Page 1 of 1

[Discussed] Security from remote data files

PostPosted: 2018-01-30 05:54
by makh
Hi

According to:
https://www.bleepingcomputer.com/forums/t/574487/is-it-possible-for-a-virus-to-be-embedded-in-a-image/

And a message for android safety:
Gif may contain code for scripts, malware or data stealing...


Please inform that when we download any file from any server or link, will it be a security threat to our linux system?

Thankyou

Re: Security from remote data files

PostPosted: 2018-01-30 07:00
by bw123
makh wrote:Hi

Gif may contain code for scripts, malware or data stealing...


Please inform that when we download any file from any server or link, will it be a security threat to our linux system?

Thankyou


Imagine how secure your house would be if it had no doors or windows? Nothing could get in easily. That would be impractical, because you yourself could not get in and out, or store/remove items.

Now if you install a window, a door, or a tunnel under the house, bringing items in, (or the items themselves) isn't the "threat," it is people being *aware of the ways to enter.

I do seem to recall some issues that have popped up over the years from .gif files. You can probably look up compuserve, cshow, gif header, and things like that for more info.

I think it is very interesting how images are misused on the internet. They are often not used as images, often you never see them. They can inform others of the location of your house, and the tunnel, door, or window.

Re: Security from remote data files

PostPosted: 2018-02-01 18:01
by makh
So an application in debian or linux or android may not be spam safe, if the file we open is from untrusted or bugged source.

Re: Security from remote data files

PostPosted: 2018-02-01 19:19
by n_hologram
Can you mark this as "solved"?

Re: Security from remote data files

PostPosted: 2018-02-03 08:37
by makh
n_hologram wrote:Can you mark this as "solved"?

Hi
Sir! having a solution to a problem, means: Solved.
So it is still a pending issue.
If you want, I can consider closing it with <Discussed>...?
Thankyou

Re: Security from remote data files

PostPosted: 2018-02-03 08:59
by steve_v
makh wrote:Please inform that when we download any file from any server or link, will it be a security threat to our linux system?

On any system, downloading and running an executable from an untrusted source is a security risk.
If the application handling it has security flaws, opening a non-executable file from an untrusted source may also be a risk.
Install software updates and don't download stuff, especially executables, from dodgy sites. This is not Debian or Linux specific, just good computing practice.

makh wrote:So it is still a pending issue.
And it will continue to be so as long as the internet exists. Unless you want to live in a <insert proprietary vendor> walled-garden and only use approved content.

Now can we mark this silly question as solved?

Re: Security from remote data files

PostPosted: 2018-02-03 17:26
by makh
steve_v wrote:...
Now can we mark this silly question as solved?

Not all are Post Doctorate in Linux, like you.


---

I suppose theres a solution, easily possible.

Re: [Discussed] Security from remote data files

PostPosted: 2018-02-03 18:22
by bw123
makh wrote:I suppose theres a solution, easily possible.


If the problem is, "Networked computers are vulnerable to security threats," then No, there is not an easy solution.

If the problem is specifically how to ensure downloaded images are okay, then maybe something like this http://virusscan.jotti.org/en

I don't know if it works on image files. I haven't used jotti in a long time but it might help you.

Re: [Discussed] Security from remote data files

PostPosted: 2018-02-04 03:25
by makh
bw123 wrote:....
If the problem is specifically how to ensure downloaded images are okay, then maybe something like this http://virusscan.jotti.org/en
...

Hi
I will try it ... I hope it is helpful.
It looks like a remote feature only...
Thankyou