Can you get infected by downloading malicious files

It only takes a minute to sign up. Connect and share knowledge within a single location that is structured and easy to search. Corporate security trainings keeps saying "download a file from the web or email attachment and open it and you might become infected". I know this used to be the case on old Windows machines in the 90s, but is it still the case on any computer? Obviously if you open a shell file or executable file or app that might be a problem, but at least on Macs, Apple has that warning popup.

Are they basically suggesting that there might be some exploitable holes in the software we use "regularly" like excel or Apple numbers, or Apple preview for PDFs , and they can exploit those loopholes to install something somehow? The loophole would be unknown to the company providing the software but known to the attacker? That's the only way I can see them getting access to your computer, is there another way?

As a bonus question, if it is still true today that opening a "normal" file might install malware, what is the recommended approach to avoiding this, assuming you want to be able to open these files and assuming you've checked it's from reputable sources, etc. You may be a security expert, or at least a very knowledgable person when it comes to computers, but the vast majority of people - even those, who work with computers on a daily basis - are not.

I know entirely too many people, who think computers are basically a box full of plastic and magic. Explaining to these people which file extensions are more likely to be dangerous and which ones are less likely to be dangerous will probably lead to a lot of confusion.

I assure you that a significant amount of people, who work in an office, can't tell the difference between a PDF document and a Word document, so explaining what the risk of each is is not very productive. Basically, all of them. Always presume that a file is dangerous, even if you can't imagine how it could possibly.

Here is a list of some common file types and how they could be dangerous:. While there are indeed measures to mitigate some of these risks, often times these include asking the user if they want to do something risky. Not because they understand that the action they're about to take is risky, but because their computer asks them so often if they want to do something and they're used to playing the little game where they have to find the button that makes the computer do what they want to do.

There is no perfect one-size-fits-all solution. If there was, we wouldn't have to worry about malware. It depends largely on the technical expertise of who you are talking to. When talking to an expert, I would say "Trust your gut! Your instinct is the most advanced part of the brain, optimized over millions of years through the most brutal optimization process in existence - you do well to use it.

If you have a bad feeling with a file, don't open it. And if you have to, do it in a VM on an airgapped machine, which you completely scrub afterwards. When talking to the average user, I would repeat the same handful of security tips you have heard a million times. Don't open files from untrustworthy sources, have an up-to-date anti-virus, etc. You've heard it a million times before.

Just downloading a file is unlikely to be dangerous, but making any use of a downloaded file can be. Even "unused" files are routinely used without your explicit knowledge. For example, downloaded files are routinely inspected by your antivirus software, and thumbnail images may be generated from downloaded images. There was a case where a widely deployed jpg library was the attack vector - all you had to do was view the image - even though viewing images is generally considered to be safe.

Imagine the embarrassment on Microsoft's behalf if malware successfully targeted using windows defender as an attack vector. AFAIK this has never happened, but it could. That's probably the concern. As an example, have you ever used WinRar or heard of it?

Did you know that it had a code execution vulnerability for 19 years that was just discovered in ? After it was made public, it was being actively exploited. Is it possible that this flaw was exploited at some time between years and ? It's pretty hard to prove that it wasn't. Assume a user has WinRar installed and opens a file 'foo. The reality is that there are likely vulnerable applications installed on every Windows machine.

The question is whether anyone knows about those vulnerabilities. To learn more, see Protect your PC from potentially unwanted applications. Programs used to generate software keys keygens often install malware at the same time. Microsoft security software finds malware on more than half of PCs with keygens installed. Malware can use known software vulnerabilities to infect your PC. A vulnerability is like a hole in your software that can give malware access to your PC. When you go to a website, it can try to use vulnerabilities in your web browser to infect your PC with malware.

The website might be malicious or it could be a legitimate website that has been compromised or hacked. This is why it's extremely important to keep all your software, and especially your web browser, up to date and remove software you don't use. That includes unused browser extensions. You can reduce your chances of getting malware in this way by using a modern browser, like Microsoft Edge , and keeping it updated.

Tip: Don't want to update your browser because you have too many tabs open? All modern browsers will reopen your tabs after an update process. Some types of malware can download other threats to your PC. Once these threats are installed on your PC they will continue to download more threats.

The best protection from malware and potentially unwanted software is an up-to-date, real-time security product, such as Microsoft Defender Antivirus. Security Windows More Tip: This is called a "USB drop attack". Need more help? Use caution with email attachments and files.

See How to recognize phishing email messages, links, or phone calls. To learn more about how malware works and how to prevent malware infection, see Help prevent malware infection on your PC. If your organization uses Microsoft Advanced Threat Protection and a file is blocked that you think should not be, you'll need some help from a Microsoft administrator who can research the issue and, potentially, unblock the file. To learn more about what Microsoft administrators do, see About Microsoft admin roles.

Protect your account and devices from hackers and malware. Need more help? Expand your skills. Get new features first. Was this information helpful?

Yes No. Step 2: Disconnect from internet. Step 3: Reboot your computer into safe mode. Step 4: Delete any temporary files.

Step 5: Run a virus scan.