• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

Is it safe to download attachments from ASR?

Sir Sanders Zingmore

Major Contributor
Forum Donor
Joined
May 20, 2018
Messages
1,084
Likes
2,321
Location
Melbourne, Australia
Wasn’t sure where to post this question…
I’m always very wary of downloading attachments, as an example, yesterday there was a brand new member with a .zip file attached to their first post.
Am I being paranoid?
 
Wasn’t sure where to post this question…
I’m always very wary of downloading attachments, as an example, yesterday there was a brand new member with a .zip file attached to their first post.
Am I being paranoid?
Not being paranoid at all. It is very wise to not want to open <.zip> files and executables. I use a security suite for internet security. Are you using security software?
 
Send it to virustotal to scan…
 
Wasn’t sure where to post this question…
I’m always very wary of downloading attachments, as an example, yesterday there was a brand new member with a .zip file attached to their first post.
Am I being paranoid?
Does not sound paranoid to me.
 
Not being paranoid at all. It is very wise to not want to open <.zip> files and executables. I use a security suite for internet security. Are you using security software?

I do have anti-virus software. Even then I generally don’t download files unless I know the person who uploaded it
 
I do have anti-virus software. Even then I generally don’t download files unless I know the person who uploaded it
I use Bitdefender Security Suite for all my PCs and I have not had any issues for some years since I switched over. I used to be a IRC Operator so yes, I prefer not to download files too but for a pdf or a mp3 I let it slide.
 
I use Bitdefender Security Suite for all my PCs and I have not had any issues for some years since I switched over. I used to be a IRC Operator so yes, I prefer not to download files too but for a pdf or a mp3 I let it slide.
I'm on Bitdefender at home too
A mixture of PCs and Macs
 
just use a virus free mac ohhh the simpler times .

I mean even if it seems that it comes from amir, maybe his account was compromised, and the attack had this very specific goal. You can never know. If I feel particularly unsafe I just spin up a vm or docker container and check it there.
 
I'm on Bitdefender at home too
A mixture of PCs and Macs
For me security is pretty important but I recognize where it can become too difficult to operate some security software and then compromises occur by operator error. For me I use a desktop PC for general internet use and I will open MP3, JPG and PDF etc. The desktop is not used for personal files and actually contains none. All the important stuff is stored on or being done by the notebook which is not used most days and just sits there never being used.
 
A zip file -- or any other archiver/packer format -- is just that, a archiver/packer format that cannot contain any (malicious) code "by itself". Code could only be present in the archived/packed files themselves. So no, you don't run/open an unknown executable, Word doc or Excel sheet or even PDF or whatever, regardless whether it came directly or packed into an archive.
If you do, do it in a sandboxed machine (I'm using an old bare-bone notebook -- with no hard-drive or SSD and no battery -- running TAILS) or have it virus-checked at least before opening -- the actual content files, not the archive file in case of such).
 
A zip file -- or any other archiver/packer format -- is just that, a archiver/packer format that cannot contain any (malicious) code "by itself". Code could only be present in the archived/packed files themselves. So no, you don't run/open an unknown executable, Word doc or Excel sheet or even PDF or whatever, regardless whether it came directly or packed into an archive.
If you do, do it in a sandboxed machine (I'm using an old bare-bone notebook -- with no hard-drive or SSD and no battery -- running TAILS) or have it virus-checked at least before opening -- the actual content files, not the archive file in case of such).
well my friend, this is just not true. Maybe the archive is manipulated in such waynthat a vulnerability in the achiving software is used and something unexpected (for the user) happens. And using a second machine is hard and inconvenient. Just spin up a container.
 
If you have a reasonable secure Operating system yo can download what ever you want and its save.
The question is if you execute it and if doing so can compromise your system.
 
well my friend, this is just not true. Maybe the archive is manipulated in such waynthat a vulnerability in the achiving software is used and something unexpected (for the user) happens. And using a second machine is hard and inconvenient. Just spin up a container.
Yep, I remember the Infamous 42.zip, a zib bomb.
 
Trust nobody - we have regular phishing tests at work on our emails and you’d be amazed how creative these criminals are.

Somewhat ironically the UK’s Ministry of Defence was recently hacked - payroll information of all things! Even more ironically the newspaper article states “It can also be revealed that SSCL was awarded a contract worth more than £500,000 in April to monitor the MoD’s own cybersecurity – several weeks after it was hacked. Officials now believe this contract could be revoked.”

Couldn’t make it up :)

 
Back
Top Bottom