Anúncio de YeahNoah

Fórum

 

13 posts

How do I know a font does not have a virus?

19/02/2013 às 01:14

I'm just worried.


19/02/2013 às 01:40

Downloading it always from DaFont... not from other crappy sites...

Editado em 19/02/2013 às 01:41 por rocamaco


19/02/2013 às 07:51

not from ♦other♦ crappy sites... which implies ...


19/02/2013 às 09:57

To be active, a virus need to be executed, from an exacutable file, a file that include program or macro or the boot of a file system.

Font don't include this possiblities.
To my knowledge, font can't be infected with a virus (like all files) but can't transmit a virus because this virus can't be activate.


19/02/2013 às 11:04

If you're that worried, have an antivirus software check your files.


14/01/2016 às 07:25

Menhir disse  
To be active, a virus need to be executed, from an executable file, a file that include program or macro or the boot of a file system.

Font don't include this possiblities.
To my knowledge, font can't be infected with a virus (like all files) but can't transmit a virus because this virus can't be activate.

Ah, actually, a true type font can contain a virus and one that directly exploits vulnerabilities in the Windows Kernel. Take a look at https://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kernel/101263/ which states:

"Attacks like these are executed via an embedded malicious font file dropped into an Office document, such as a Word file. Once the user opens the malicious file—delivered either via a spear phishing email or over the Web—the exploit targets a vulnerability in kernel-mode drivers that improperly handle malicious TrueType font files."

So the question remains for dafont: Do you actively inspect your fonts for malicious code in your fonts?

G.


14/01/2016 às 09:10

Just to make sure I understand this correctly (because it's still early and the coffee hasn't kicked in yet) it concerns the case where someone embeds a corrupt font into an Office document, and hopes for someone else to open the document, am I right? So, it means that the font file itself won't work correctly if some lines of malicious code are being added to "it", right?


14/01/2016 às 15:23

gstunts disse  
"Attacks like these are executed via an embedded malicious font file dropped into an Office document, such as a Word file. Once the user opens the malicious file—delivered either via a spear phishing email or over the Web—the exploit targets a vulnerability in kernel-mode drivers that improperly handle malicious TrueType font files."

Said the virus is in the Word file, not in the TTF or OTF.
So, I confirm : a virus can't be in a font file because a font file is not executed (it' only read) and a virus can be activated.
A TTF file can only be damaged by a virus but not transmit a virus.

Editado em 14/01/2016 às 15:45 por drf_bot


14/01/2016 às 17:11

As Menhir already wrote 3 years ago, a font file can not contain a virus as a font file is a passive file.

A virus can only activate itself when included in an executable (exe) file.

It is always worthwhile to read before asking the same thing all over again.


14/01/2016 às 19:24

usually with avasy you know if there is a virus or not


15/01/2016 às 03:14

gstunts is correct. don't shoot.


04/12/2020 às 22:24

koeiekat disse  
As Menhir already wrote 3 years ago, a font file can not contain a virus as a font file is a passive file.

A virus can only activate itself when included in an executable (exe) file.

https://security.stackexchange.com/questions/123131/how-to-detect-suspicious-content-in-a-truetype-font-ttf-font-file

TTF format includes executable "hinting" code. <sarcasm>Of course! Microsoft invented the format.</sarcasm>
Simply displaying the font executes the code. You could strip all the hinting code - but then it would likely not be any good.


27/11/2022 às 08:29

Yeah it totally depends on what happens with this font, if the OS has a vulnerable component that just happens to "preview" the font to you and the font is designed to exploit that "feature"...well bad things can happen.

Editado em 27/11/2022 às 23:59 por frd



Todos os horários são CET. Agora são 10:25


 
Política de Privacidade  -  Contato