Shop More Submit  Join Login
×

:iconrealitysquared: More from realitysquared


Featured in Collections

JOURNALS AND NEWS by Elandria

Journals and News Articles by dekorAdum

Journals and News Articles by bradleysays


More from deviantART



Details

Submitted on
October 24, 2012
Submitted with
Sta.sh Writer
Link
Thumb

Stats

Views
24,736 (3 today)
Favourites
19 (who?)
Comments
43
×

Matters Concerning Archives

Wed Oct 24, 2012, 2:56 PM
As many of you know, archive file types represent a means to collect together a number of computer files and package them together for the purpose of backup, to transport them to some other location, or simply to compress them so that they take up less space. Many of you here in the deviantART community who offer stock resources, applications, themes and other desktop customization options are all very familiar with them and use them extensively, whether your file type of choice be .zip, .rar, or any one of another dozen options.

Depending on how regularly you submit and what sort of file type you use when you do so you may or may not have noticed a change- that change being that submissions with file types ending with .exe are no longer being accepted during the the submission process and if you've attempted to submit an archive file which was password protected you've noticed that those protected files are also being rejected during submission (although 'normal' archive files without a password are accepted just as always).

Both of these changes are relatively recent and both are related to a brief mention in the Site Update posted on May 31st. The mention was brief at the time and lacked detail, which was a deliberate choice due to the circumstances, mentioning only that, "We have made some changes to the allowed file types in categories where members generally upload downloadable files, such as skins and themes categories."

The lack of the customary detail in this particular portion of the site update was due to the fact that it referred directly to profiles being used to deliberately submit .exe files or .exe files contained in archive files which would be presented as a theme or desktop customization but which in fact were malware; files which would install viruses, worms or other malicious software which could damage or disrupt the operation of your computer.

The submission of these infected file types had been occurring for a period of months and we had been attempting to address the problem using various methods and means while watching how the individuals responded to our efforts. Ultimately in May of this year, after watching the individuals responsible adapt their tactics and continue to place infected files on the site, it became obvious that we could no longer avoid the one defense which we had been trying to avoid- namely disallowing any file type ending in .exe as well as a few other related file extensions.

The act of disallowing .exe files did successfully what none of our efforts was able to do; it blocked the vast majority of the infected files which had been steadily flowing into the customization galleries. We are certainly aware that disallowing new submissions of .exe files has inconvenienced artists who are trying to offer legitimate desktop customization resources and we are just as upset about this as the artists affected but under the circumstances we were left with no other effective choice and we encourage those artists affected to do their best to work around or within this new restriction.

Another unintended casualty in this particular battle has been stock resource providers. For years some stock resource providers are submitted their resources in archive files protected by password which they made available for sale or under specific conditions under which they would give you the password for access. Unfortunately archives which are protected under password cannot be checked to see what sort of files are inside and that means that not only can our systems not check for the restricted file types it also cannot subject the password protected archive to any virus scanning.

Because the password protection blocks our efforts to check the archive for malware we were forced to disallow the submission of any archive file type which was under password protection. We understand that this is a great inconvenience and this disrupts a system that many artists have had in place for years and this truly does represent a situation where the few have caused a disruption for the many but it was something which could not be avoided as we moved forward with protecting all members from these sorts of infected deviations.

While we are currently rejecting the submission of .exe and password protected archive files we will not be automatically removing any of these files which were submitted previously. While individual files which have an issue or a problem could be removed by our staff there is no reason to report any existing deviation simply because it is an executable or simply because it is password protected.

I'd like to reassure all artists that as we move forward and as we continue to maximize security and the safety of downloadable files that we always try our best to make certain our efforts cause as little impact to you, the artist, as possible.




Add a Comment:
 
:iconmishihime:
mishihime Featured By Owner Nov 15, 2012  Hobbyist Digital Artist
I think this was a great idea.

