>tl;drHow can I make sure .zip/.rar archives allegedly containing only images are safe?---Yo yo, I'm a wannabe artist and have seen anons putting up download links to image reference packs over at /ic/, here's two of those for example (DON'T DOWNLOAD THEM, the safety of that is why I'm making this thread):https://gofile.io/d/kC1Dglhttps://gofile.io/d/sZmDVANow I'd like to download these packs but I don't wanna catch a virus.I did a bit of research and up to today I thought that as long as you don't run any .exes and by looking out for file extensions (making sure the file browser has the option turned on to display them) that you're golden, with images it'd be especially safe considering those are only either jpegs or pngs or bitmaps or GIFs.However, some people say that there's self-unzipping .rars as well meaning that the files I download won't sit there dormant but could deploy as soon as I finish downloading the archive, or that they'll deploy as soon as I unzip it. I tried copy pasting the download links to feed them into Virustotal but in the little bottom left corner I'm only getting "javascript:void(0);", which is useless to Virustotal, not to mention the file size is a bit over their file upload limit.What do I do? Am I screwed? I won't risk getting a virus over some reference images but it'd still be a bummer to have to pass on them, they look pretty handy
>I did a bit of research and up to today I thought that as long as you don't run any .exes and by looking out for file extensions (making sure the file browser has the option turned on to display them) that you're golden, with images it'd be especially safe considering those are only either jpegs or pngs or bitmaps or GIFs.That is correct, as long as your operating system is up to date.There are two separate threads to worry about when looking at untrusted data: viruses and exploits. A virus is something you need to actively start to cause problems, by starting an actual exe or equivalent. If you are careful not to click exes or other executable files, you're good.An exploit is a file that abuses a security vulnerability in the program you're using to look at it. Those can theoretically trigger on things like just looking at the file in the file manager (which say, reads the image file to display a thumbnail, the file reader for the thumbnail maker contains a vulnerability, the file contains an exploit abusing that vulnerability, and deploys malware just by you looking in the general direction of the file). These are much rarer, and rely on your software having known vulnerabilities in them. As long as your software is up to date with the latest security patches, this is not a threat -- fixing these vulnerabilities are what all those security updates you install are about.>However, some people say that there's self-unzipping .rars as well meaning that the files I download won't sit there dormant but could deploy as soon as I finish downloading the archive, or that they'll deploy as soon as I unzip it.Theoretically possible if you are behind on security updates, but even then it is very rare, and I in practice do not worry about this even on my windows 7 machine that has been unsupported for years.>https://gofile.io/d/kC1Dgl>https://gofile.io/d/sZmDVAI do not see anything worrisome in either of those files.
>>1540763Followup: you should know that there are some shitty virus scanners out there (which, sadly, includes the preinstalled Microsoft one) that have a tendency to sometimes randomly go off at perfectly innocent files. A rar of perfectly legit jpegs might trigger a virus alert on one computer running the microsoft antivirus, and not trigger an alert on nine other computers running that same antivirus. This means in practice that the fact that someone somewhere reporting a file means fuck all nothing.This is true for executables too. I write software, and every time I release a new version of a windows program (which I am damn sure is not infected) one random user in twenty will report that their particular antivirus reports it with a high alert, while everyone else is fine. These shitty virusscanners actually mostly rely on a large list of programs released by major publishers that it knows to be safe, and for any new file it does some bullshit guesswork that likes to randomly cause false positives. So every new program release, especially if it's by just a guy somewhere rather than a major publisher, is likely to randomly cause alerts for some small minority of people. Which is just great when trying to release software, let me tell you.Of course that is not going to help you even one bit when trying to be safe, so I have little actionable advice here. Even sites like virustotal are not that reliable, because they too will report those random false positives. But downloading a file just to upload it to virustotal should be safe (assuming you're up to date on security patches), and if virustotal doesn't see anything wrong it's pretty safe. If a *few* of the scanners on virustotal don't like a file, who the hell knows if it's good or not, sucks to be you.
>>1540763>>However, some people say that there's self-unzipping .rars as well meaning that the files I download won't sit there dormant but could deploy as soon as I finish downloading the archiveThis is a default behavior with the popular download manager Jdownloader, but it's not something that happens otherwise... Jdownloader does it because extracting your own archives is a waste of time that can be automated, and like the other anon said, simply extracting files isn't unsafe
>>1540763>>1540764>>1540765I see, thank you kindly for the replies, I do have the latest updates installed so I should be fine I suppose, besides, surely no one would bother putting viruses on some reference image packs, unless they're just trolls looking for reactions. Damn, not all unlikely now that I think about it lol. I guess just extracting those files won't fuck me up right? The other measures like not running exes and looking out for file extensions should be enough, I hope
