Short answer
No, a file on a drive cannot just run itself. Like all viruses, it needs some sort of initialization. A file does not magically initiate for no reason at all; something has to cause it to load in some way. (Unfortunately the number of ways is bafflingly large and continues to grow.)
Overview
How a virus runs depends largely on the type of file that the virus is in. For example, .exe
files usually require something to actually load their code (simply reading their contents is not enough). Picture or audio files are not supposed to be code at all, so they should not be “running” in the first place.
Technical
What often happens these days, is that there are two main methods that malware runs:
- Trojans
- Exploits
Trojans:
With trojans, malware code is inserted into normal files. For example a game or program will have some bad code injected into so that when you (purposely) run the program, the bad code sneaks in (hence the name trojan). This requires placing the code in an executable. Again, this requires the host program to be specifically run somehow.
Exploits:
With exploits, what happens is that a file contains incorrect/invalid structures that exploit poor programming. For example, a graphics-viewer program that does not check the picture file may be exploited by crafting a picture file with system code in such a way that when it is read, it overloads the buffer created for the image and tricks the system into passing control to the virus code that was inserted past the buffer (buffer overflows are still fairly popular). This method does not require a file with malware code to be specifically run; it exploits the bad programming and error checking to trick the system into “running” it simply by opening/reading the file.
Application
So how does this apply to a flash (or any other type of) drive? If the drive contains trojans (executable files), then unless the system has AutoPlay enabled or has some sort of autorun/startup entry pointing to the file, then no, it should not run on its own. On the other hand, if there are files that exploit vulnerabilities in the operating system or other program, then simply reading/viewing the file could allow the malware to initiate.
Prevention
A good way to check for vectors by which trojans can run is to check for different kinds of autorun/startup locations. Autoruns is an easy way to check many of them (it’s even easier if you hide the Windows entries to reduce the clutter). A good way to reduce the number of vulnerabilities that exploits can use is to keep your operating system and program up-to-date with the latest versions and patches.
possible duplicate of can a virus execute by itself?
– Ƭᴇcʜιᴇ007 – 2012-02-23T04:25:27.9472@techie007 Not exactly. This question is specific about beeing run from a flash drive where the other question is more general. – Tom – 2012-02-23T07:42:06.650
@techie007 I found and read that question before asking this one. but my question was about flash drives because I haven't installed virus scan and just disabled autorun feature. – undone – 2012-02-23T10:10:54.050
Tom is kind of correct. This question is asking about the danger of a virus on a (flash) drive spontaneously running itself while the other is asking about the specific existence of such a virus. They are definitely related, but slightly different. I don’t know if the difference is sufficient to justify two separate questions though. – Synetech – 2012-02-23T21:00:05.907
I think it is related but definitely not the same, Windows performs actions on a flash memory stick when it is inserted that just don't happen with a HDD. The additional wording of the question refers specifically to the events that occur when a flash memory stick is inserted. – Tog – 2012-02-23T21:59:00.337