Although, personally I do not think blocking .exe files is enough. If DA as a business has a real interest in investing in protection for its users and its own servers, then they should realize that it is possible to hide .exe files very easily. You can even insert programs and malicious scripts into image files themselves. People can be easily misled (or falsely instructed) to run or extract the programs once downloaded onto their computer. This might be more work than DA can afford to do right now, but perhaps the safest course of action is to have all submitted files in a queue to be manually checked and scanned for viruses or other suspicious activities.

I realize that DA is not even responsible for the damage caused if (hypothetically) someone downloaded another users content was infected with a virus, but it may become a necessary measure if this kind of misfortune falls on enough users. Perhaps the download .zip file feature should be even limited to subscription members, because I highly doubt serious artists are the ones uploading these malicious materials.
Reply
:icontasastock:
Tasastock Featured By Owner Nov 9, 2012  Hobbyist Photographer
i have a suggestion... am i correct in thinking that you have to be pre-approved to submit videos to DA? could not the same process be applied to these sort of files? or is that too much of a hassle. i've found that password protecting my anatomy reference (my life drawing, nude stock images) is the best way of protecting myself from the perves and the porn collectors on here. and i was intending on submitting more resources of a similar nature in the future, since i know how useful it is. obviously i understand the dilemma and the circumstances that have forced you to take these measures, but i still want to help artists out any way i can by getting my resources out there. i dont really fancy using the sta.sh option and giving out lots of links instead of just one password for any old, and any new nude pieces i may do in the future is all. and if the pre-approved system works for video i thought it might work similiarly for this? maybe?
Reply
:iconmishihime:
mishihime Featured By Owner Nov 15, 2012  Hobbyist Digital Artist
In your case, you have little control over your watchers. Any one of them could and probably do redistribute your photos or use them for pornographic purposes. Even with password protection, once someone unzips your file it would be easy to post it literally anywhere.

Honestly, if you insist on password protection I would use an external file service like 4shared or media fire and use .rar files or .7zip. Link the url for it in the comments section under each deviation. Set your files in the file sharing site manager to private so they cannot be added to google or other search sites.
Reply
:iconitti:
Itti Featured By Owner Oct 31, 2012  Hobbyist General Artist
I have no idea how sensible and/or feasible this suggestion is, but would it not be possible to either:
a) people can submit password-protected files as long as they provide the password somewhere in the submission process so that the system can scan it for viruses, or
b) have an option to password-protect the files when you upload it, and the dA servers do the zipping and passwording for you?

I agree with others that Premium Content is a reasonable if not identical option.
Reply
:iconmishihime:
mishihime Featured By Owner Nov 15, 2012  Hobbyist Digital Artist
Here's an idea. You upload the files one at a time and the site itself compresses them and makes a zip file for you, after scanning each file you upload. Then it implements it's own password system during the compression process.

Not sure how hard it would be to code, but it can be done.
Reply
:iconfrankteller:
frankteller Featured By Owner Oct 25, 2012
Good. Why were .exe files ever allowed? There is no reason to be uploading them to an art site anyway.
Reply
:iconnamenotrequired:
namenotrequired Featured By Owner Oct 26, 2012  Student Interface Designer
For desktop themes etc. I think, which is what the site originally focussed on in the first place ^^
Reply
:iconstarsong-studio:
Starsong-Studio Featured By Owner Oct 25, 2012  Professional General Artist
Why is it that humanity always breeds some criminally stupid idiots who have to spoil it for the rest of the people? Hard enough to scrape a living as an artist.

I'm not personally affected by this, but it upsets me. Interesting read, thanks for posting! Keep up the good work.

This may be naive, as I'm not a programmer - but wouldn't it be possible to submit the password of a protected archive to DA only, for the purpose of scanning?
Reply
:iconstarsong-studio:
Starsong-Studio Featured By Owner Oct 25, 2012  Professional General Artist
OK someone's already said that -- never mind. And uh, actually I *am* a programmer, just not a particularly competent one. :)
Reply
:iconstarsong-studio:
Starsong-Studio Featured By Owner Oct 25, 2012  Professional General Artist
... or make that "experienced". Gee. Have to stop putting my light under the shade! (over and out)
Reply
Add a Comment: