undefined | Better HN

0 pointsgeofft4y ago0 comments

Er, doesn't that assume that the mp4 files on your hard drive can't genuinely be infected with viruses? Why is that assumption true?

0 comments

Xylakant4y ago

Especially given how common media files are as an attack vector.

gruez4y ago

Are they? Compared to other forms (eg. trojans or browser/os 0days) they're not really common. I suspect you have a better chance of getting infected from a site asking you to download a "codec", than you have of the site serving you a malformed media file.

Xylakant4y ago

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jpeg returns 390 results. And that’s jpeg alone. It’s fairly common that you see some sort of media file format parsing bug to lead to command execution.

1 more reply

anthk4y ago

pledge(4)ing an image or video viewer under OpenBSD doesn't look difficult at all.

Also, you can convert your PNG images to Farbleld (+.gz | +.xz) without losing quality.

And the farbleld image format it's more difficult to exploit.

geofftOP4y ago

I think running pledge(2) on Windows is quite difficult. :)

(At least, I'm assuming the question here is "What should Windows Defender do?" I agree that the answer to "What should OpenBSD's built-in antivirus do?" is "Literally not even exist," which it already does.)

j / k navigate · click thread line to collapse

0 comments

Xylakant4y ago

Especially given how common media files are as an attack vector.

gruez4y ago

Xylakant4y ago

1 more reply

anthk4y ago

pledge(4)ing an image or video viewer under OpenBSD doesn't look difficult at all.

Also, you can convert your PNG images to Farbleld (+.gz | +.xz) without losing quality.

And the farbleld image format it's more difficult to exploit.

geofftOP4y ago

I think running pledge(2) on Windows is quite difficult. :)

j / k navigate · click thread line to collapse