Monday, October 14, 2013

Sharing of infected files

In my last post I noted how Office 365 prevents you from uploading infected files. I got to wondering what happens when the other file sharing services try and share an infected file.

image

If I try and attach an infected file directly from my local machine to an email in Google Apps it is detected as shown above, which is good, and prevents that file being attached.

image

But since I can also attach from Google Drive as well, I can attach the infected file (since I can upload into Google Drive as my last post highlighted). This is not good.

image

Now you’ll see that with Google Apps the attachment is really shared via a link rather than attaching the actual file from what I see. Any email system worth its salt will detect and quarantine an attachment that contains a virus, so let’s just eliminate from our considerations. But, if instead I send a link to an infected document what happens? I know the email will reach the users (because it isn’t infected).

image

So here’s what the user sees. If I click the link to the file I see:

image

Now if I try and download I get:

image

That’s good, but remember here I am dealing with a .com file that includes a virus.

So let’s assume I am a little more cunning in my attempts to infect a user I place the infected file inside a ZIP archive. What happens?

image

As you see, Dropbox allows me to send a public link to the encrypted file where anyone can download it. This means that your only defence typically here is now the local anti virus software which we know all users always keep up to date right? (if you believe that then you live in world of unicorns, leprechauns and perpetual rainbows). Not good!

image

Now if I share the same ZIP file using Google Drive and attempt to download it from the File menu.

image

It is blocked like before which is good, BUT look at this:

image

If I download it from the drop down option at the end of the file

image

It downloads! Not good, especially give this the default that users see when they view the link provided. I also find it strange that one way you get one result (i.e. blocked file) while the other way you don’t. Strange.

So what’s the moral here? Best bet is don’t let the file get up to file sharing platform in first place, which is why I reckon Office 365 is a much better bet when you start digging into what can happen as I have done briefly here.

All file sharing systems are not created equal.