September 17, 2008
We hear about software being venerable to attacks? So does this mean that simply having it installed on our computer makes it so, or do we need to be using it while online, or both are true (which is what I fear), Mindblower!
"For the needy, not the greedy"
August 7, 2011
Both are true and for varying reasons.
First if that file is a core OS file it is probably running anyway. Second, let's say a program like acrobat reader isn't running but you receive an email attachment or click a link on a website to a pdf. The computer will have an association between pdf files and acrobat reader, so it will start acrobat reader automatically. If the pdf is authored to take advantage of a vulnerability in acrobat.. You've been hit! Gotcha! Hosed!
There is also the possibility that someone could gain access to your pc through an infected file. Of course, at this point you're hosed anyway, but let's say they have very limited access and can not really do any harm. They can use this access to launch attacks on more dangerous vulnerabilities - leading to more control/access on your computer. Basically a little hole leads to a bigger hole.
1 Guest(s)
