I see in the exceptions section for the Web-shield that there are exceptions for video/* and audio/*, but for image there are only exceptions for image/gif and image/png, and not for image/jpg.
I guess this is because code could be hidden inside a JPG-image that would execute on Windows.
But wasn’t this threat fixed in a Windows-update some time ago?
Is there danger adding image/* to the exception list now?
A majority of web-page images are JPG, and not having an exception for that causes many file to be scanned, slowing down display of web-pages (especially on older computers).
So when Microsoft says they have “plugged” that hole in Windows, they are not telling us all?
I thought that error had to do with something overflowing and then triggering something inside the file.
Normal web-browser and image-programs don’t execute anything inside a file.
Can you say a bit more about how a JPG file causes a threat still now?
(please be technical if you need to, I am a programmer, so Iæll try to understand
There are still exploit attempts regardless of what MS tells you. Code can be placed at the end of a jpg file which can be executed, try to redirect you to a malicious site, etc.
GDI+ is notoriously buggy. E.g., looking at the “impressive” list of affected SW at http://www.sophos.com/support/knowledgebase/article/64693.html I seriously doubt that MS will ever learn. Also note that MS09-062 covers WMF, PNG, TIFF, BMP… : MS has been fixing this thing over and over again.
I bow to avast’s greater knowledge of these matters and would tend to leave the default settings. If they became a target which could be exploited no doubt they would be removed.