Can malware be dangerous even when quarantined?


Quarantine is nothing but a place to store the infected/suspicious files. When you quarantine a file it is deleted from the actual place and moved to the quarantine location (to the path that your anti-virus program has for them).

This is something like keeping a zombie inside a jail. Obviously it is not a threat as long as you don't open the cage.

In most anti-virus programs, the quarantine files are stored in internal binary formats. Since there is no physical connection between the infector file to your system (your anti-virus program works as the storage format is also a plus point), it is not dangerous.


Regarding analyzing an infected file, yes it is not possible after quarantine. If you want to do that, you either try disinfecting it or restoring it to its original place (you have to disable your anti-virus program to do this and this is the place where you are opening the cage) and then analyze it. But remember the zombie might eat you up (unless you are good with shotguns)! So it is at your own risk.

Why not just send the infected/suspicious files to the anti-virus program team? They might give you a better picture after inspecting it with their updated virus signatures.

Bottom line: A quarantined file is not dangerous. But analyzing them yourself might be.

I think the authors real point is not the safety of a file once quarantined but rather what happens if the user says "no"? Does the system leave it where it is - a potentially big risk, or does it erase it - a potentially big risk. Without knowing what action will be taken if you don't quarantine, or indeed without explaining what quarantine means, the user is faced with a question they must answer to progress. However they do not have the information required to make an informed decision. What happens...they roll the dice and guess.

So, users are asked a pretty tough question: Do you want this file or do you want to be safe? It's not even a matter of informed decisions, here... Users don't have a degree in computer science and currently don't have the tools to stay secure.

Users don't have time and effort to waste for informed decisions. This point has been debated over and over again. If the file is unsafe it should be quarantined automatically, and an option to "Recover the malware" provided, instead of the user having to either waste their time thinking about it or spare their time and make a quasi-random decision.

There is a very similar example: how the Google Chrome Security team redefined the user experience of Chrome malware recovery warnings. They made it harder for the user to do the unsafe thing, by increasing the interaction cost of it and increasing the feeling of doing something dangerous.