Shop Mobile More Submit  Join Login

Matters Concerning Archives

Wed Oct 24, 2012, 2:56 PM
As many of you know, archive file types represent a means to collect together a number of computer files and package them together for the purpose of backup, to transport them to some other location, or simply to compress them so that they take up less space. Many of you here in the deviantART community who offer stock resources, applications, themes and other desktop customization options are all very familiar with them and use them extensively, whether your file type of choice be .zip, .rar, or any one of another dozen options.

Depending on how regularly you submit and what sort of file type you use when you do so you may or may not have noticed a change- that change being that submissions with file types ending with .exe are no longer being accepted during the the submission process and if you've attempted to submit an archive file which was password protected you've noticed that those protected files are also being rejected during submission (although 'normal' archive files without a password are accepted just as always).

Both of these changes are relatively recent and both are related to a brief mention in the Site Update posted on May 31st. The mention was brief at the time and lacked detail, which was a deliberate choice due to the circumstances, mentioning only that, "We have made some changes to the allowed file types in categories where members generally upload downloadable files, such as skins and themes categories."

The lack of the customary detail in this particular portion of the site update was due to the fact that it referred directly to profiles being used to deliberately submit .exe files or .exe files contained in archive files which would be presented as a theme or desktop customization but which in fact were malware; files which would install viruses, worms or other malicious software which could damage or disrupt the operation of your computer.

The submission of these infected file types had been occurring for a period of months and we had been attempting to address the problem using various methods and means while watching how the individuals responded to our efforts. Ultimately in May of this year, after watching the individuals responsible adapt their tactics and continue to place infected files on the site, it became obvious that we could no longer avoid the one defense which we had been trying to avoid- namely disallowing any file type ending in .exe as well as a few other related file extensions.

The act of disallowing .exe files did successfully what none of our efforts was able to do; it blocked the vast majority of the infected files which had been steadily flowing into the customization galleries. We are certainly aware that disallowing new submissions of .exe files has inconvenienced artists who are trying to offer legitimate desktop customization resources and we are just as upset about this as the artists affected but under the circumstances we were left with no other effective choice and we encourage those artists affected to do their best to work around or within this new restriction.

Another unintended casualty in this particular battle has been stock resource providers. For years some stock resource providers are submitted their resources in archive files protected by password which they made available for sale or under specific conditions under which they would give you the password for access. Unfortunately archives which are protected under password cannot be checked to see what sort of files are inside and that means that not only can our systems not check for the restricted file types it also cannot subject the password protected archive to any virus scanning.

Because the password protection blocks our efforts to check the archive for malware we were forced to disallow the submission of any archive file type which was under password protection. We understand that this is a great inconvenience and this disrupts a system that many artists have had in place for years and this truly does represent a situation where the few have caused a disruption for the many but it was something which could not be avoided as we moved forward with protecting all members from these sorts of infected deviations.

While we are currently rejecting the submission of .exe and password protected archive files we will not be automatically removing any of these files which were submitted previously. While individual files which have an issue or a problem could be removed by our staff there is no reason to report any existing deviation simply because it is an executable or simply because it is password protected.

I'd like to reassure all artists that as we move forward and as we continue to maximize security and the safety of downloadable files that we always try our best to make certain our efforts cause as little impact to you, the artist, as possible.





Add a Comment:
 
:iconmishihime:
mishihime Featured By Owner Nov 15, 2012  Hobbyist Digital Artist
I think this was a great idea.

Although, personally I do not think blocking .exe files is enough. If DA as a business has a real interest in investing in protection for its users and its own servers, then they should realize that it is possible to hide .exe files very easily. You can even insert programs and malicious scripts into image files themselves. People can be easily misled (or falsely instructed) to run or extract the programs once downloaded onto their computer. This might be more work than DA can afford to do right now, but perhaps the safest course of action is to have all submitted files in a queue to be manually checked and scanned for viruses or other suspicious activities.

