Hello,
I want to raise a concern about the potential proliferation of viruses via Wikipedia. I'm new to the list, so I apologise in advance if this has already been covered.
The fact that any user can upload practically any content to Wikipedia, via [[Special:Upload file]] is a potential risk. It is relatively easy to disguise a hostile executable as a document or other ''encyclopedic'' content. While it is likely to be speedy deleted when eventually caught, there is a realistic chance that a few people will download it and be infected. This may potentially be a legal risk to Wikipedia too, if a virus causes severe damage and some lawyer claims there was "negligence" involved.
An even greater concern to me is the JPEG GDI+ Buffer Overrun exploit announced by Microsoft on September 14th.( http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx ). This exploit theoretically allows code to be run in various Microsoft products, including recent unpatched versions of Internet Explorer, ***just by viewing a malformed JPEG image***. This is a far greater concern, because any anon can upload a JPEG - perhaps even link it at the main page - and quickly infect many users. Theoretically.
Water works its ways through any cracks it finds; as Wikipedia grows and trolls look for new ways to disrupt the community (and a-hole virus authors look for quick ways to distribute their product), this risk to Wikipedia will probably increase.
This problem isn't just academic; at [[Vandalism in Progress]] a user recently reported getting a JPEG GDI+ exploit warning flag from his software firewall, pointing to a Wikimedia address. Maybe a false alarm, but who knows?
What do people have to say about this issue? Are my concerns unfounded? (I want to re-iterate that I'm new to the list, so apologies if this has all been covered already.)
Best wishes, FP.