I literally lose interest over the 250-word mark. If that happens it is a for-real tl;dr from me and not a cop-out. I even annoyed MYSELF by going slightly over 250 with one of my own replies.

Whether the commenter is correct or not doesn’t matter because any point made was totally lost for waffling.

And it’s true, I get no respect.

You’ve been completely schooled by more than one commenter and your reaction is to behave like a YouTube poster? With silly half relevant links?

There is a huge difference in saying you “might be wrong” in an opinion piece to actually saying “I was wrong.”

By the way, I watched an Mp4 earlier, so make sure you don’t open this post.

Loved your trying to “tl;dr” yourself out of a lost cause argument, like a petulant teenager!

Keep it up, you might attract more readers. But no respect, trust me.

Posted this morning. States I could be wrong directly in the article. Twice.

Rich, nothing personal, but as you advance in your professional career, I would hope that you would take the time to at least consider that you are wrong sometimes. We all are. Failing to keep an open mind and making corrections for incorrect assumptions is a fast track to failure, and in the case of writing, ridicule.

Just saying.

But to clarify a couple of points:

a) I know how browsers work .. I think we talked cross-purposes here. The video itself does not have malicious code in it, they can’t contain executable code. What they do is simply make reference to a fake codec, then ask you to visit blahblah.com to download and retrieve it. Of course, once you have landed on that site, you’re already hit with the nasty. My browser point is this, if your malware filter is any good then the best a dodgy video can do is send you to a website that is blocked.

b) Oh just drop the Symantec bashing. It’s not 2002 anymore, they’re bleugh at worst, and their threat centre is pretty much the same.

c) “opening video files via youtube” is not the same as opening the file you might want. It’s at least transcoded another time … and more than that you are adding an unnecessary workload (which might read visit site>subscribe>confirm>upload>wait processing>send …) to the person wanting to send you the video, all so you can sit behind your imaginary wall of solitude.

You say I blab about ancient holes in software … well you know all the macro viruses that you cry about are essentially exploiting said holes? As with the PDF? And, for the most part, your video formats? Can you not see the hypocrisy? The viruses that you cower behind your elaborate workflows from are no more a threat to an updated system than the JPEG exploit. Bar, of course, the EXE / ZIP argument.

“I couldn’t care less how many people like you say it wastes time to open files using alternative means or not open them at all, because it’s more important to me to stay secure rather than open a file that compromises my system…”

You know, I can vaguely agree with you. But here is the point once more, there is no threat (at least no-more than can be had from day-to-day web browsing). The sad thing is, you don’t see it.

Surely what you are doing here is trying to exercise best practise, and avoid any potentially unpatched holes, that a new virus might wander thru, via a DOC or whatever. But, that could quite frankly leave you with *any* vector of assault to cover (the JPEG hole was VASTLY effective because it was unexpected – there is nothing to stop the same happening to your “safe” file formats – in particular the MP3) .. and you’re back to just opening files from people you trust, with known content. Do you not see?

Anyway .. if you want to live the life of a simpleton (this bad, this good) then go ahead. Hopefully anyone reading this is more keyed in to practicality and will actually perform a threat assessment, which is frankly both quick and easy.

I never said phishing attacks were irrelevant.

There is no video that is loaded exclusively by the browser alone and that’s why phishing filters don’t filter them out, genius. When the browser encounters a video file it will pass by known extension (.AVI, .WMV, .MOV, etc.) to the appropriate application be it embedded within as a plugin in-browser or as an app outside the browser. Once the file is opened by its respective app, that’s where the scripting/redirecting happens and not before and that’s why the phishing filter doesn’t pick it up first. If you knew anything about browsers you’d understand that.

However, as I said in the article in very plain English, if you open these files using alternative means such as YouTube, never will you encounter any redirects or malicious code.

If you want to continue to blab away about trusted users that still send infected files regardless, ancient holes that were patched 5 years ago, horrible anti-virus products that are near-impossible to uninstall and so on, go right ahead. If it makes you feel better to spout that crap out, whatever. I’m not the boss of you.

I couldn’t care less how many people like you say it wastes time to open files using alternative means or not open them at all, because it’s more important to me to stay secure rather than open a file that compromises my system, period.

Anyhoo..

There is a serious lack of logic in your argument. You state phishing attacks are irrelevant because there are filters? Shouldn’t that make viruses irrelevant because AV is a filter? AV screening is about 98-99% effective, whereas I have only had Google / firefox block a handful of the sites that I visited **that I knew were bad** to test the filter. It’s a seriously weak effort, blocking only the most virulent sites.

