As all of us have done at some point of our lives, I have downloaded the miracle of limewire. But in amongst the wonderous, mis-titled, copyrighted and illegal content of it, there’s also a lot of viruses.
Viruses are lame. I’ve found on the rare occasion of getting a virus that it’s already disappeared before I can scan it.
I have no doubts that there is some way that you can create a folder for limewire (or and internet browser) to download to which will prevent the virus or executable to execute before you tell it to.
Would I be correct to not doubt the existence of such a folder?
Where and how would I do this? And what would I need to download?
Files you download from something like Limewire aren’t going to execute on their own. You can download a virus loaded file safely. Just don’t execute it. If you have an active virus scanner your virus scanner will see the infected file and quarantine it (or do whatever you’ve configured the virus scanner to do). So what you are likely seeing is your virus scanner finding an infected file and quarantining it and that’s why it looks like it disappears.
Make sure you have Windows configured to show file extensions. You absolutely need to be able to see the file extensions so you can tell if a file you downloaded is actually an EXE (or COM, or VBS, or any other executable extension).
P2P downloads like to fake file extensions. They’ll name a supposed JPG file as some real long name with a .JPG.EXE extension or something similar. It’s actually an EXE file and not a JPG. Watch for tricks like that. That’s why you need to be able to see the true file extensions.
And never ever download an EXE (or warez) from P2P. P2P is full of fakes and trojans and viruses. If you want that stuff there are safer places to get it than Limewire but even those safer places are full of fakes.
The best way to protect yourself is to run another instance of Windows in a virtual machine. Microsoft has Virtual PC 2007 for free. VMWare also has free virtual machine options. Run Limewire in the virtual machine. If your virtual Windows gets infected you just delete the virtual machine and start over again. Any infection will be contained in the virtual machine. Your main macine is safe.
JC pretty much covered it, but ill mention another thing to look for.
Look at the file size before downloading anything. Say you want to go and download Adobe photoshop. Thats gonna be a pretty decent file of around 150-300mb, but sometimes in the search, you find some that will only be a few hundred KBs, stay away from that.
Same goes for most song, videos, and applications.
The ones with a tiny file size will usually be a virus/spyware or just not work and waste your time.
To be accurate I should say that some downloaded files can execute on their own and some non-executable files (like videos and images) can hide code execution exploits. The problem comes from buffer overflow exploits where a bad guy is able to inject executable code and get it to run. When they can do that they can pretty much own your machine if the exploit is triggered.
Windows had an exploit in the WMF (Windows Metafile) image format that allowed a buffer overflow exploit. The bad thing there was that it could be triggered by Windows Explorer (the file explorer) making a thumbnail image of a file you downloaded. So you download a file from Limewire, Windows makes a thumbnail for it, the exploit is triggered, and you’re owned. That has been fixed. But it’s an example of what can happen and how it can appear that a file launches on its own.
Apple QuickTime just had an update to patch eight security problems. Some of them were overflow conditions that allowed remote code execution. Some of them affected both Mac and Windows. Viewing one of the affected file formats in QuickTime could infect you. So it’s not just Microsoft software that suffers from security vulnerabilities. Best to update to the current 7.1.5 version of QuickTime.
So image and video files can have embedded exploits in them.
You can protect your computer against many of the overflow exploits by enabling DEP (Data Execution Prevention) if your CPU supports it (new CPUs support it). You can run SecurAble to find out if your CPU supports hardware DEP. Windows XP SP2 and Windows Vista have DEP support. If your CPU supports it you should enable the OptOut style of DEP protection. Instructions are here.
Hardware DEP with OptOpt will protect you from most of the overflow exploits like the WMF exploit.
And do get familiar with virtual machines like Virtual PC and VMWare. They make good test platforms and protected areas where you can experiment with potentially bad code.