK, my argument is that if the system is not yet infected already and if all I'm doing is browsing files and folders on my Harddisk or maybe on my NAS, these actions cannot trigger malware or a virus. And if anyone does not agree, I'd really like to understand how browsing could do that.

(again, I will build on this as we continue)

User avatar
Leif
Administrator
Posts: 7206
Joined: 15 Jan 2010, 22:52
Location: Middle of England

Re: AntiVirus - some fundamental questions

Post by Leif »

ErikJan wrote:
22 Mar 2023, 10:36
Browsing is not opening... it is using Windows Explorer to scan files and folders. Maybe looking for a file.
I think you need to differentiate between use Windows Explorer to 'browse' folders, where you are simply displaying a list of files, and using a Web 'browser' where you are, by definition, opening files.
Leif

User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

Right... that's why I clarified: browsing for files and folder on a local HD or NAS (or any attached local device)

User avatar
StuartR
Administrator
Posts: 12598
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: AntiVirus - some fundamental questions

Post by StuartR »

It is still possible to be infected. But not very likely. The Stuxnet virus managed to get industrial systems that only ran one known safe program and had no network connection.
StuartR


User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

Sorry... don't get that... The system is as it is. I look at a folder, can I get infected BECAUSE I do that? I don't believe so... For a virus to launch it needs to be in memory and to get there something should 'bring' it there and that must be something that executes. If I browse I don't trigger that

User avatar
Jay Freedman
Microsoft MVP
Posts: 1316
Joined: 24 May 2013, 15:33
Location: Warminster, PA

Re: AntiVirus - some fundamental questions

Post by Jay Freedman »

Two points...

First, if all you do is browse your local storage, then what's the point of having a computer? At some point you're going to open some file, and that's when you need AV protection.

Second, even when you're just browsing -- or even when the computer is "idle" -- the operating system opens and closes lots of files, such as log files and event files. Get a process monitor like Sysinternals ProcMon and watch what goes on when "nothing is going on".

User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

With respect but I indicated I'm building something here. Of course I know how a PC works (I've been doing that for a long time). I'll get to the 'open a file' part, just allow me to get to that point. And yes, I also use ProcMon (for years), I'm not a beginner who wants to know how antivirus works but an active computer user which -as you can see- has been active in this forum since 2010.
When I opened this thread I indicated clearly that I'd present "a series of assumptions I'm seeking feedback on". There's no tricks here, all I seek is confirmation on -I believe- some simple questions. There's no need to 'think extreme cases', like "what if I browse and someone else puts an infected USB drive in my system without me seeing that". Let's not make this more complex that it is please.
If that's not possible, I'll try to get my simple answers somewhere else.

User avatar
Rebel
4StarLounger
Posts: 564
Joined: 24 Jan 2010, 16:02
Location: Recently moved to Bracebridge - in the heart of Muskoka.

Re: AntiVirus - some fundamental questions

Post by Rebel »

Would this discussion or this site be helpful?
John :canada:
A Child's Mind, Once Stretched by Imagination...
Never Regains Its Original Dimensions

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15563
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: AntiVirus - some fundamental questions

Post by ChrisGreaves »

Rebel wrote:
22 Mar 2023, 19:12
Would this discussion or this site be helpful?
They were BOTH of great interest to me. Good reading, too.
Thanks Rebel :thankyou:
Cheers, Chris
There's nothing heavier than an empty water bottle

User avatar
ErikJan
BronzeLounger
Posts: 1222
Joined: 03 Feb 2010, 19:59
Location: Terneuzen, the Netherlands

Re: AntiVirus - some fundamental questions

Post by ErikJan »

Rebel wrote:
22 Mar 2023, 19:12
Would this discussion or this site be helpful?
Interesting, but most indicate that always something has to run or execute to get infected. The preview example is such an example, but that is almost the same as opening the file in Word (as in order to preview, that is done in the background).

I was waiting for the answer that unless something is already present (and I indicated the system was clean), or something is executed somehow (I also indicated there was no browsing on the Internet), in normal / most / all cases nothing can happen. Can we agree that this is generally true then?

And if yes, I'd argue that e.g. opening a harmless file (if it would indeed be harmless; which would include that it wouldn't open something else), also would not trigger anything harmful. Still generally OK here?

(there's more to come, but first seeking confirmation - OK, for 99.999% of the cases if you will??)