Since you are reading this page, you have probably heard that using a custom mouse cursor may infect your computer with malware. While there is a small danger associated with actual cursor files (discussed later), the real danger lays in malicious web sites that pretend to offer custom cursors, but their real agenda is different.
There are 3 simple rules that will protect you from malware disguised as cursors:
While following the above rules is enough to protect yourself, it never hurts to learn more details. Here they come.
First, let's look at the standard Windows cursor files. There are 2 kinds: normal cursors (with .cur extension) and animated cursors (with .ani extension).
These cursor files are data files, similarly as .png or .jpg images or e-books. Data files are usually safe - you can download and copy them around without fear. They can only be dangerous indirectly - when the application that uses the files contains an exploitable security hole. There used to be a security hole in Windows, but it has been fixed years ago. Keeping your Windows updated takes care of this problem.
Let me say a few words about anti-virus software. When the security problem with .ani files in Windows was published years ago, anti-virus manufacturers updated their products to recognize the suspicious .ani files. Some of then did a very sloppy job and valid .ani files were incorrectly flagged as viruses. If your anti-virus software warns you about an .ani file, open it in RealWorld Cursor Editor and re-save it. If the warning does not go away, contact your anti-virus provider and report this "false positive" to them.
.zip or .rar files are compressed archives containing multiple files. Before these files can be used, they must be extracted to a folder. These archives should contain .cur or .ani files and possibly some accompanying files. Focus on the .ani and .cur files, be suspicious about the other files - never run any applications that were extracted together with the cursors. Some archives may contain an .inf file that can help you install and activate the cursor files. Although the .inf file may be very handy, it can also be very dangerous. I would not recommend you to use it if it came from a untrustworthy source.
This is where the real danger lays. There are malicious web sites that pretend to offer custom mouse cursors, but instead attempt to install malware or adware on the computers of their unsuspecting visitors.
Fortunately, protecting from these kind of attacks is not hard. Use an updated web browser. Never "run" or "install" anything. Always look for .cur or .ani file (or .zip archives) and "save" them when asked (activate them via Control Panel or a specialized tool). If a web site does not offer you to download .cur or .ani files directly (or indirectly in a .zip file) and instead forces you to install something, leave as quickly as possible.
Assessing the level of trustworthiness of a web site is not trivial. Looks can be deceiving.
Hey this is quite helpful! My friend makes viruses but I've never seen one that is not a .exe so THIS TELLS YOU THE No.1 RULE: Only open .cur/.ani files!
i am glad this website has info about viruses on cursor sites now i will be more careful downloading cursors thanks for the help thumbs up!
What? I don't know what you guys are talking about but okay if you guys say that this is good, I vote for this being good too Just trying to be cool.. Anyways
Good article, and what a great website! Thank you!
thanks for having this information available to us. Very informative.
My sister told me not to download cursors, but I know the ones I download aren't viruses so I do it anyways >:D
Thanks for the post. But if i set my cursors in .ani or .cur and i restart my computer the cursor resets to the normal shape. S omeone can help me not pass that?
Saving cursors that you strongly trust into your computer's default cursor-containing folder, that cursor will be able to be used as soon as the computer starts (or whenever you log in). In Windows 7 it's under Local Disc> Windows> Cursors.
is it ok to download from here