Can these launch scripts/viruses?

[Baby Astronaut]

Is the following always secure? (Let's assume correct file extension)

 

1. Installing fonts

 

2. Running portables (no-installation programs that you can run from your thumb drive)?

 

3. Preview windows of sites? For example, you hover the muse over a link and it shows you a preview of the site it leads to. Wouldn't accessing a preview of a malware website also launch all its scripts?

[Baby Astronaut]

4. Plugging in an infected external or thumb drive?

[Xittenn]

1. Did you see the recent episode of Bones where the hacker embeds a virus on a bone that is scanned into the computer? I think this is pretty much the same thing, he called it a worm. I'm familiar with the term worm but not the definition, or any other definition of computer malware; I just never had the interest. The thing I would imagine with this would be, some other program would have to execute it from a starting address. . . . .

 

2. Absolutely, and this is probably the easiest way to exploit a computer from your list.

 

3. I think this is very possible.

 

4. If you are booting from a device that contains a virus in its boot sector or points to a virus. The device could carry the virus but something ultimately has to activate it, and often system designs have loose ends that can be exploited.

 

I know almost nothing about what the malware community is trying to do--again as I have little to no interest. But essentially malware can exist wherever there are 1's and 0's the only issue is trying to activate it. Knowing how drivers and operating systems work, how software loads itself or other programs, and how software interfaces with the system, is really what you need to know if you want to be savvy.

 

Is there any particular reason why you are asking this question?

Edited February 8, 2012 by Xittenn

[Schrödinger's hat]

1. Installing fonts

The actual act of putting a font on a system doesn't lead to executing arbitrary code that I'm aware of (although this doesn't rule out vulnerabilities in the font rendering), but this is a common vector for malware regardless.

The fonts will come wrapped in an installer that also contains malware, it is this installer (an executable) rather than the font itself that contains the virus/malware.

I seem to recall there was some issue about truetype fonts being able to carry viruses (windows 98?), but I imagine this has been fixed by now.

 

2. Running portables (no-installation programs that you can run from your thumb drive)?

Definitely, these will run with the same priveliges as the account launching them, and so can do anything you could do. As xitten said, this would be the easiest way of getting a virus listed.

 

To elaborate, running any untrusted executable (.exe in windows) file (whether it's OMGINSTALLTEHSMILEYS.exe or thisisMSWordItstotallylegit.exe) is a terrible idea and is almost equivalent to handing the author your system on a plate.

Recent versions of windows are slightly better (UAC will ask you if you want to give the file priveliges to do many things), but doing this is still doing 90% of the work for whoever is trying to comprimise your system.

 

3. Preview windows of sites? For example, you hover the muse over a link and it shows you a preview of the site it leads to. Wouldn't accessing a preview of a malware website also launch all its scripts?

It depends. This is probably at least as safe as visiting the website. Depending on how the preview works it could result in running untrusted javascript.

This would require some vulnerability in your browser for any malware/virus to be installed, even if whoever wrote the website doing the previewing wasn't very security conscious. It's probably the safest of the things you listed.

 

4. Plugging in an infected external or thumb drive?

This /shouldn't/ be a problem, but microsoft have this insane obsession with autorun.

They appear to have gotten over it recently, but many versions of windows will automatically run executables on an inserted drive (if they are named/arranged correctly). They even went so far as to automatically turn autorun back on with patches even if the user had disabled it several times.

This is an extremely common vector for viruses/worms/malware. There have also been many reports of USB sticks coming infected from the factory. For this reason you should always disable autorun or first format your USB sticks in a computer that does not have this stupidity.

I'm not really up with windows 7 on this, but I've heard many accounts of autorun viruses in both XP and Vista

[Baby Astronaut]

Thank you both very much for replying!

 

Is there any particular reason why you are asking this question?

I like to know what's possible and even though I'm not technically skilled, I ponder if there are simpler preventatives/remedies that could be achieved via standards and methods. For example, with boot sectors, I wonder if they can make it possible to add separate information to it but never be able to erase the original. Then, any system that encounters individual or different boot sector info would ask if you want to run the original boot sector info or the new/updated one. Maybe it could tell the difference between what's new and original because it would attempt to move them around on the sector, and the original could be made read-only, completely unmovable.

 

 

It depends. This is probably at least as safe as visiting the website. Depending on how the preview works it could result in running untrusted javascript.

This would require some vulnerability in your browser for any malware/virus to be installed, even if whoever wrote the website doing the previewing wasn't very security conscious. It's probably the safest of the things you listed.

When you search Google, the area to the right of searches has an arrow you can mouse over. If you do, a preview of the website pops up. There are browser addons that give similar previews for any link you mouse over. I wonder how safe that is especially if you would never click on the link.

[Schrödinger's hat]

I like to know what's possible and even though I'm not technically skilled, I ponder if there are simpler preventatives/remedies that could be achieved via standards and methods. For example, with boot sectors, I wonder if they can make it possible to add separate information to it but never be able to erase the original. Then, any system that encounters individual or different boot sector info would ask if you want to run the original boot sector info or the new/updated one. Maybe it could tell the difference between what's new and original because it would attempt to move them around on the sector, and the original could be made read-only, completely unmovable.

This is in principle, if not practise, very similar to the idea of trusted computing.

There are security benefits, but many consider the potential price (manufacturers/microsoft being able to dictate which OS/software you are allowed to run) too much.

 

When you search Google, the area to the right of searches has an arrow you can mouse over. If you do, a preview of the website pops up. There are browser addons that give similar previews for any link you mouse over. I wonder how safe that is especially if you would never click on the link.

 

As I said, it depends on how the preview is generated.

I believe google render an image of the webpage on their servers, if this is the case it is perfectly safe. (I have also read something about them writing a simple html renderer entirely in canvas, but I don't know if they use it there).

Someone less security minded might just put it in an iframe/div or wrap the webpage in some piece of javascript that somehow changes its size. Not really sure how it's done, but if it were done in a way that resulted in the webpage running any scripts, it could be dangerous.