we support a web portal for a big insurance company. There is a functionality there, that lets some internal department upload a files (some sell statistics, etc.) for external clients and partners.
This department use different formats for it and started to use the selfextracting winrar archives of some .PDFs with .exe extention. The .exe are secure, as they are prepared inside the company.
The reason was to give the external users without archive programms to get the data easily.
Is it a security issue, using .exe as exchange format for downloads on a Web portal?
If yes, what problems may it cause? Is it probable, that Web portal will be seen as 'unsecure' from some firewalls / antivirus programms?
In Wiki http://en.wikipedia.org/wiki/Self-extracting_archive
is mentioned, that:
"The main downside of self-extracting archives is that running executables downloaded from the Internet may pose a security risk... ", but it address more private users, not a
The company doesn't have a rule about it yet, so we have to describe reasons, why it is (or is not) a security problem.
Thanx in advance.