Is a P2P download safe?
October 8, 2006 6:45 PM   Subscribe

Two-pronged question: (1) How common are virus/spyware-infected applications on P2P, assuming the filesize is big (50+ MB) and it's not one of those stupid 50 KB bait files? (2) Are there any good free or shareware virus scanners that are especially designed to examine the contents of executable setup programs? Most protection programs just look at existing files on a hard drive.

Short background story on this:

(1) I always buy software, but in this case I found a useful application that hasn't been on the market for awhile, even as an upgrade.

(2) Last time I tried buying a virus protection system with Mcafee or Norton (not sure which), it was offered only as a service that required renewal. Given all the fine print on their site I had a hunch that they were going to sign me up for stuff I didn't want and make it a PITA to cancel.

posted by chef_boyardee to Computers & Internet (9 answers total) 1 user marked this as a favorite
Response by poster: (sorry... not "service that required renewal" but involved renewal past like 3 months or something, with auto-rebill that I would have to cancel)
posted by chef_boyardee at 6:46 PM on October 8, 2006

AVG offers a free antivirus suite, comparable to norton or mcaffee.

Clamwin is an open source virus scanner that can only scan on demand - it isn't permanantley resident, checking processes.

For what you are doing, if you don't want a permanent scanner, I would download clamwin and use it to scan the file once it is downloaded.
posted by scodger at 7:03 PM on October 8, 2006

Chef, I've had maybe a half-dozen infected (non-bait) files ever, and I download lots and lots and lots of stuff.

I also recommend AVG.
posted by solid-one-love at 7:26 PM on October 8, 2006

See if you can find it through BitTorrent somewhere. The centralization of trackers means that if someone puts up an infected file they may be "punished" for it and you might see in comments if a file is infected, or it could be removed by the tracker.
posted by TheOnlyCoolTim at 7:31 PM on October 8, 2006

Chef, running a Windows box with no antivirus in this day and age is just asking for trouble. AVG Free can search inside archives (including self-extracting executables).
posted by flabdablet at 8:40 PM on October 8, 2006

Look I hate to be the one to say it but.... for P2P, virus scanners mostly don't cut it. At all. At a minimum, you'll need a trojan/malware/adware scanner, a virus scanner and a GOOD (not windows) firewall that blocks individual applications from accessing the network. Then, when your PC starts acting oddly anyway, you'll need HiJackthis and an expert (or become one), rootkitrevealer and some practice with netstat. Keep much personal(bank info, for example) on your PC? A simple virus is the least of your worries today.
posted by IronLizard at 9:23 PM on October 8, 2006

Personally: Ewido, AVG (an norton is difficult to clean out, the uninstall doesn't begin to touch the extra files. Almost like spyware itself...), Sygate and Icesword, Hijackthis, UltimateBootDisk4Windows, ect... Also I keep an eye on system messages/errors in the event viewer, under Accessories-Administrative Tools, when things begin acting up.
posted by IronLizard at 9:27 PM on October 8, 2006

(1) they are around

(2) avg, although generally good, didn't catch a trojan that was in an .exe file that caused me a bit of trouble a few months ago

there seems to be an increase in the number of fakes and dangerous files on emule/kad networks these days

usenet is preferable, as other people will catch the viruses before you download them
posted by pyramid termite at 10:07 PM on October 8, 2006

Avast has a free home edition. It has a resident scanner that will scan some P2P traffic, but I'm pretty sure you can turn it off and scan on demand.

I've been downloading strange files since the BBS days and I can't remember ever having anything but a false positive for viruses (knock on wood). Spyware is a pain but it's usually bundled with the shady P2P clients. It would be pretty dumb to add a trojan to an out-of-market piece of software just to seed it on a P2P site, since the effort wouldn't be worth the number of people you'd catch. In general, hackers these days want to cast a wide net. That's not a good security policy, of course, but for a one-off instance, you might want to take the risk.

You could also setup a vmware virtual machine to use as a sandbox. It's not a perfect solution, but, again the cost-benefit ratio for a hacker to write a trojan to inject in your app to exploit a vmware bug is way, way in your favor.

But yeah, you should certainly have virus and spyware checkers running on your computer regardless of whether or not you ever download questionable executable files. Microsoft et al. have so throughly fudged up user rights, buffer controls and the separation of executable code from data that very little is safe. Think: Microsoft Office VBA exploits, JPEG buffer overflow, Windows Media DRM exploits, MS Outlook worms, WMV movies that open up to malware websites that then take advantage of Internet Explorer exploits, etc...
posted by Skwirl at 11:36 AM on October 9, 2006

« Older School fundraiser: contribution instead of...   |   Can't get to my files! Newer »
This thread is closed to new comments.