| Author |
 Topic Search  Topic Options
|
WebWiz-Bruce 
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
 Post Options
 Thanks(0)
 Quote  Reply
 Posted: 06 May 2008 at 4:19pm |
|
It is taken on a case by case biases, but generally as we do not know anything about 3rd party mods the mods would need to be re-applied by yourself.
However, and this is were the case by case biases comes in, is if possible if we can avoid overwriting the file or files that have been modified while making the upgrade we will.
If it is just a simple change that you require altering with your forum then often we will do this for you.
Each of our hosting clients has different requirements, which means that we are fairly flexible, and usually work out the best solution for each customer.
|
|
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 May 2008 at 4:25pm |
 pc_guru wrote:
I see reports that these Jpeg files with XML can crash some versions of IE. Does version 9.50 strip out the XML code?
|
No it doesn't strip out the Adobe XML although I personally do not like it, but some people like it as it can contain some extra information such as colouring and filters to make it simpler when you come to edit the image again in Photosohop. Apparently though you can tell Adobe Photoshop and other Adobe software not to add the extra XML information into the JPeg images. It would also be good if Microsoft could sortout IE's vulnerability that allows malicious scripting code to be hidden in image files as it would mean not having to scan images when they are uploaded. If IE opens an image file that contains malicious scripting code it will run the code!! Other browsers will not and just report that the image can not be displayed. I suppose it's just another reason to avoid running IE as it has more security holes than a lump of Swiss cheese.
|
|
|
|
billd3
Senior Member
Joined: 19 February 2003
Location: United States
Status: Offline
Points: 530
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 May 2008 at 4:30pm |
pc_guru wrote:
I see reports that these Jpeg files with XML can crash some versions of IE. Does version 9.50 strip out the XML code?
|
Good ole Adobe, maker of the second most un-secure software sold and software that crashes more browsers than anyone else. They are almost as arrogant as Microsoft, IMO. We constantly have security issues with their junk. This is but another example of "they know better" and forcing junk down our throats that we don't want. When you start adding $#@% (that's Iowan for JUNK) to files, the files grow in size and security risk. What ever happened to "images are images and contain no executable code that can be exploited" Sorry, end of rant. As a PC/network security person, I'm appalled at Adobe's lack of concern and "rule-the-PC-world by force" arrogance. Reminds me of another company tactics of years ago.
|
|
BillD
http://theamcpages.com
http://theamcforum.com
|
|
billd3
Senior Member
Joined: 19 February 2003
Location: United States
Status: Offline
Points: 530
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 May 2008 at 4:33pm |
|
At least Swiss cheese makes great sandwiches.......
Adobe should switch that OFF by default and err on the side of security. However, like their other products where embedded scripts are enabled by default.... it's a nightmare when managing in a business, government agency or corporate environment.
|
|
BillD
http://theamcpages.com
http://theamcforum.com
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 May 2008 at 5:04pm |
|
The code that Adobe puts into the images isn't actually malicious, but as malicious code can be executed in IE and as that is also scripting code it very hard to detect what is Adobe's extra information and what is some hackers malicious code out to get unsuspecting IE users. It makes it very hard to spot the difference, especially given that Adobe's XML can vary so much between images.
According to some virus vendors one in every thousand web sites is infected with malicious code, so hopefully having these filters for images will mean those sites running Web Wiz Forums won't be one of those 1 in a thousand.
|
|
|
|
billd3
Senior Member
Joined: 19 February 2003
Location: United States
Status: Offline
Points: 530
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 May 2008 at 5:21pm |
|
I can confirm that at least that number do.
You should see the hits our security software gets, from supposedly "safe" sites.......
Advertisers use underhanded methods, and news stations hire web people to design their sites, and they poke in these ads that install things. Also sites get hacked and in one case, years ago, I went to 3COMs web site and found an infected word document on their site.
I'm so thrilled that you take security so seriously! It's one reason we use your product for our forums. Trust.
|
|
BillD
http://theamcpages.com
http://theamcforum.com
|
|
123Simples
Senior Member
Joined: 08 July 2007
Location: United Kingdom
Status: Offline
Points: 1192
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 May 2008 at 5:25pm |
I read that Panda who had reviewed and tested, not only their own software but many other virus checkers, admitted that nearly a QUARTER of home computers with virus software installed were infected with malicious software. Even computers protected by Pandas own software failed their tests! Ummmmmmm  Admittedly this has gone off subject a bit, so please excuse me
|
|
|
|