I realize that DA is not even responsible for the damage caused if (hypothetically) someone downloaded another users content was infected with a virus, but it may become a necessary measure if this kind of misfortune falls on enough users. Perhaps the download .zip file feature should be even limited to subscription members, because I highly doubt serious artists are the ones uploading these malicious materials.
Reply
:icontasastock:
Tasastock Featured By Owner Nov 9, 2012  Hobbyist Photographer
i have a suggestion... am i correct in thinking that you have to be pre-approved to submit videos to DA? could not the same process be applied to these sort of files? or is that too much of a hassle. i've found that password protecting my anatomy reference (my life drawing, nude stock images) is the best way of protecting myself from the perves and the porn collectors on here. and i was intending on submitting more resources of a similar nature in the future, since i know how useful it is. obviously i understand the dilemma and the circumstances that have forced you to take these measures, but i still want to help artists out any way i can by getting my resources out there. i dont really fancy using the sta.sh option and giving out lots of links instead of just one password for any old, and any new nude pieces i may do in the future is all. and if the pre-approved system works for video i thought it might work similiarly for this? maybe?
Reply
:iconmishihime:
mishihime Featured By Owner Nov 15, 2012  Hobbyist Digital Artist
In your case, you have little control over your watchers. Any one of them could and probably do redistribute your photos or use them for pornographic purposes. Even with password protection, once someone unzips your file it would be easy to post it literally anywhere.

Honestly, if you insist on password protection I would use an external file service like 4shared or media fire and use .rar files or .7zip. Link the url for it in the comments section under each deviation. Set your files in the file sharing site manager to private so they cannot be added to google or other search sites.
Reply
:iconitti:
Itti Featured By Owner Oct 31, 2012  Hobbyist General Artist
I have no idea how sensible and/or feasible this suggestion is, but would it not be possible to either:
a) people can submit password-protected files as long as they provide the password somewhere in the submission process so that the system can scan it for viruses, or
b) have an option to password-protect the files when you upload it, and the dA servers do the zipping and passwording for you?

I agree with others that Premium Content is a reasonable if not identical option.
Reply
:iconmishihime:
mishihime Featured By Owner Nov 15, 2012  Hobbyist Digital Artist
Here's an idea. You upload the files one at a time and the site itself compresses them and makes a zip file for you, after scanning each file you upload. Then it implements it's own password system during the compression process.

Not sure how hard it would be to code, but it can be done.
Reply
:iconfrankteller:
frankteller Featured By Owner Oct 25, 2012
Good. Why were .exe files ever allowed? There is no reason to be uploading them to an art site anyway.
Reply
:iconnamenotrequired:
namenotrequired Featured By Owner Oct 26, 2012  Student Interface Designer
For desktop themes etc. I think, which is what the site originally focussed on in the first place ^^
Reply
:iconstarsong-studio:
Starsong-Studio Featured By Owner Oct 25, 2012  Professional General Artist
Why is it that humanity always breeds some criminally stupid idiots who have to spoil it for the rest of the people? Hard enough to scrape a living as an artist.

I'm not personally affected by this, but it upsets me. Interesting read, thanks for posting! Keep up the good work.

