I know malware can be gotten by downloading and running stuff, but is there a real possibility of just viewing a webpage and getting one?
I'm not using IE.
Please give some support to your answer. Not just yes or no.
Asked
Active
Viewed 178 times
3 Answers
2
Yes, there is a possibility. Not a large one but it is possible.
Example: In 2004 there was a problem in Microsoft's Graphic Device Interface Plus (GDI+). It contained a vulnerability in the processing of JPEG images.
The quote the MS website: This vulnerability may allowed attackers to remotely execute arbitrary code on the affected system. Exploitation may occur as the result of viewing a malicious web site, reading an HTML-rendered email message, or opening a crafted JPEG image in any vulnerable application. The privileges gained by a remote attacker depend on the software component being attacked. Description
Now that bug has been fixed. So this specific bug will not harm you unless you run a really old OS and failed to install the security patches. But similar problems are being found all the time, and not just in XP.
So consider this:
- There are problems in any large OS
- These problems are sometimes found
- If they are found and reported then the problem eventually gets fixed (this can be next week, or sometimes it takes years).
- If someone finds them and decides to exploit them then your computer can get infected.
Some of these exploit require you to do stupid things (e.g. open mail from someone you do not know). Some of them get triggered without any human interaction. The JPG picture and the GDI+ problem is such an example.
Hennes
- 65,804
- 7
- 115
- 169
0
Most definitely yes. Consider the Malware infections that "emulate" an Anti-Virus program. You must know someone who complained about a mysterious program that just appeared one day, telling them they had 30-some infections, and if they wanted the program to remove them, they had to purchase the program. The names were varied, WinAV for example. All those people who got infected didn't download a program first, and then find themselves infected. I know from observation that all it took was visiting a web site.
Everything you do with a browser downloads information to your computer. So, there is always something being pushed to you. There are steps you can take to limit what is downloaded, but for those just using a vanilla install of IE (the most targeted browser), there was a real danger of getting infected depending on where they went on the web.
It wasn't just limited to seedy sites either. In the mid 2000's, Sears.com would install spyware on visitors machines. NHL.com was used maliciously by one of it's advertisers to infect visitors with malware. Then there is Myspace. I've cleaned customers machines from fake AV infections after they spend a night surfing friends pages at Myspace.
Now, are you asking if it is possible for you specifically to get an infection that way? Well, you don't use IE, and that helps, but otherwise, since we really know nothing about your surfing habits and the other software on your system, it is impossible to say.
Bon Gart
- 13,100
0
While a web-browsers allow code to be “executed” (JavaScript, Flash, Silverlight, etc.), these plugins and engines are specifically designed to be sandboxed from the system so that they cannot do any harm. As such, there is no built-in or default way of remotely/spontaneously executing/running code to infect a machine.
That said, browsers and plugins are not foolproof and due to their complexity, they often have vulnerabilities that can be exploited to infect a system.
Aside from using security software, another way to reduce exposure is to reduce the size of the attack vector by installing as few plugins as possible, keeping plugins and the browser itself updated with the latest patches, and disabling plugins when not being used or configuring them to be blocked by default and selectively allowing them on trusted sites.
There’s little benefit in re-writing a detailed explanation and examples, so I’ll just point you to this question that asked about getting infected from media files. I gave a detailed answer there that must be clear and informative because it seems to be pretty popular.
