Image Policy Change

[zoraster]

Yes?

The problem is that Chrome will block pages with malware links. Since many people use chrome, that's an issue.

[Zachrulez]

Yes?

The problem is that Chrome will block pages with malware links. Since many people use chrome, that's an issue.

Yup, one worth punishing the user for. (Which by what I'm reading about poses no actual malware threat, we're just going to punish users for triggering a warning they might not know about because they don't use chrome.)

[zoraster]

It's not about punishing. It's about stopping the problem.

[animorpherv1]

we're just going to punish users for triggering a warning they might not know about because they don't use chrome.)

Does this seem a little bit off to anyone else?

[Zachrulez]

It's not about punishing. It's about stopping the problem.

The problem is apparently a design flaw in Chrome, so yeah.

[gorckat]

I thought it was more that if Chrome is blocking the site, then it's on Google's list of compromised sites and that affects searches and such.

[Zachrulez]

Well from what I'm reading the images themselves are actually safe. (Copy it and upload to a reputable site.) Apparently even a safe image will trigger a malware warning in chrome because chrome will block an entire blacklisted site? Seems like bad browser design to me.

[zoraster]

Be that as it may, we don't have control over how Chrome treats things.

[animorpherv1]

Also, when I used Chrome (I only stopped at like May-ish for Firefox), I never ran into any issues. so that talks to the severity of the issue.

[zoraster]

Yeah i use chrome at home and have never had a problem

[Zachrulez]

Anyway, I'm pretty sure most if not all browsers have built in anti-malware, so the onus you're putting on the user in this regard is unrealistic. If their own browser won't flag it, you're basically punishing them for not using chrome.

[gorckat]

badurl.domain is compromised, and Google knows it.

Your browser tries to access a file at badurl.domain and Chrome blocks it.

Chrome isn't scanning the image- it's checking the source.

I don't think any browsers are actively scanning for malware (that'd be slow). AVG and Google and others are making tools to do what is described above.

[Zachrulez]

Well yeah, it's done through a blacklist. Blacklists get bigger, reputable sites become unreputable, become compromised and then get fixed and all that. Basically this is like trying to contain a wildfire in a dry forest.

[Zachrulez]

Oh and browsers probably don't actively scan for malware, but I'm pretty sure anti-viruses will.

[Zachrulez]

But yeah, I don't see why there's a need to threaten punishment for this. If you explain to whoever is doing this stuff what is going on, how they can clean their computer and how to keep from accessing a malware contaminated site again, I don't see why this would be a problem for anyone. I don't think there's a single user on this site that wants to be infected by malware.

[shaft.ed]

I don't think there's a single user on this site that wants to be infected by malware.

which is kinda the whole point

[redFF]

I don't think there's a single user on this site that wants to be infected by malware.

Speak for yourself.

[Zachrulez]

I don't think there's a single user on this site that wants to be infected by malware.

which is kinda the whole point

Nothing in the OP seems to come even close to giving a damn about the fact that the person posting the image might not even realize their computer is compromised. (If it was me, I'd be more pissed that ms seems to care more about the implications of what it means to the site vs what it means for my computer.)

Hell the proposed solution to avoid punishment even dances around the idea of how to copy images from a compromised site safely. (Which you'd have to know was compromised in the first place.) That's like teaching a kid how to play with fire.

Anyway, bluntly. You can't hold people responsible for that at a user level. If you can't handle that little bit of administrative duty, then you shouldn't be an admin. Not everyone is going to have the same knowledge as you and the community is only going to suffer from an admin expecting that.

[zoraster]

It's not someone's computer that's compromised from what I can tell. It's the site itself you hotlink from. Maybe that's why you're having such a severe disconnect from everyone, zach?

The way it works is that someone searches somewhere for a comic or something. They find it on a less than reputable site. They take a link of the jpg or whatever from that site, and then they slap on a couple of [img] tags. Then it trips it.

It's nothing about their computer being infected or not.

[Zachrulez]

It's not someone's computer that's compromised from what I can tell. It's the site itself you hotlink from. Maybe that's why you're having such a severe disconnect from everyone, zach?

The way it works is that someone searches somewhere for a comic or something. They find it on a less than reputable site. They take a link of the jpg or whatever from that site, and then they slap on a couple of [img] tags. Then it trips it.

It's nothing about their computer being infected or not.

Well you have to visit the site to hotlink from it Zor. Then your computer generally becomes compromised. (Depending on what's actually on the site.)

[Zachrulez]

Anyway, again. I'm going to put the emphasis on the fact that you can't expect the user to know what isn't reputable. The filter chrome uses along with any other anti-malware browser of anti-virus changes frequently.

Also Chrome is the only thing flagging this stuff, then Chrome is the problem, not the users. (Because if their anti-malware isn't picking it up, what the heck are you expecting exactly?)

[zoraster]

Meh. Sometimes. Chrome is kind of aggressive about it. If you get it from a site that has a bad reputation for dodgy downloads (DOWNLOAD NOW!) then it might be marked even if the actual image and site you accessed the image through was fine. Regardless, the fact your computer is infected is actually irrelevant for the hotlink's goodness or badness.

Anyway, If you're being honest I will too: it's neither MS's job nor is it the administration's job to care about what diseases your computer picks up unless it's from MS itself. The goal is to preserve MS as a clean site.

[zoraster]

Anyway, again. I'm going to put the emphasis on the fact that you can't expect the user to know what isn't reputable. The filter chrome uses along with any other anti-malware browser of anti-virus changes frequently.

Well I think that's why chamber suggested using imgur or photobucket or whatever. You know that you can use those and either (a) be safe or (b) if something WERE to go wrong, you'd be held harmless.

[Zachrulez]

I don't use either, but I not at particular risk of linking to compromised sites because avast is integrated into my opera to detect malware sites.

And as far as I can tell, MS actually is clean. The problem is an over aggressive chrome browser which is like the number 3 browser? I mean this might be something you need to accept as a downside of chrome.

[zoraster]

Chrome is a very popular browser. It kind of depends on how you count, but by some metrics, it's the number 1 browser.

http://en.wikipedia.org/wiki/Usage_shar ... b_browsers