OPEN FILES ON THE NET OR SAVE IT ON HD

[88crawler88]

hello. Simple e maybe stupid question..if I have to open a file that could possibly be malicious, what's best thing to do , save it to HD let antivir to scan it or I can open it on net without run into problem, as well as if I had opened it by my hard disk? I ask this to avoid run into password-steel trojan and so on .

[Levels]

As far as i know when you click download then open it saves the file to your temperary internet folder first then opens it. If it has a virus the virus will infect your computer.

If you save the file to your computer and it has a virus, the virus wont infect you until the file is opened (dunno it might do) but then you can scan it.

Always scan with an anti-virus before opening if you dont trust it. Alot of anti-virus will let you scan it before you download it.

Hope i helped

[88crawler88]

I was just thinkin' this , and you confirmed my idea , thanks for posting, bye

[TheMindRapist]

Lol, trying to get free pr0n?

[Paddington_Bear]

I would have to say the safest thing to do would be not to mess with anything you don't trust. After that if you still have to use a a file from an untrusted source, I've heard that using a VM (virtual machine) will help minimize the risk. Never tried it myself though.

[-The-Pr0xz-]

I like VirtualBox ( www.virtualbox.org )...
However if the file is a virus and messes with your virtual box your booting OS won't be touched.

VirtualBox saves all virtual drives on your harddisk so they should be easy to backup.



Hope this is helpfull in some way

[Aquina]

Sorry guys these are all nice explainations, but I feel like they're not absolutely correct...

Unless you're not using a proxy or other technology to effectively filter data, EVERYTHING you click on (open) from any website or whatever (including: location, protocol, datatype, etc.) is at least (if "displayed" in some way) loaded into your RAM. It's actually not even neccessary to physically store the data on any permanent media (HDD or such).

Todays malvare scanner (especially those "worm-virus-trojan-scanner" combinations you find everywhere) come with real-time and non-real-time scanning engines. No matter wether you use Windows (here the application implements the real-time scanning engine) or GNU/Linux (kernel modules are often loaded to run the real-time-engine) it's most likely detected by the real-time scanner because it NOT ONLY checks for new files created on a permanent media (again - it must not be a typical HDD) but ALSO has an (eye) on your RAM and "sees" what's going on there (traversion).

Whenever a pattern matches OR the heuristic-engine (configure THAT!) finds something you will be alerted in the way YOU configured YOUR scanner. This is the reason why even AM/AV solutions should always be configured to YOUR NEEDS!

Conclusion: 88crawler88 you should install a real-time scanner and RUN (that's the point) only files which were not classified as malicious by the scanner after loading. When files are accidentally executed the scanner (if it's a good one) will though warn you, stop the exec on a halt point and ask for instructions wether to continue or abort the execution. Try http://www.free-av.de/en/index.html it's from Germany and much better than most of these US (Norton) or Russian (Kaspersky) AV softwares. And it's FREE (like beer).

PS: "Real-time" scanner and "on-access" scanners are the same. Online scanners are something different but not important for your local system.

[88crawler88]

hey !! I had not seen all these replies!, thanks boys

Try http://www.free-av.de/en/index.html it's from Germany and much better than most of these US (Norton) or Russian (Kaspersky) AV softwares. And it's FREE (like beer).

Yes , i already use this one , it 's simple , clear and effective!

Lol, trying to get free pr0n?
Lol, trying to get free pr0n?

ah ah ! no boy, it only was a problem of thoerical knowledge, not for my bad vices! ah ah!

thanks to all of you! bye!

[Zarray]

maybe you can also run an p[rogram which tracks system changes at your virtual box, then you can see what it does, which reg keys it adds or if it hooks dlls,etc

[mudpuddle]

If there is a malicious .exe file, if you download it to your HD but don't run it, you will still get infected. I suggest that if you absolutely need the file but you suspect it is malicious, and don't want to cause any harm to your PC, always try to get the contents of the file in a .zip file. That way, you can scan it with a tradition good anti virus that's free (like AVG), and be out of harms way. If that's not an option, or you can't get them in a .zip format, use VMWare or Virtual Box to run them in a virtual environment, or use Sandbox, which is in my opinion the best application trapper there is. I tried all three of them in an experiment like this, and Sandbox won hands down.

http://www.vmware.com/

http://www.virtualbox.org/

http://www.sandboxie.com/ (Read first to see how it works, then download if you like.)