I understand that sharing video, photos, documents etc. is relatively safe because the data is not executed in the processor as instructions. How come people are willing to download and install pirated software though? How can one be confident that it does not contain malicious addons? Are people just don’t know the risks? Or are there protection mechanisms that I am missing? I mean since the software is usually cracked there is not much use in comparing checksums with the originals, is it?

  • alexg_k@discuss.tchncs.deOP
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    I think it is very rare to find or even craft a video file that is able to allow for arbitrary code execution on an updated video player software like VLC. The same is true for photos or documents with the exception of office documents using macros.

    • Dr. Jenkem@lemmy.blugatch.tube
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      “Updated” is doing a lot of heavy lifting here. Lots of people don’t keep their software up to date.

      But yeah, the likelihood of any of us randomly happening upon 0days in the wild is pretty low.

    • Gothian@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      Not at all. I work with development of various kinds and have my desk close to our senior it security specialist he says that we get daily that kind of stuff in our emails so I don’t see why they should exist less on pirated torrents

      • voxel
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 year ago

        maybe you mean like exe files disguised as pngs?
        actual malicious image files are extremely uncommon (and target specific image viewers of outdated versions, like imagine an archaic os like windows 7 or xp); libpng/libjpg that are used in most popular image viewers are open source and do not currently have any significant (discovered/publicly known) vulnerabilities