Author Topic: MIME types exceptions in Web-shield (Read 5284 times)

Lars-Erik · « **on:** March 21, 2011, 12:36:04 AM »

I see in the exceptions section for the Web-shield that there are exceptions for video/* and audio/*, but for image there are only exceptions for image/gif and image/png, and not for image/jpg.

I guess this is because code could be hidden inside a JPG-image that would execute on Windows.

But wasn't this threat fixed in a Windows-update some time ago?

Is there danger adding image/* to the exception list now?

A majority of web-page images are JPG, and not having an exception for that causes many file to be scanned, slowing down display of web-pages (especially on older computers).

What are your thoughts?

DavidR · « **Reply #1 on:** March 21, 2011, 01:26:39 AM »

Because .jpg files are targets of malware and need to be scanned to prevent exploits/malware.

Lars-Erik · « **Reply #2 on:** March 21, 2011, 02:51:01 AM »

So when Microsoft says they have "plugged" that hole in Windows, they are not telling us all?
I thought that error had to do with something overflowing and then triggering something inside the file.
Normal web-browser and image-programs don't execute anything inside a file.
Can you say a bit more about how a JPG file causes a threat still now?
(please be technical if you need to, I am a programmer, so Iæll try to understand :-)

DavidR · « **Reply #3 on:** March 21, 2011, 03:04:17 AM »

There are still exploit attempts regardless of what MS tells you. Code can be placed at the end of a jpg file which can be executed, try to redirect you to a malicious site, etc.

doktornotor · « **Reply #4 on:** March 21, 2011, 03:07:09 AM »

Also assuming that users regularly patch their Windows does not exactly match reality. See all the people with XP SP2 here.

Lars-Erik · « **Reply #5 on:** March 21, 2011, 03:18:36 AM »

Quote from: doktornotor on March 21, 2011, 03:07:09 AM

Also assuming that users regularly patch their Windows does not exactly match reality. See all the people with XP SP2 here.

Know that :-)
But for those who DO update their systems.
Is JPG still a risk for those today?

DavidR · « **Reply #6 on:** March 21, 2011, 03:20:37 AM »

Read my last post again, there are examples of such redirection in the viruses and worms forum if you search.

doktornotor · « **Reply #7 on:** March 21, 2011, 03:27:26 AM »

Quote from: Lars-Erik on March 21, 2011, 03:18:36 AM

But for those who DO update their systems.
Is JPG still a risk for those today?

GDI+ is notoriously buggy. E.g., looking at the "impressive" list of affected SW at http://www.sophos.com/support/knowledgebase/article/64693.html I seriously doubt that MS will ever learn. Also note that MS09-062 covers WMF, PNG, TIFF, BMP...

MS has been fixing this thing over and over again.

Lars-Erik · « **Reply #8 on:** March 21, 2011, 10:16:46 PM »

But avast! had exceptions for PNG and GIF as standard.
Should they be removed as well (can PNG and GIF also contain code)?

DavidR · « **Reply #9 on:** March 21, 2011, 11:13:54 PM »

I bow to avast's greater knowledge of these matters and would tend to leave the default settings. If they became a target which could be exploited no doubt they would be removed.

Author Topic: MIME types exceptions in Web-shield (Read 5284 times)

Lars-Erik

MIME types exceptions in Web-shield

DavidR

Re: MIME types exceptions in Web-shield

Lars-Erik

Re: MIME types exceptions in Web-shield

DavidR

Re: MIME types exceptions in Web-shield

doktornotor

Re: MIME types exceptions in Web-shield

Lars-Erik

Re: MIME types exceptions in Web-shield

DavidR

Re: MIME types exceptions in Web-shield

doktornotor

Re: MIME types exceptions in Web-shield

Lars-Erik

Re: MIME types exceptions in Web-shield

DavidR

Re: MIME types exceptions in Web-shield