Safe d/l of .wmv files???

[MB]

I use AVG antivirus s-ware.

There are times when I want to d/l .wmv files from a newsgroup.

I usually d/l them, save to disk, and then scan them before running them.

Is this the best way to do this. If a .wmv file is a virus, would AVG pick
it up while I'm d/l??

Suggestions to avoid problems (or is it just not to d/l at all?)?

Mel

 

[David W. Hodgins]

I use AVG antivirus s-ware.
There are times when I want to d/l .wmv files from a newsgroup.
I usually d/l them, save to disk, and then scan them before running them.

That will catch most of the older stuff, but won't catch new viruses or
trojans.

Is this the best way to do this. If a .wmv file is a virus, would AVG pick
it up while I'm d/l??
Suggestions to avoid problems (or is it just not to d/l at all?)?

The biggest danger, is hidden file name extensions. If the filename
is movie.wmv.pif, Microsoft knows you don't need to know this is really
an executable file, and will happily hide the .pif part of the file name.

See http://www.antichip.org/virusinfo/extensions.html, for info on how
to get windows to show the full file name. Note that you will have to
run regedit, and delete all of the entries with NeverShowExt. I suggest
doing this for all of the file types, that have it (use the find function
in regedit), rather then just .pif and .shs.

When you do want to open the file, it's safer to open the media player,
and use it to open the file, rather then double clicking on the file,
and letting M$ decide to execute the file, instead of using it as data.

Regards, Dave Hodgins

 

[harvey_s]

That will catch most of the older stuff, but won't catch new viruses or
trojans.


The biggest danger, is hidden file name extensions. If the filename
is movie.wmv.pif, Microsoft knows you don't need to know this is really
an executable file, and will happily hide the .pif part of the file name.

See http://www.antichip.org/virusinfo/extensions.html, for info on how
to get windows to show the full file name. Note that you will have to
run regedit, and delete all of the entries with NeverShowExt. I suggest
doing this for all of the file types, that have it (use the find function
in regedit), rather then just .pif and .shs.

When you do want to open the file, it's safer to open the media player,
and use it to open the file, rather then double clicking on the file,
and letting M$ decide to execute the file, instead of using it as data.

Regards, Dave Hodgins

Are there any anti-virus programs which allow direct checking for viruses
of clickable files for viruses without having to first download them to
the desktop, and then minimise the page you are on, and then call up the
desktop where you have to locate the file you want and then right click it?
It seems there should be a simpler more direct way.

Second question, if I may: Are any anti-virus programs especially well
suited for checking for viruses in compressed files - like zip files?

Harvey

 

[kurt wismer]

Are there any anti-virus programs which allow direct checking for viruses
of clickable files for viruses without having to first download them to
the desktop, and then minimise the page you are on, and then call up the
desktop where you have to locate the file you want and then right click it?
It seems there should be a simpler more direct way.

no, there is no simpler or more direct way than 'save file, select
file, scan file'... really, the only thing indirect or complex about
those 3 steps is the way you're performing them...

i gather you didn't like that answer the first time i gave it to you,
nor the simplification i suggested for the problems you've had finding
the file, but the fact remains that you can't scan things until they're
on your computer (saved) and once they're on your computer you either
scan the entire computer or locate where you saved the file and scan
just that...

well, if you still don't like the answer, feel free to ask again and
again and again (even though you'll probably get the same answer again
and again and again)...

 

[David W. Hodgins]

Are there any anti-virus programs which allow direct checking for viruses
of clickable files for viruses without having to first download them to
the desktop, and then minimise the page you are on, and then call up the
desktop where you have to locate the file you want and then right click it?
It seems there should be a simpler more direct way.

Most on access virus scanners will catch the attempt to execute a virus,
provided they recognize it. DON'T rely on it. Don't execute programs
from untrusted sources.

For data files, use the program/player to open the file, rather then
clicking on the file, as that may execute, rather then just open a file.

Second question, if I may: Are any anti-virus programs especially well
suited for checking for viruses in compressed files - like zip files?

Again, most should work fine.

Regards, Dave Hodgins

 

[Sugien]

Most on access virus scanners will catch the attempt to execute a virus,
provided they recognize it. DON'T rely on it. Don't execute programs
from untrusted sources.

For data files, use the program/player to open the file, rather then
clicking on the file, as that may execute, rather then just open a file.

Another thing is to make sure it is a reputable program; becaues it could be
something like my GraphicsExecuter program which althouth it will show
graphics, it will also run code contained withing the graphic. The graphic
remains a true real graphic that can be viewed in any other graphics
program; but when viewed using my custom viewer (GraphicExecuter) it can
execute code at the same time it is showing the graphic.


