If you download and run a random exe like an idiot, won't your computer be screwed anyway? Can a website just give you a Trojan from nothing? Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?

Can a website put anything malicious on your computer without you knowing?

I ask this because I never have put virus protection on my pc and I have never got a virus. I also see many people with virus protection and many Trojans+slow memory+"free smileys"

If you download and run a random exe like an idiot, won't your computer be screwed anyway?

Yes

Can a website just give you a Trojan from nothing?

Theoretically, if they exploit a browser issue.

Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?

Maybe, but it'd be way harder than just getting someone to run an exe.

Can a website put anything malicious on your computer without you knowing?

Yes, see above.

yes,yes,and yes. and you could have a virus and not know it, have you ever read about keyloggers running in the background? common viruses exploit features made by an os's library.

So what does the virus protection do?

Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?

Google "windows xp png vulnerability". Long story short: buffer overflows are bad news.

Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?

Yes - google for "jpeg exploit" (similarly for mp3, jpeg, pdf, ...) to see various web pages discussing the problem.

One type of approach exploits flaws in the code processing the image, etc. by overrunning a buffer when data is copied. If the data copied is valid machine code, and it can be copied to the right place in memory, then it will be run instead of the original code. As I understand it, the buffer is on the stack and the data has to overwrite the function's return statement so instead or returning as usual, the new code is run.

See the following wiki page for a longer, (more) coherent explanation:

Stack buffer overflow
http://en.wikipedia.org/wiki/Stack_buffer_overflow

Andy

I made a keylogger and server/client connection that didn't trigger any of my antivirus programs. sent myself a file that contained every key I pressed.

You may not remember, but in the late 90s/early 2000s it was pretty bad. Operating systems weren't really protected against viruses and people were really dumb. It's actually been relatively recent that OS's have been secure against viruses. Hell I don't think Windows XP had a firewall on by default, so tons of people got infected from just downloading random pictures or screensavers. But each year computers get harder and harder to infect, and most store bought PCs come with anti-virus installed. I think in the last 4 years I've only had one known virus, and it was a real pain in the ass to get rid of.

Hell I don't think Windows XP had a firewall on by default, so tons of people got infected from just downloading random pictures or screensavers.

Firewalls don't work that way.

It's not really that there's fewer viruses. It's just that current viruses don't focus on destruction or disruption of the host, but instead on using the host for some nefarious end. Often spamming and/or DDoS.

...there's an antivirus advertisement on the bottom of this thread as I write this.

Anyway, antivirus programs are helpful for situations where... well, I believe the title for such things is "scareware." Essentially, particularly-malicious software can actually run through advertisements, doing things such as minimizing your internet browser and redirecting you to an alternate page that includes the virus. At that point, you're pestered about having viruses, and any click on the screen whatsoever initializes the download. To say the least, viruses like that can be quite, quite nasty.

Why would you not want antivirus protection?

Men who use condoms still have a chance to impregnate women. Does this mean they should stop using condoms altogether?

So what does the virus protection do?

When a file is about to be opened/executed/shown, the system doing that (OS, browser, etc) calls a routine that compares the content of the file against known signatures of viruses, and in case of match aborts/blocks the access. That is active AV.

Passive AV is to explicitly go through files on the system and recheck them.