exe as data exchange format for download on an insurance Web portal - is it security issue?

Posted on 2011-10-26
Last Modified: 2012-05-12
Hi experts,

we support a web portal for a big insurance company. There is a functionality there, that lets some internal department upload a files (some sell statistics, etc.) for external clients and partners.
This department use different formats for it and started to use the selfextracting winrar archives of some .PDFs with .exe extention. The .exe are secure, as they are prepared inside the company.
The reason was to give the external users without archive programms to get the data easily.

Is it a security issue, using .exe as exchange format for downloads on a Web portal?
If yes, what problems may it cause? Is it probable, that Web portal will be seen as 'unsecure' from some firewalls / antivirus programms?

In Wiki is mentioned, that:
"The main downside of self-extracting archives is that running executables downloaded from the Internet may pose a security risk... ", but it address more private users, not a

The company doesn't have a rule about it yet, so we have to describe reasons, why it is (or is not) a security problem.

Thanx in advance.

Question by:inversojvo
    LVL 60

    Accepted Solution

    Actually how do we even know that the upload is legitmate exe. from the user? Imagine the case a infected machine using current login session to upload other exe and user is not aware. Is there content filter to check the exe really is containing pdf or document only? The point is exe is typically restricted format for such portal access as the portal can become a malware propagation repository. We try to avoid it and in yoir case it need not be self extracting exe, can be zip only.

    The portal would typically be screened btw firewall and even content filter like bluecoat  to scan malicious known threat data. If there is none of it, safeguard is relying on user machine uploading but yoi cannot control or inspect them prior to access, of course there is soln but add in further health check that can be another phase of improvement. But even then if zip is pasword protect, no scanner can check for malware. So ideally dont even allow active content where possible. Go for document format, access control the receipents, content filter with av check like what email engine on attachment.

    just some quick thoughts

    Author Comment

    Thank you for your quick thoughts, breadtan!

    the uploaded files are uploaded only from some persons from an internal department and the content is availalbe only for registered users (several thousands, perhaps).

    Are there more such scan services like bluecoat and what happens normally in a case, if the web-site is found containing malware files? Are there smth. like 'black lists' with such URLs?
    I mean is there a risk, that the company image is damaged in a result?

    LVL 60

    Expert Comment

    Typically the content filter based on policy can alert and quarantine the data, not lettong it pass through. The log will have this event recorded if desired.

    There is definitely other services beside bluecoat such as those stated in link below
    LVL 60

    Expert Comment

    Blacklist url are available and normally typically from bad dns link. Check out this

    Of course it can also be the blacklisting of ip address but that itself is not reliable since addresses are dynamic from internet and changing always. Blacklisted dns is common which minimally stop rogue source. Another means is via reputation services subscription which AV folks are big time with it. E.g trend micro has file filtering services

    Author Closing Comment

    Thank you!!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now