Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can compressing files reduce the chances of its being infected?

Can compressing a file reduce the chances of having it be corrupted by
viruses or a zombie?

In this excerpt from
Answercast #74
, I look at the extra security that comes from compressing
files with compression software: it’s small!

Become a Patron of Ask Leo! and go ad-free!

Compressing files for security

It depends on how you compress it.

A quick rule of thumb: if the file still looks like the file to you
when you look at it (it’s still foo.doc) then it hasn’t helped anything. That’s
Windows file compression.

Windows file compression changes how things are written to the disk – but it
doesn’t change how the file looks to you or to other software on your system.
Most importantly it doesn’t change how it looks to the malware.

On the other hand, if you’re compressing it using other programs (such as
maybe WinZip, or 7Zip, or AxCrypt or something like that) where the original
file, “foo.doc,” isn’t there anymore; and it’s replaced with something like
“foo.zip” or “foo.crypt” (or whatever you want to call it); then it’s no longer
a .doc file. Malware and other processes typically don’t act on it the same way
– and typically don’t see it as something that can be infected.

Compression type matters

So bottom line is: if the file looks like it’s still there after
you “compressed” it… it’s still there. It is just as likely to be attacked by
malware.

If, on the other hand, the files have been changed (removed and replaced by
a different file that is the encrypted file with a different name),
then chances are that that actually has protected you just a little
bit
.

I really don’t consider this a huge, huge win.

I certainly would not run around compressing my files in order to prevent
malware from attacking. I would focus more on having good anti-malware
solutions in place overall. This really doesn’t add a lot of security to your
overall setup.

(Transcript lightly edited for readability.)

Do this:

Subscribe to Confident Computing! More confidence & less frustration -- solutions, answers, & tips -- in your inbox every week.

I'll see you there!

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.