[WikiEN-l] Wikipedia Virus Protection

[Doug Fraser]

Hello,

I want to raise a concern about the potential proliferation of viruses via 
Wikipedia. I'm new to the list, so I apologise in advance if this has 
already been covered.

The fact that any user can upload practically any content to Wikipedia, via 
[[Special:Upload file]] is a potential risk. It is relatively easy to 
disguise a hostile executable as a document or other ''encyclopedic'' 
content. While it is likely to be speedy deleted when eventually caught, 
there is a realistic chance that a few people will download it and be 
infected. This may potentially be a legal risk to Wikipedia too, if a virus 
causes severe damage and some lawyer claims there was "negligence" involved.

An even greater concern to me is the JPEG GDI+ Buffer Overrun exploit 
announced by Microsoft on September 14th.( 
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx ). This 
exploit theoretically allows code to be run in various Microsoft products, 
including recent unpatched versions of Internet Explorer, ***just by viewing 
a malformed JPEG image***. This is a far greater concern, because any anon 
can upload a JPEG - perhaps even link it at the main page - and quickly 
infect many users. Theoretically.

Water works its ways through any cracks it finds; as Wikipedia grows and 
trolls look for new ways to disrupt the community (and a-hole virus authors 
look for quick ways to distribute their product), this risk to Wikipedia 
will probably increase.

This problem isn't just academic; at [[Vandalism in Progress]] a user 
recently reported getting a JPEG GDI+ exploit warning flag from his software 
firewall, pointing to a Wikimedia address. Maybe a false alarm, but who 
knows?

What do people have to say about this issue? Are my concerns unfounded? (I 
want to re-iterate that I'm new to the list, so apologies if this has all 
been covered already.)

Best wishes, FP.