You most certainly can be infected by just visiting a site, if you have vulnerable plugins or a vulnerable browser. A world where infection would only be possible if you ran a downloaded exe file would be far easier to keep a computer secure in, but in the real world some types of virus can load themselves onto your machine without the need for any deliberate actions (like opening a file) by the user. Duch attacks are called "drive-bys" or "exploits" and commonly target java, flash and silverlight plugins as well as adobe reader and the browser internet explorer, exploits also exist which can attack media player software and all the other common browsers (chrome, firefox and all the rest). Fortunately there are some ways to make it much harder for drive-by attacks to infect you, careful browsing could be considered the first but in this era of malvertising content being loaded in the corners on reputable site careful browsing is not enough.
The various means to defend yourself are listed and explained below, do as many as you can for the best protection.
Always make sure your browser is up to date, and the plugins within your browser as well. Updates to browsers and plugins patch vulnerabilities so an old un-updated browser will be vulnerable to most exploits in use while an up-to-date browser will noyl be vulnerable to recently developed exploits. IE is the most vulnerable, firefox and chrome are both far more secure but neither is perfect.
Deactivate all your plugins or set them as "click to play", loads more exploits exist which attack flash, java and silverlight as compared to the lower (but still terrifyingly large) number of exploits which target the browsers themselves. If you disbale plugins you don't use, and those which you sometimes use you set as "click to play" or " ask to activate", then exploits which attack plugins are less of a danger to you. Firefox makes it easy to disable plugns or set them as "ask to activate", chrome also makes it fairy easy, these days it is set up to do this by going to "sandwich button"-->settings-->show advanced settings-->content settings-->let me choose when to run plugin content. I don't know if IE lets you disable plugins like this or set them only to run when you approve them.
Run an adblocker, this won't protect you from drive-bys and exploits actually built into the page you are visiting, but it will block adverts from third party sites which could be used to deliver malvertising.
Run a scriptblocker, this will protect you from exploits on the page you are visiting, and from exploits on other domains which are trying (but which the script blocker will stop) from loading content onto the page you are on. A scriptblocker also blocks adverts as a side-effect although you might want to run an adblocker as well alongside it. Noscript is script blocker for firefox, I have been using it for a while now, I haven't suffered any infections since I installed it as an add-on. I haven't seen any pop-ups either. A scriptblocker like noscript should make drive-bys impossible when you have it turned on, but sometimes you will need to allow some things through it for some things (videos mostly) on pages to work, if you only allow things from very trustworthy domains then it will keep you very extremely safe. A scriptblocker prevents exploits before they can begin it's an "anything the user doesn't allow deliberately is by default forbidden" type of security solution.
Run some sort of specialised anti-exploit protection, malwarebytes anti exploit does this, it is a free program which blocks common exploit methods. This means that it can protect against unknown viruses because it blocks anything that looks like an exploit without needing to worry about precisely what the payload is. This sort of program acts as a layer "behind" your browser whereas things like noscript and adblockers act as layers "infront" of your browser. MBAE works well in combination with noscript and firefox.
Keep your antivirus running as it is, run a realtime protection antimalware alongside it if you can. An antivirus and antimalware act as another layer behind any specialised anti-exploit protection you have.
For futher protection you can also run witelisting software which prevents any exe file which you have not previously approved from being able to execute.
The key thing with protecting yourself from exploits is to use "anything not allowed by the user is forbidden" types of security as well as the standard method an antivirus uses "anything not matching this database of known nasties is allowed". Things like noscript and mabe, as well as whitelisting programs, use this first method and therefore don't need to recognise every virus, they just stop anything which the user doesn't choose to allow. A brand new virus would not be recognised by antivirus and antimalware programs but it wouldn't be able to infect a noscript user unless they allowed the object or script delivering it to run, and it wouldn't be able to infect an mbae user unless it was using some uterly new and unrecognised exploit method. If you follow all the suggestions mentioend here being exploited should be impossible, note that you still need your antivirus running as well because mbae and noscript won't protect you from files you do deliberatly open and run.
Regarding post #7: malware exploit files are small files, only a few kilobytes, if you have download speeds of 0.5 Mb per second they would download so fast that there wouldn't even be time to show a "downloading" bar, also exploits do not download in the same way as normal file downloads, they take other routes so wouldn't be counted by the browser as downloads and put into any download history it keeps. The self-execution of exploit files happens because of the exploit methods, these basically let them bypass normal downloading and opening entirely, they download themselves and immediately run themselves.
Edited by rp88, 07 June 2015 - 01:01 PM.
Back on this site, for a while anyway, been so busy the last year.
My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB