Okay, first, I’m NOT talking about music, or whatever. Let’s say I’m downloading an MP3 music clip from Amazon-just a small 30 seconds of a song to hear what it’s like. Can I get a virus from this?
The reason I ask is that my sister is trying to claim now that one can get a virus from downloading an MP3 or WAV file from an internet link. I say no, because they’re not executable files. She says yes, because, and I quote, “All my friends say so.”
Keep in mind, she is trying to convince me to put a file sharing program on my computer (Which I REFUSE TO DO!). I have told her numerous times that even if it were not illegal, I don’t like the idea of people having access to my harddrive, or that crap taking up so much space on my computer.
So, please, computer experts-what are the dangers of downloading sound clips from the internet?
Oh, and this is a very ANTI-FILE SHARING THREAD. PLEASE, do not try to tell me that file sharing programs are good things, or anything like that. I don’t want this thread locked. Mods, if this is out of line, I appologize, and please let me know. Thanks.
No, that’s flat wrong. Well, ok, someone could rename an .exe with an .mp3 extension, but what’s going to happen when you double-click it is thaqt the OS will try to run whatever MP3 player that filetype is associated to, and it will fail because the format is incorrect. But the virus will not execute and cannot do any damage.
Do, however, be aware of files with a bogus “extension” as part of the filename, as in bogusfile.mp3.exe. If you have your computer set to hide extensions of registered file types, you will see bogusfile.mp3. Double-clicking that will execute the file.
Basically a buffer overrun is convincing the computer to overwrite memory with a file. My impression of it is that yes, it is possible, but it’s not extremely likely. I found out about it by checking the details of all those Windows Updates that Microsoft tries to convince you to install. Darn Windows XP…
What OS are you using? If it’s a Windows OS, just open up a folder–My Documents is convenient–and click Tools > Folder Options > View tab. Scroll down the list and look for “Hide extensions of registered file types” and uncheck it. This is for XP, and IIRC Win 98 and up all work about the same way.
Bad news. Your sister is right.
Some MP3 players on computers have bugs that can be exploited to transport a virus. It amounts to improperly formatting a piece of the file and causing the MP3 player to crash in such a way as to execute code embedded in the MP3 file. That code can then write out an executable file (whose code was also embedded in the MP3) and do other nastiness on your computer.
WinAMP had such a problem some time ago, which they fixed. There may be others out there with similar problems. The virus has to be targeted at your player, and won’t cause problems (except for maybe not playing) in other players.
Mort if that’s the case, and the nasty stuff is in the file, then does it make any difference at all if you “download” the MP3 vs. “file share” it as per the OP?
I’ve not heard of any nasty virus or trojan infecting a computer in that manner. It’s possible, and I’m sure someone has managed to crash a computer or 2, but I’ve heard nothing else malicious.
You could on the Mac, which doesn’t require extensions at all and will ignore them in assessing the function of a file if it has a file type and/or creator that instructs it differently. I could take Microsoft Word (the application), rename it “RiteOfSpring_01.mp3”, and double-click it, and still get Word. So I could do the same with a virus.
Well, that’s a point in my favor-Sis is trying to convince me that you’re more likely to download a virus when you download an MP3 from a website than on a program like KaZaa or whatever other crap she wants to put on my computer.
A buffer overflow that specifically targets a certain application, like the one Mort Furd mentioned, is the only way I can think of for a non-executable (that is, a file that really is non-executable, like an MP3, and not an executable masquerading as another file type) to infect the computer. Even then, it’s still not an executable, the hijacked player app does all the work. It doesn’t seem such an attack has been observed in the wild, though.
BTW, is your sister seriously stating downloading a prevew from Amazon brings a greater risk of getting a virus than downloading from Kazaa?
She didn’t say preview from Amazon-she said “downloading an MP3 from a website link as opposed to a Kazaa like program” is more dangerous.
I just used that as an example of a legitimate place to download an MP3-I do NOT want this thread closed because someone started giving me advice on downloading illegal stuff!
Basically, I do NOT want a program like a P2P on my computer-even if it WERE legal, the idea of someone being able to download off of my computer…I dunno, it doesn’t sound too secure to me.