I have a question regarding the texture packs that install when you join a server. Do they stay on your computer making it possible to give malware?
So there's really three questions here:
Does your computer keep a copy of the server's resource packs?
Yes. If you look into your .minecraft folder, there's a sub-folder called "server-resource-packs" which is where they're stored. But read the rest of this post before you look at them!!!
Can a server resource pack potentially contain malicious files?
As far as I know, yes. Minecraft only looks for the files that it needs and disregards the rest. But because it ignores everything it's not specifically looking for, that also means that someone could put something into a pack that shouldn't be in there. Benign versions of this are careless authors leaving their .psd files in the pack, but potentially anything could be in there.
As an aside, this is why I STRONGLY recommend CurseForge as a source for resource packs. CF actually DOES scan the entire contents of the packs uploaded to it, and doesn't allow packs containing unknown or potentially dangerous file types. This obviously doesn't help for your instance since servers host their own packs elsewhere, but I feel like it's important to point out that there definitely are safe sources for packs.
Can a .zip file sitting on your computer infect it with Malware?
No... not without YOUR help. And this is VERY IMPORTANT!
See, a .zip file on its own is pretty inert. It doesn't run code so it can't infect your computer. It just sits there being a container for stuff. Think of it like a public trash bin. It could have a dirty needle in it, so just don't stick your hand in and you'll be OK. Make sense?
The way that most people get infected by .zip files comes from them unpacking the contents. This causes a lot of stuff to happen. Some viruses and malware can immediately try to take advantage of exploits in the operating system, but this is rare with recent operating systems.
More commonly, files will be intentionally mislabeled to get people to click on them. Modern operating systems have a BAD habit of hiding crucial information like file extensions. So "funny_picture.jpg" might actually be "funny_picture.jpg.exe" which launches malware. In a resource pack, you're more likely to find .js files that do the job since Windows has its own Javascript engine that can be easily exploited. (This is how a lot of e-mail infections work now.)
In other words, infection via .zip file largely relies on human curiosity to be the catalyst that triggers the infection. So a .zip file just sitting there won't hurt you. At least, not the the best of my knowledge. But it can contain things that will if you touch them.
So how can you protect yourself?
Well for starters, don't open server resource packs. It's that simple. Just leave them alone and delete them when if you're sure you'll never be going back to that server.
But if you absolutely MUST poke them, make sure that you have an up-to-date antivirus (dub) and scan the pack BEFORE opening it. Make sure that you have "Hide extensions for known file types" UNCHECKED in your file manager as well. That way you can see what a file is REALLY named. When in doubt, DON'T TOUCH IT! If you don't know what the file type does, assume it's hostile and delete it. Resource packs should only have the following file types:
.png - (Image files that so far haven't been associated with any attacks as far as I know)
.txt - (Not actually used by Minecraft, but still used for stuff like information about the pack.)
.json - (Code Minecraft uses. Open these with Notepad++)
.mcmeta - (They're actually .json files with Minecraft's file extension. Again, open them with Notepad++)
.png.mcmeta - (I know this looks a lot like the hidden fileextension "funny_picture.jpg.exe" example earlier, but it's fine. Just a weird choice by Mojang. These are just normal .mcmeta files.)
Anything else can and probably should be safely deleted. Again, you might see some .psd (Photoshop), .xcf (GIMP), or .pdn (Paint.net) files carelessly left in the pack. These are also likely harmless, but when in doubt delete them. Files ending in .exe and .js should be treated as hostile and immediately destroyed with extreme prejudice.
I hope that puts your fears to rest a little bit. Remember that ultimately it's the USER that's the best line of defense against malicious software.
I have a question regarding the texture packs that install when you join a server. Do they stay on your computer making it possible to give malware?
So there's really three questions here:
Does your computer keep a copy of the server's resource packs?
Yes. If you look into your .minecraft folder, there's a sub-folder called "server-resource-packs" which is where they're stored. But read the rest of this post before you look at them!!!
Can a server resource pack potentially contain malicious files?
As far as I know, yes. Minecraft only looks for the files that it needs and disregards the rest. But because it ignores everything it's not specifically looking for, that also means that someone could put something into a pack that shouldn't be in there. Benign versions of this are careless authors leaving their .psd files in the pack, but potentially anything could be in there.
As an aside, this is why I STRONGLY recommend CurseForge as a source for resource packs. CF actually DOES scan the entire contents of the packs uploaded to it, and doesn't allow packs containing unknown or potentially dangerous file types. This obviously doesn't help for your instance since servers host their own packs elsewhere, but I feel like it's important to point out that there definitely are safe sources for packs.
Can a .zip file sitting on your computer infect it with Malware?
No... not without YOUR help. And this is VERY IMPORTANT!
See, a .zip file on its own is pretty inert. It doesn't run code so it can't infect your computer. It just sits there being a container for stuff. Think of it like a public trash bin. It could have a dirty needle in it, so just don't stick your hand in and you'll be OK. Make sense?
The way that most people get infected by .zip files comes from them unpacking the contents. This causes a lot of stuff to happen. Some viruses and malware can immediately try to take advantage of exploits in the operating system, but this is rare with recent operating systems.
More commonly, files will be intentionally mislabeled to get people to click on them. Modern operating systems have a BAD habit of hiding crucial information like file extensions. So "funny_picture.jpg" might actually be "funny_picture.jpg.exe" which launches malware. In a resource pack, you're more likely to find .js files that do the job since Windows has its own Javascript engine that can be easily exploited. (This is how a lot of e-mail infections work now.)
In other words, infection via .zip file largely relies on human curiosity to be the catalyst that triggers the infection. So a .zip file just sitting there won't hurt you. At least, not the the best of my knowledge. But it can contain things that will if you touch them.
So how can you protect yourself?
Well for starters, don't open server resource packs. It's that simple. Just leave them alone and delete them when if you're sure you'll never be going back to that server.
But if you absolutely MUST poke them, make sure that you have an up-to-date antivirus (dub) and scan the pack BEFORE opening it. Make sure that you have "Hide extensions for known file types" UNCHECKED in your file manager as well. That way you can see what a file is REALLY named. When in doubt, DON'T TOUCH IT! If you don't know what the file type does, assume it's hostile and delete it. Resource packs should only have the following file types:
.png - (Image files that so far haven't been associated with any attacks as far as I know)
.txt - (Not actually used by Minecraft, but still used for stuff like information about the pack.)
.json - (Code Minecraft uses. Open these with Notepad++)
.mcmeta - (They're actually .json files with Minecraft's file extension. Again, open them with Notepad++)
.png.mcmeta - (I know this looks a lot like the hidden fileextension "funny_picture.jpg.exe" example earlier, but it's fine. Just a weird choice by Mojang. These are just normal .mcmeta files.)
Anything else can and probably should be safely deleted. Again, you might see some .psd (Photoshop), .xcf (GIMP), or .pdn (Paint.net) files carelessly left in the pack. These are also likely harmless, but when in doubt delete them. Files ending in .exe and .js should be treated as hostile and immediately destroyed with extreme prejudice.
I hope that puts your fears to rest a little bit. Remember that ultimately it's the USER that's the best line of defense against malicious software.