>Another problem is with unsafe PostScript interpreters, since many
>people set up their browser to invoke a PostScript viewer automatically
>on downloaded PostScript files ( ie. <A HREF=virus.ps>View Report</A> )
...Or just about anything that is a higher-level language.
You can pull down MS-Word .doc files via Netscape on a PC and it
will invoke Word on them. There's a pop-up that says, "Warning,
this may be an unsafe interpreter..." win a check box saying, "don't
bother me with this again." -- I'm sure a lot of people check that
off. The problem is that you can't *TELL* if it's an unsafe document
or an OK one until you RUN it. For those that don't use Word, it
contains a complete BASIC interpreter, with file operations and the
whole bit.
Let's keep perspective, though: there are many more avenues
by which such nonsense can get to you, than simply over the 'net.
Solving this kind of attack is a difficult problem with potentially
intrusive solutions. [Before one of the "B1 is GREAT" crowd chimes
in and comments that if everyone ran B1 we wouldn't have this
problem: Give me a break.]
mjr.
Follow-Ups:
References:
|
|