~Sugien

 

[FromTheRafters]

Another thing is to make sure it is a reputable program;

As far as .wmv files, it would seem that the "w" stands for
"Windows". So how reputable would that be considered?

.... even programs thought to be reputable can have flaws in
the way that they handle those data files. IIRC XP had a flaw
in the way it handled some mouseover or hover feature. It is
best to know what programs you use, and to keep up with the
bug reports for those programs.

becaues it could be
something like my GraphicsExecuter program which althouth it will show
graphics, it will also run code contained withing the graphic.

Such a trojan would be as powerful as its distribution. If it does
very well as a graphics program (like "Irfan View" does) and gets
wide distribution, it would be a rather simple matter to spam out a
graphic with the steganographically embedded code to a wide
audience and make the image a little too dark to be seen clearly
so that the natural human response would be to take it into their
favorite viewer (yours) to lighten up the image (whammo!).

The graphic
remains a true real graphic that can be viewed in any other graphics
program; but when viewed using my custom viewer (GraphicExecuter)
it can execute code at the same time it is showing the graphic.

....a good example of a trojan application, and dangerous because
it need not give itself away prematurely ~ good thing it is not as
good (or as popular) as Irfan View is. :O)

 

[Sugien]

As far as .wmv files, it would seem that the "w" stands for
"Windows". So how reputable would that be considered?

... even programs thought to be reputable can have flaws in
the way that they handle those data files. IIRC XP had a flaw
in the way it handled some mouseover or hover feature. It is
best to know what programs you use, and to keep up with the
bug reports for those programs.


Such a trojan would be as powerful as its distribution. If it does
very well as a graphics program (like "Irfan View" does) and gets
wide distribution, it would be a rather simple matter to spam out a
graphic with the steganographically embedded code to a wide
audience and make the image a little too dark to be seen clearly
so that the natural human response would be to take it into their
favorite viewer (yours) to lighten up the image (whammo!).


...a good example of a trojan application, and dangerous because
it need not give itself away prematurely ~ good thing it is not as
good (or as popular) as Irfan View is. :O)

Not as popular is a given; because of it being a POC;but making it into an
acceptably good graphics viewer with bells and whistles would not be that
hard, well that is if I were to want to invest the time needed to update the
code;o) even coding Lego style such things can be accomplished.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

Another thing is to make sure it is a reputable program; becaues it could be
something like my GraphicsExecuter program which althouth it will show
graphics, it will also run code contained withing the graphic. The graphic
remains a true real graphic that can be viewed in any other graphics
program; but when viewed using my custom viewer (GraphicExecuter) it can
execute code at the same time it is showing the graphic.


~Sugien

Maybe someday such malware as graphic appz that run embeded code too,
will be detected for the liability that they present.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on Fri, 2 Jan

...a good example of a trojan application, and dangerous because
it need not give itself away prematurely ~ good thing it is not as
good (or as popular) as Irfan View is. :O)

Irfan View wouldn't have risen to the level of respect and popularity it
has, if it had contained such a liability, nor would any popular
application that incorporated such a trojanized payload escape screaming
attention very long. If it ever (unlikely) becomes a concern, there's
always the open source "Gnu Image Manipulation Program" (GIMP).

 

[FromTheRafters]

In Message-ID:<[email protected]> posted on Fri, 2 Jan


Irfan View wouldn't have risen to the level of respect and popularity it
has, if it had contained such a liability,

...nor would many of Microsoft's products, but it seems that respect
and popularity don't always go hand-in-hand.

nor would any popular
application that incorporated such a trojanized payload escape screaming
attention very long.

True, especially with regard to this particular scheme. There are less
obvious vulnerabilities with which to trojanize applications though.

If it ever (unlikely) becomes a concern, there's
always the open source "Gnu Image Manipulation Program" (GIMP).

I think that that (open source) is the way of the future. )

 

[FromTheRafters]

Not as popular is a given; because of it being a POC;but making it into an
acceptably good graphics viewer with bells and whistles would not be that
hard, well that is if I were to want to invest the time needed to update the
code;o) even coding Lego style such things can be accomplished.

If I were to spend the time and effort to make such a graphics
program, I would be proud of enough that accomplishment
and would think that trojanizing the program was detrimental.

....but that's just me, I have no use for vandalism.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on Sat, 3 Jan

..nor would many of Microsoft's products,

MS products are rife with liabilities,
yet command a monopolistic popularity.

but it seems that respect
and popularity don't always go hand-in-hand.

One major difference is that IrfanView didn't get popular by its
superiority at eliminating competition, but by the intrinsic superiority
of its product's features.

From the IrfanView features list:
---begin---
Only one EXE-File, no DLLs, no Shareware messages like "I Agree"
or "Evaluation expired"
---end---

Lets see any MS viewer/player match that!