GMartin
asked on
re: detection of computer viruses withing setup and install files
Hi Everyone:
I have recently downloaded some Setup Files for various programs and scanned these setup files for viruses and Trojans. After going to trendmicro.com and running a virus scan, these files came up clean. However, is it possible the setup files can still contain malicious code which is dormant and only becomes activated after the install or setup file is launched?
Any thoughts or insights on this question will greatly be appreciated.
I look forward to hearing from someone regarding this question.
Thank you.
George
I have recently downloaded some Setup Files for various programs and scanned these setup files for viruses and Trojans. After going to trendmicro.com and running a virus scan, these files came up clean. However, is it possible the setup files can still contain malicious code which is dormant and only becomes activated after the install or setup file is launched?
Any thoughts or insights on this question will greatly be appreciated.
I look forward to hearing from someone regarding this question.
Thank you.
George
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also you really should have a virus scanner residing on your machine. Such as Norton or McAffee which both test out as being the top two virus scanners on the market and have them be running all the time.
Its certainly possible - hidden inside an installer *deliberately* it could be encrypted, compressed, or any combination of the two that appeals to the attacker (the 7z library for example offers AES encryption for compressed files; it would be trivial for an attacker to call that and make a trojan indetectable to AV software.
On the other hand, your AV should have a "real time" scanner, that detects a trojan being unpacked and deployed, and blocks it at the time it is installed. By definition, a compressed and encrypted trojan is no threat :)
On the other hand, your AV should have a "real time" scanner, that detects a trojan being unpacked and deployed, and blocks it at the time it is installed. By definition, a compressed and encrypted trojan is no threat :)
> is it possible the setup files can still contain malicious code which is dormant and only becomes activated after the install or setup file is launched?
Yes, that is easy to code, but not found all that often, the script kiddies can't do. So odds are that you can install and have no problem. Beware of products that do like MS and download parts of it from the web during install. Always scan after install, and backup before.
More than likely, the trojans you'll get are not virus but spyware, and the AntiVirus companines won't help with that a bit. Uninstalls don't work with those beasts.
Yes, that is easy to code, but not found all that often, the script kiddies can't do. So odds are that you can install and have no problem. Beware of products that do like MS and download parts of it from the web during install. Always scan after install, and backup before.
More than likely, the trojans you'll get are not virus but spyware, and the AntiVirus companines won't help with that a bit. Uninstalls don't work with those beasts.
ASKER
Hi Everyone:
Thanks so much for sharing your time, insights, and expertise. I especially appreciated the links to the free online virus scanners in addition to the tips.
Have a great weekend everyone.
George
Thanks so much for sharing your time, insights, and expertise. I especially appreciated the links to the free online virus scanners in addition to the tips.
Have a great weekend everyone.
George