This may be naive, as I'm not a programmer - but wouldn't it be possible to submit the password of a protected archive to DA only, for the purpose of scanning?
Reply
:iconstarsong-studio:
Starsong-Studio Featured By Owner Oct 25, 2012  Professional General Artist
OK someone's already said that -- never mind. And uh, actually I *am* a programmer, just not a particularly competent one. :)
Reply
:iconstarsong-studio:
Starsong-Studio Featured By Owner Oct 25, 2012  Professional General Artist
... or make that "experienced". Gee. Have to stop putting my light under the shade! (over and out)
Reply
:iconilantiis:
iLantiis Featured By Owner Oct 25, 2012  Hobbyist Digital Artist
Thank God!
Reply
:iconmagical525:
Magical525 Featured By Owner Oct 25, 2012  Hobbyist Artisan Crafter
It's good to know that you are looking out for people with this kind of thing :)
Reply
:iconpiratelotus-stock:
PirateLotus-Stock Featured By Owner Oct 25, 2012
Thank you for the explanation!
Reply
:iconmariabeloart:
MariaBeloArt Featured By Owner Oct 25, 2012  Hobbyist Digital Artist
Shame that the madness of the few will prejudice the all but seems there is little choice on this matter, good to know you guys are working on this issues, but bad for those honest deviants who just wanted to share with others the awsome job they do.
Reply
:iconericforfriends:
EricForFriends Featured By Owner Oct 25, 2012  Professional Photographer
Sad but sensible measures. I don't sell anything here myself, but a disinterested suggestion: what if you'd include a line in the submission form that passes the archive's password on to database field that's visible to the dA virus checkers only?
Reply
:iconalanralph:
AlanRalph Featured By Owner Oct 25, 2012  Professional General Artist
Probably impractical as it would most likely require the files to be checked manually - I doubt there's a good way to automate that process. :hmm: Also, I have a feeling the Submission Agreement might need rewording a bit if dA wanted to check password-protected files.
Reply
:iconericforfriends:
EricForFriends Featured By Owner Oct 26, 2012  Professional Photographer
Hm, I don't see how something like that can't be automated, but I'll gladly leave that the people who run the show. :)
Reply
:iconevil-e33:
Evil-e33 Featured By Owner Oct 24, 2012  Hobbyist Photographer
Have you thought of adopting the same type of system that is used for film submissions? Invite only. Invite those that are trusted sources, so they can continue to use the .exe or password protected files? It's not a perfect solution, however it leans more in favor of the good honest artists on this site, while being able to still protect users from unknowingly downloading malware and viruses.
Reply
:iconalanralph:
AlanRalph Featured By Owner Oct 25, 2012  Professional General Artist
That seems overly restrictive to me - I can understand dA wanting top quality film submissions, but with resource files the criteria is more about minimising the possibility of unauthorised use, at least as far as password-protection is concerned.
Reply
:iconevil-e33:
Evil-e33 Featured By Owner Oct 25, 2012  Hobbyist Photographer
ugh, forgot to add, that with the film submissions system, it's not about having top quality submissions, it's about making sure people are not violating copyright. ;)
Reply
:iconevil-e33:
Evil-e33 Featured By Owner Oct 25, 2012  Hobbyist Photographer
It's far less restrictive than what they ended up doing which is not allowing it at all :shrug:
Reply
:iconwdwparksgal-stock:
WDWParksGal-Stock Featured By Owner Oct 24, 2012  Hobbyist General Artist
Some people just have too much time on their hands since they use their free time to create havoc instead of positive pursuits.

Oddly enough I have never been able to get passwords to work on my zip files posted on dA, so password-protected files go into my Photobucket Account. Now, I am switching to Sta.sh. With the generous allowance of GB space, it is a great place for zip files for stock prizes.

To have a cover image, I create a preview pane like I would a normal zip file then load both the zip and preview into Sta.sh. I then drag the preview onto zip file and name that folder. That way, the winner can see what is in the zip file.

A screenshot of the Sta.sh page with the preview panes posted separately into Sta.sh, gives winners a chance to see the stock prizes available and can choose their pack of choice. It is a nice alternative over using PhotoBucket.

Another problem I have on my Macs is that I cannot download RAR files, no matter what I do. Zip files are the only ones that will download for me. I Googled RAR and tried to download an application to open RARs, but, alas, still cannot open them!
Reply
:iconshoofly-stock:
Shoofly-Stock Featured By Owner Oct 24, 2012  Professional Digital Artist
Have you tried Stuffit Expander to open RAR's ?
Reply
:iconwdwparksgal-stock:
WDWParksGal-Stock Featured By Owner Oct 25, 2012  Hobbyist General Artist
Yep. I thought it could be because my desktop is old, but I cannot get RAR files to open on my laptop either, which is newer. Maybe I am doing something wrong. I just don't know!
Reply
:iconmarthig:
marthig Featured By Owner Oct 24, 2012  Hobbyist General Artist
Good for finding a solution, sad for those who used .exe files and password protected ones in good faith. Hope they will find a way around though, the good faith artists of course !
Reply
:icon1lovedrew:
1LoveDrew Featured By Owner Oct 24, 2012  Hobbyist General Artist
Huh... Hopefully there may be this GIANT anti-virus program run by the international government checking EVERYTHING to be sure if it has viruses, malware, etc, but... I don't see that happening any time soon. :/
Reply
:iconsingingflames:
SingingFlames Featured By Owner Oct 24, 2012  Hobbyist Writer
I'm glad to hear that dA is taking action to stop the spread of malware. It's unfortunate that honest deviants also have to be denied this ability, but I understand the reasoning. Thank you for your continuing efforts on our behalf! :D
Reply
:iconkensaunders:
KenSaunders Featured By Owner Oct 24, 2012  Hobbyist General Artist
Excellent work, thanks for looking out for us.

