RSS & Viruses?
Are RSS feeds a virus risk for law firms? or any other company? I've had this question before, so let's clear this up. The answer is NO!
RSS is an xml file, which by definition is an ASCII text file with mark up. It is an interpreted file. By itself, it cannot execute a virus. The only potential risk would be within the feed's description field, which can carry html data. Viruses can be embedded within html, but there is no more risk to allowing RSS feeds than allowing employees to use html email, or to surf the web.
Also, consider the facts. Email recipients never choose to get spam, and web surfers cannot anticipate clicking on an expired domain that's been redirected to an unsavoury website. RSS users, on the other hand, choose their content sources. On that point alone, which technology would you trust?
Thanks to Connie Crosby & Simon Fodden for the offline discussion. All three of us were asked this question, and echoed the points above with resolve.
RSS is an xml file, which by definition is an ASCII text file with mark up. It is an interpreted file. By itself, it cannot execute a virus. The only potential risk would be within the feed's description field, which can carry html data. Viruses can be embedded within html, but there is no more risk to allowing RSS feeds than allowing employees to use html email, or to surf the web.
Also, consider the facts. Email recipients never choose to get spam, and web surfers cannot anticipate clicking on an expired domain that's been redirected to an unsavoury website. RSS users, on the other hand, choose their content sources. On that point alone, which technology would you trust?
Thanks to Connie Crosby & Simon Fodden for the offline discussion. All three of us were asked this question, and echoed the points above with resolve.
posted by Steve Matthews at 1/18/2007
3 Comments:
Hi Steve,
Funny this should come up ... Just last week it was with considerable shock that I found a rather obvious porn feed among my Bloglines feeds ... right there in my Law - Canada - Topical file! I reported it to Bloglines and they're not sure how it happened was the reply I got from them. Honest, I don't visit those kinds of sites ... well, not on my office computer anyway ... and neither does anyone else use my office computer (it's password protected). Any thoughts on how porn spam got into my Bloglines feed reader? I don't have anyone handy who can discuss this and I wonder if you, Connie or Simon have ever heard of this?
A couple of ideas...
First of all, if you conduct broad search feeds that scan for certain topics, you will on occasion get items you don't expect. It happens... but that's one possibility.
Second, you should try to re-create it with the feed in question, and seeing if that same items shows up in the feed's archive. If you can't re-create, then chalk it up to a database error by Bloglines. If you can, then try a new aggregator, or question the feed's source.
Thanks for the tips, Steve. I think you're most likely right when you suggest it might be a database error.
Of course, you can imagine my horror to find that OBVIOUS porn feed in my office feed reader, which means you can also imagine how quickly I hit that delete button! In retrospect, I wish I hadn't been so quick on that just so I could maybe figure out how it got there.
A week later ... no new surprise porn feeds. Dull. Dull. Dull. Except for you, Slaw, Michel, and Connie's feeds, of course! ;}
Post a Comment
<< Home