Secure Browsing Habits


So, I’m fairly certain I know the answer to this, but I like to take the naiv approach.

Assuming there are no 0-days involved, can any Malware be run on a computer(any os) by visiting arbitiary websites and downloading arbitiary files WITHOUT actually opening/running the Downloaded files.

Again, not refering to watering-hole attacks, 0-days, or anything unpatched.

Thanks for any Answers!

Your general answer is no, this method and event could be used and implemented in the old days on the IE version 7 browser using the “ACTIVEX” RUN java script bad ware method.


In general, unless 0-day vulnerabilities are exploited, malware usually cannot be activated without running or opening downloaded files. However, in certain cases malware may be able to exploit vulnerabilities in software that manages files, such as browsers or antiviruses or file systems, to execute malicious code. For example, a file may be the target of an antivirus vulnerability that triggers when the file is scanned, or an image or PDF file may trigger a bug when the file preview is generated. But these are rare and usually require certain conditions to be activated. In most cases, malware will not be activated without executing the file.

Hope this answer helped your question.

Very informativ thank you!

I Asked, because upon researching this via google there’s a lot of fearmongering going on, because AVs and other “security” products obviously want to sell their products.

This topic was automatically closed after 121 days. New replies are no longer allowed.