newsbin.com

[jimerb]

Sometimes when I'm downloading things, Windows defender throws a virus alert and quarantine's the download (which I'm fine with).

I'm not trying to download executiables but I guess there is one in the rar.

In the "Spam Filter Settings" i have "Fail EXE files and RAR files that contain EXE's" checked so I'm wondering why it presents itself to Windows Defender as something to block.

Why does it put the rar to disk?

Also, if windows defender doesn't detect the executable can I be sure it won't make it's way to disk?

Just wondering of the order of things to see what type of risk exposure i have.

[Quade]

It just doesn't download any executable unless you force it. Whether it catches it in the first chunk or not is a function of the file order in the rar set. If the exe is the first file in the first rar, it catches it immediately. If it's not it might not catch it. I don't consider download of EXE's to be particularly dangerous. It's running them that can infect you. Once the rar downloads completes download. I imagine defender takes a look.

I don't recommend downloading any programs from usenet but, I'm not trying to stop you if that's what you want.

[jimerb]

Thanks Quade! That's very helpful.

I'm not trying to get exe's at all. They are just lurking in the rar sets.

Will it also do the same thing for other thing that can be executed such as a .bat file?

[Quade]

bat files aren't executable to Newsbin. They're just text files. So Newsbin won't touch bats. The real danger is either an unknown zero day exploit that bypasses UAC or that you run programs with elevated privileges. Anytime you run something and see a UAC prompt, you need to be wary. It might be a good idea to always cancel UAC prompts as the default unless you know you need to bypass UAC. Assuming you're running regular windows security and cancel any UAC prompts when you accidentally run something, the thing you run shouldn't normally be able to write to "Program Files" to infect other files. Nothing is 100% though.

[jimerb]

Understood. and i agree completely.

It's great understanding what's going on as these rar's hit the disks.

My big fear is that media files like mp3; .jpg or .mp4 could cause a buffer overflow and execute an exploit from within a popular media viewer.

I have not seen that but i fear it could exist.

[Quade]

I just keep current backups and am willing to wipe and re-install as needed. Ransome-ware would cost me a day at worst. I've been pretty lucky so far.