[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: C file recoginzed as image file

From: Stephen Leake
Subject: Re: C file recoginzed as image file
Date: Tue, 09 Jan 2007 08:07:11 -0500
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (windows-nt)

Richard Stallman <address@hidden> writes:

> In nearly all cases, the result of displaying an image file is an
> image on your screen.


> Your conclusion is based on two assumptions: that (1) there is a bug
> in a library and (2) the image file has a virus specifically designed
> to take advantage of this bug and cause trouble in Emacs.


> Assumption 1 may be true occasionally, but it will be false nearly
> all the time.

"occasionally" here does not refer to the number of images viewed, but
the number of libraries used. There are only a few of those (maybe
10?). So if one of them has a bug, that's 10%.

> Assumption 2 is not impossible, but we don't know that anyone will
> actually do it.

Yes, we do; there are examples of real viruses that do exactly that.

Hmm. Not including the "cause trouble in Emacs" part; just causing
trouble on the computer is the intent of the virus. Emacs is just the
user interface to the image library in this case.

The point people have been making is that these real viruses use a
file extension that is _not_ an image file extension, in an attempt to
fool the reader into getting infected.

You are correct that using the file extension alone to determine
whether the file is an image is not fool-proof.

But a heuristic that says:

"if the file extension does not match the contents, it is more likely
that this is a virus attack"

is useful. That is what is being proposed here.

-- Stephe

reply via email to

[Prev in Thread] Current Thread [Next in Thread]