VST Plugins are DLL files available to be put into a folder in the Music Tool which then can use this as a plugin.
Does VST have a mechanism not to execute malicious code inside the dll file?
Can I safely install them without anti-virus?
Asked
Active
Viewed 2,295 times
12
-
You're asking if VST Plugins are malicious? – RoraΖ May 19 '15 at 14:30
-
Not "are", but "could be". – Daniel W. May 19 '15 at 14:31
-
1Any form of executable code **could** be malicious. It comes down to if you trust the plugin or not. Extensive analysis of the DLLs is the only way to see if anything nefarious is occuring. – RoraΖ May 19 '15 at 14:33
-
6Why are people flagging this as "Primarily opinion based"? It's a good, objective question, asking whether VSTs are somehow prevented from acting maliciously, and whether there's a risk. Please read things fully and properly before you issue a flag. – Polynomial May 19 '15 at 17:10
-
I know there are technics like digital signatures and code signing but I think this is not going on in VSTs. I was 90% sure the answer is 'may contain viruses' but I wanted to ask the community to clearify the last 10% in question. Thanks for participating in this discussion. – Daniel W. May 19 '15 at 18:40
-
1@raz - If the plugins were executed within a sandbox that would stop the DLL doing anything nefarious – paj28 May 22 '15 at 16:01
1 Answers
13
A VST is just a DLL which exposes a specific interface. As such, it can contain arbitrary code, and can do anything that an EXE could do. Treat it as such. If you don't trust it, don't run it.
Keep in mind that virus scanning will only protect you against known signatures, so something unknown or custom might still catch you out. Running the plugin through VirusTotal or a similar service may help, but ultimately you can never be sure and there is always a risk.
My advice would be to research the plugin and the person/company who wrote it, and the site you downloaded it from if it's coming from somewhere generic. Verify their trustworthiness by reading reviews, looking at their other work, and seeing which communities they're active in and trusted by.
Polynomial
- 132,208
- 43
- 298
- 379