I know the JPEG hole is fixed, I mentioned it to show how your black/white policy is flawed, exceptions to the rule wreak havok. You simply cant say “all this is always bad” and “all this is always ok” and leave it at that. The policy of actually saying WHY is how people learn. But then we wouldn’t need blogs like this, would we?

Email clients don’t block images from all senders .. not when almost everyone allows them from known senders (the kind hijacked). I use a HTML image tracker in bulk emails and somewhere between 70-80 of emails opened load HTML images. Even when there are no actual images to be “unblocking” I see upwards of 30%.

You say “Trusted users cannot be trusted with attachments using file extensions known to harbor viruses and malicious code, period. To believe otherwise is to be a fool.”

And you know what? I agree!! What we disagree on is your threat assessment of a DOC / XLS / MOV file, which, and I will say it again, CAN HAVE THE VULNERABILITY TURNED OFF! And the PDF virus, like the JPEG, is closed. Please, if you are going to swing that big hammer of damnation, do it fairly across the board. Where, pray tell, is the AVI? Much more vulnerable than a MOV.

Finally, the vulnerabilities in the movie files, are forced redirects / links to infected websites for a good ol’ driveby. If your magical corbomite browser filter was any good, then movie files are also safe. Not to mention, that by the time they have propagated on P2P A/V signatures are more than a match.

I didn’t say enterprise shouldn’t be able to open standard office suite extensions. They can because they have a person like you to fix it; it’s part of your job. The rest of us don’t have I.T. employees at the ready.

Trusted users cannot be trusted with attachments using file extensions known to harbor viruses and malicious code, period. To believe otherwise is to be a fool. Murphy’s Law will eat you for breakfast with that line of thinking.

The JPEG exploit you mention was a problem 5 years ago and fixed: http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx You might want to try something a tad more recent. And BESIDES WHICH, all webmail providers *and* mail clients auto-block images even for all senders and detect malformed JPEG images automatically. HTML-based mail is also auto-filtered on arrival. Your example is old and was taken care of ages ago on all fronts.

You trust the same guys that brought us the dreaded Norton Security Suite.. the same one that proved almost impossible to uninstall – so much so they had to release a removal tool. Symantec can go pound sand.

Per your “drive-by download” point, phishing filters are in all major browsers now. I don’t have to write an article on it because the issue has already been addressed.

If you suggest that any workplace shouldn’t be opening DOC / ZIP / PDF or XLS files then I worry, I do. Even if you do open it in Google docs first then the macro virus (if present) will not be detected, leaving that doc in badly supported purgatory. The vastly preferable option is just to disable macro! Then your DOC and XLS files are safe to open.

Now, here is where the problem lies. I openly accept that P2P videos are dodgy .. but the voodoo I refer to is one of these videos magically infecting another, safe, video.

Telling users to accept email attachments that are EXPECTED+From a trusted source is the only way to go.

Take this scenario:

Jane records a video of his daughter to send to Bob, who is working overseas. Their camera makes a MOV file. She speaks to him on the phone, and tells him that she is sending it. Bob, on receiving this, should NEVER consider this a virus .. because the chance of it being so is so close to zero it’s silly.

Take this scenario:

Bob is at work. He receives a video file that is apparently in an email from Jane. The email certainly doesn’t look like her usual style… where is the love? This, is where caution should be exercised.

Now, I’m not suggesting people open anything, but telling people to tip toe around their online lives for fear of virus attack is silly, and takes the joy out of computing. This is what leads people to be too scared to do anything because it might break.

Ironically, you suggest that HTML email and JPEG images are fine. What!? You know that a JPEG header was a very famous virus exploit, right? And you know most malicious redirects and tracking is done in HTML, yes? Other than EXE files these two are the most dangerous.

This, above, is the danger of your silly black and white policy. It’s never that simple. Danger is based on content and intent, and NOT form. You need to tell users to assess what they are looking at, not check it against a list that is in-exhaustive, and frankly inaccurate.

The best policy, by leap years, is a good training on these basics and (frankly) regular disk imaging to wipe it back if it happens. As of yet, this has only been required for a major installation f**k up on a set of creative drivers.

Viruses by email attachment are a dying threat. Ask Symantec. Take a look at the top 25 virus threats and count how many are arriving by email .. it insignificant. Where is your article on drive-by downloads and malware infested websites, the real threat?