|Subject:||Important...Interesting...Danger behind some file types ??|
|Posted by:||EDU (_ED…@discussions.microsoft.com)|
|Date:||Wed, 15 Nov 2006|
I have played with Windows XP professional for some time and I see that some
Microsoft applications such as Outlook Express and MSN / Windows Live
Messenger flags many file types as 'dangerous' because it could contain some
kind of code that could somehow compromise the system such as .EXE .SCR .BAT
.COM .SCR .PIF .HTA .VBS .JS .HLP .CHM .REG .INF and many others.
at each one it is clear that it can compromise the system via executable
code eg. EXE BAT COM PIF SCR or some kind of script code, eg. in HLP, HTA VBS
and JS files.
Now my question... why do they also flag .URL and .SCF files as dangerous ?
I searched everywhere on those files structures and how they are 'scripted'
but didnt find anything that could directly compromise the system. the URL
file (internet shortcut can do the same, if not less then an HTML file but
HTML files are not flaged as dangerous. in URL files you can assign any
shortcut u want or execute local files using 'file:///' protocol, but with
HTML it is also possible to display the content of an arbitrary external
website via IFRAME tag and execute local files using the OBJECT tag. so I
wonder why URL files are dangerous and blocked ??
also .SCF files why they are dangerous?...Microsoft provided very little
documentation on these files but the most 'harm' it can do is minimize all
opened windows hehe. so I would really appreciate if someone, perhaps some
Microsoft security professional gave me some light here. By the way a
specially crafted desktop.ini file can be much more dangerous but .INI files
are not flagged or blocked.
Also something tricky with INF files. If you download an INF file and open
it, Internet Explorer warns asking if you really want to execute the
'software'. Why is that if the INF file has the default OPEN command set to
notepad.exe. (double clicking the file opens it in notepad). To install it,
it should be right-clicked and select install. So warnings should only go to
the 'INSTALL' command, this way it would not confuse users or give a false
alarm of 'danger'.
thanks very much in advance and hope to hearing from someone soon :)