Can a Virus hurt you if it just gets downloaded to your computer?
This is another question I see get asked a lot around the place, so I'm posting my latest answer to this question here.
Can someone tell me, if I download a zipped file which contains a virus and open this file then would my system would most likely become infected?
An example would be a zipped file containing an image file containing a virus; if I unzip the file and view the image without extracting it would it infect my system or do I need to extract the image to a folder and then view it.
The answer isn't clear-cut I'm afraid, but we'll start with the bit that IS
clear.
Viruses are malicious computer code. Computer code has to be
'executed', that is, loaded into memory and run as if it were a program,
before it can do anything. Therefore malicious code such as a virus has to
be *executed* in order to harm you. There is nothing magical about a
computer virus that means that simply downloading one on your computer or
viewing a non-executable file (such as a graphical image file like you talk
about here) that can cause a virus to be executed.
Simply downloading
a zipped-up file does not execute the contents of the zipped up file to be
'executed', therefore the malicious code will not run. Likewise, opening the
zip file with winzip or winrar and dragging the infected file onto your
desktop will not cause the virus code to be executed.
Viruses can not
magically infect your system because they were contained in a zipped up file
that you downloaded. Nor will they infect you just because you opened the
zip file and extracted the infected file. Only if you do something that
causes the file to be 'executed' then it can become harmful.
Of course, the question that inspired this post asked about image files (look, I'm going to refer to it as a JPEG from now on
because that's less typing and it also ties nicely into where I want to take
this discussion) and as these are not executable files then even loading
this jpeg into paint or photoshop or whatever you use will not cause the
code inside it to be 'executed' even though the file is loaded into
memory.
That was the simple part. Now we venture into the real world and things start to get tricky.
So far we've been talking about things in the
assumption that your operating system and the programs on it behave
perfectly in every way. In other words, I'm assuming that the operating
system and your applications don't have an accident or get tricked into
executing the contents of the JPEG file as if it were code even though it
shouldn't.
That's where the whole house of cards wobbles a bit, all
computers have bugs, faults in the computer code where things don't happen
as planned (I'm sure you already know that!). Some of these bugs can be
exploited in order to allow something that should never be executed as code
to be executed.
For example, there could be a bug in the program that
handles zip archives that can be exploited to allow a file being unzipped to
get executed automatically.
There could be a bug in the way the
operating system and even some applications hanldes graphics files that can
be exploited to 'trick' the system into executing the contents of the JPEG
file as if they were code, hence allowing your virus to run on the target
system.
These are not hypothetical situations here. I've contrived this
part of the discussion to lead on to some fairly nasty examples such as this
one, and
just to prove this isn't a problem exclusive to Microsoft, I want to link to
an equally stupid bit of work on the part of Apple which I have covered previously on this website.