A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Can .zip files have malware _in their structure_?



 
 
Thread Tools Display Modes
  #16  
Old January 31st 20, 02:21 PM posted to alt.windows7.general,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Carlos E.R.[_3_]
external usenet poster
 
Posts: 1,356
Default Can .zip files have malware _in their structure_?

On 31/01/2020 03.21, VanguardLH wrote:
"J. P. Gilliver (John)" wrote:


....

When document is trying to open a site:
Use Trusted/Untrusted List

Javascript
Enable Javascript Actions = DISABLED

ZIP itself has none of this security stupidity. Not all PDF viewers
give you these security options, while some just don't support those PDF
"features". There are no automatic "features" in a .zip archive file.
It's just a file with database structure with records.


The archiving program could have a feature that as you hover over a file
name, it opens a quickview of it.

You would have
to extract and run something inside the .zip file for anything to
happen. Any vulnerability to the ZIP format would be in whichever
viewer you use.


That.

....

--
Cheers, Carlos.
Ads
  #17  
Old January 31st 20, 03:04 PM posted to alt.windows7.general,alt.comp.os.windows-10,microsoft.public.windowsxp.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Can .zip files have malware _in their structure_?

"Carlos E.R." wrote:

The archiving program could have a feature that as you hover over a file
name, it opens a quickview of it.


Which is why I mentioned an archive viewer that shows thumbnails of
image files within the archive could expose a vulnerability in whatever
is the handler to render those thumbnails. Plus, to show a thumbnail of
an image file in an archive means having to first extract it, so some
viewer could show it. After all, while inside the archive, an image
file is no longer an image file. It is encoded using whatever archive
format you choose along with whatever compression level you choose and
is a record in a database. That record would have to get extracted to
be in a file in a format understood by an image viewer. The bits inside
the archive are no longer an image, even if you don't compress.
Extraction, as you mentioned even if automatic, is when malware could
become enabled depending on what handler actually opened the file.

7-Zip doesn't preview image files within the archive. Peazip looks like
it does (https://www.peazip.org/screenshots-peazip-1.html), except that
is when using its more modern GUI as a file manager (i.e., you enable
the thumbnail view in Peazip, but are looking at image files in the OS
file system, not inside an archive). When I created a .zip file
containing image files, and opened it in Peazip, it would not extract
(to temporary folder) the image files to then show a thumbnail for them.
It showed a generic image icon for the image files within the archive.
  #18  
Old January 31st 20, 06:59 PM posted to alt.windows7.general,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Carlos E.R.[_3_]
external usenet poster
 
Posts: 1,356
Default Can .zip files have malware _in their structure_?

On 31/01/2020 15.04, VanguardLH wrote:
"Carlos E.R." wrote:

The archiving program could have a feature that as you hover over a file
name, it opens a quickview of it.


Which is why I mentioned an archive viewer that shows thumbnails of
image files within the archive could expose a vulnerability in whatever
is the handler to render those thumbnails. Plus, to show a thumbnail of
an image file in an archive means having to first extract it, so some
viewer could show it. After all, while inside the archive, an image
file is no longer an image file.


I was thinking of previews of any file contained in the zip archive, no
matter what. Can be an office file, for example. No, I do not know any
zip archiver that does this, but there might be one.

It is encoded using whatever archive
format you choose along with whatever compression level you choose and
is a record in a database. That record would have to get extracted to
be in a file in a format understood by an image viewer. The bits inside
the archive are no longer an image, even if you don't compress.
Extraction, as you mentioned even if automatic, is when malware could
become enabled depending on what handler actually opened the file.

7-Zip doesn't preview image files within the archive. Peazip looks like
it does (https://www.peazip.org/screenshots-peazip-1.html), except that
is when using its more modern GUI as a file manager (i.e., you enable
the thumbnail view in Peazip, but are looking at image files in the OS
file system, not inside an archive). When I created a .zip file
containing image files, and opened it in Peazip, it would not extract
(to temporary folder) the image files to then show a thumbnail for them.
It showed a generic image icon for the image files within the archive.



--
Cheers, Carlos.
  #19  
Old February 2nd 20, 10:16 AM posted to alt.windows7.general,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Adrian Caspersz
external usenet poster
 
Posts: 21
Default Can .zip files have malware _in their structure_?

On 30/01/2020 14:31, J. P. Gilliver (John) wrote:
In message , Paul



This is safer, but could be used to hide an executable
inside, such as README.txt.exe for usage on machines
that have "show file extension" turned off. It still
requires the user to double-click on README.txt.exe, when
they see README.txt on the screen, but the full filename
is not displayed in File Explorer.


Agreed.

There can still be perils associated with the format
that way, which are "normal perils" for a "platform with
a bad default for its file explorer program". Displaying
the extension should *never ever* be turned off. Just as


Totally agree. I'm amazed MS still (AFAIK) have that default (on W10 as
well as all previous); whatever one may think of their current morals, I
would have thought they'd have changed that one by now - I can't see how
it _benefits_ them not to have changed it.


Having file extensions displayed apparently scare the non-technical,
which is why they are turned off. There used to be times where such
folks would accidentality edit one of those and the file would not open,
causing weeping and gnashing of teeth.

--
Adrian C
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 02:57 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.