iuhh
asked on
security of CHM files
I saw many CHM e-books floating around the internet lately, and I worry that these might become a new form of worm carrier... so -
Just wondering, does Windows have any security measures for the CHM help files? I know that some scripts can execute from inside a CHM file (they are essentially HTML after all), but what security level was it ran on? Does the anti-virus softwares checks the content of CHM files (since it is compressed)?
I guess many people would benifit from these information, many thanks.
Just wondering, does Windows have any security measures for the CHM help files? I know that some scripts can execute from inside a CHM file (they are essentially HTML after all), but what security level was it ran on? Does the anti-virus softwares checks the content of CHM files (since it is compressed)?
I guess many people would benifit from these information, many thanks.
ASKER
Thanks for the information. Since a script can run inside a chm, I think just about all script worms/virus can be embedded into one of those files. I am actually more interested in the security restrictions that was placed around those scripts, e.g which security zone (Web Content Zone) are they running in? how to place more restriction around chm files?
I figure that chm was possibly not considered as a potentially harmful file like exe so won't be blocked by email clients defaut, is that corrent?
Damage can possibly be minimized if the infected chm were viewed in a restricted account, but on many occations it will be the developers who needs those chm files for references, and developers tend to use privilaged accounts unfortunately. Is there a good security solution for such a problem? Does the current antivirus softwares (Norton, McAfee, Panda... or whatever) check inside a chm file?
Many thanks again.
I figure that chm was possibly not considered as a potentially harmful file like exe so won't be blocked by email clients defaut, is that corrent?
Damage can possibly be minimized if the infected chm were viewed in a restricted account, but on many occations it will be the developers who needs those chm files for references, and developers tend to use privilaged accounts unfortunately. Is there a good security solution for such a problem? Does the current antivirus softwares (Norton, McAfee, Panda... or whatever) check inside a chm file?
Many thanks again.
You wrote: Does the current antivirus softwares (Norton, McAfee, Panda... or whatever) check inside a chm file?
I believe that they can be set to check all file extensions. However, be aware that they will only detect a virus if they already have its signature. So they will miss any custom trojans.
Methods exists to get CHM files to execute arbitrary commands and code.
I believe that they can be set to check all file extensions. However, be aware that they will only detect a virus if they already have its signature. So they will miss any custom trojans.
Methods exists to get CHM files to execute arbitrary commands and code.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.wanadoo.com.lb/virus/default.asp?language=2&virus=4
you need to check for viruses and their removal instructions
http://www.bullguard.com/antivirus/vit_breetnee_b.aspx
Sunray