Are you saying that dA has malware scanning capabilities?
If so cool, if not, why not?
How about scanning for viruses as well?

I never open anything that doesn't get scanned first, but, there are millions who are oblivious to the dangers of clicking everything without looking and opening everything without precautions.
Reply
:iconrealitysquared:
realitysquared Featured By Owner Oct 25, 2012  Hobbyist General Artist
Our system does employ virus scanning- the main problem is that not all virus scanners will detect the same thing, or even detect something which is there at all.

There are websites such as Jotti's malware scan which will use eighteen different virus scanning softwares to scan any file you give to it and it's not unusual for some of the scanners to detect a problem while others do not detect anything at all.

Considering that we receive in excess of 100,000 submissions a day it's just not feasible in terms of time or resources to scan every one of those files with eighteen or twenty programs ourselves to be certain, and there isn't any third party service that I'm aware of that could possibly handle that sort of work load without introducing a huge lag somewhere in the submission process.

Rejecting executables and password protected files was pretty much the last feasible option available.
Reply
:icondamselstock:
DamselStock Featured By Owner Oct 24, 2012  Professional Digital Artist
I use sta.sh to store my exclusives that are not Premium Content, or for exclusives that are offered as both PC AND thru PayPal. I can then send the sta.sh URL to whoever bought the exclusives for download.
Reply
:iconmathness:
Mathness Featured By Owner Oct 24, 2012
Good to see an effort to get rid of malware. :)

Would it not be possible to "fix" the password issue if the artist could supply it during upload?
Reply
:iconcasperium:
Casperium Featured By Owner Oct 24, 2012  Professional Digital Artist
Better safe than sorry!
Reply
:iconlost-angle:
lost-angle Featured By Owner Oct 24, 2012  Hobbyist General Artist
This is a wonderful thing!

As a suggestion, it might be nice for the ability to download a file to be "password protected" as a part of the download feature. It could give users a chance to do what they did previously in a manner that remains safe for dA and secure for them. (Check a box saying "password protected" type in password for download. Similar to what Wordpress uses for password protected pages.)
Reply
:iconrydi1689:
rydi1689 Featured By Owner Oct 24, 2012  Hobbyist Digital Artist
I agree with this, though for those resources protected by passwords that you only get by paying, something like the premium content feature would be an aid so as to not need to submit it as a password protected file. If you have to "pay" to get the premium content, it wouldn't need to be password protected. Though there are some ups and downs to that too.
Reply
:icondamselstock:
DamselStock Featured By Owner Oct 24, 2012  Professional Digital Artist
I use sta.sh to store my exclusives that are not Premium Content, or for exclusives that are offered as both PC AND thru PayPal. I can then send the sta.sh URL to whoever bought the exclusives for download.
Reply
:iconrydi1689:
rydi1689 Featured By Owner Oct 25, 2012  Hobbyist Digital Artist
That's another solution, but... that person can share that sta.sh link with someone else and get your exclusive downloads too, can't they?
Reply
:icondamselstock:
DamselStock Featured By Owner Oct 25, 2012  Professional Digital Artist
They could just share the photos by email as well if they really wanted to. Most artists who buy exclusive stock do so because they like that very few artists have access to them, in turn making their artwork unique. Sharing the images would defeat the purpose. Also, if someone unauthorized used the images and I found out, which I would, I'd report it to the help desk, if on dA, or the admin/hosting company of whatever site they posted to.
Reply
:iconrydi1689:
rydi1689 Featured By Owner Oct 27, 2012  Hobbyist Digital Artist
You're definitely right about that :nod:. Very good reasoning!
Reply
:iconelandria:
Elandria Featured By Owner Oct 25, 2012  Professional General Artist
Technically they could do that with a passworded zip file after they have downloaded and unencrypted it having been given the password by the provider.
Reply
:iconrydi1689:
rydi1689 Featured By Owner Oct 25, 2012  Hobbyist Digital Artist
Indeed. I kind of... forgot about that, but it takes more time than just copy pasting a link =P But as =DamselStock mentioned, if someone received the file without paying for it, then they'd be reported for using it without permission.
Reply
:iconelandria:
Elandria Featured By Owner Oct 25, 2012  Professional General Artist
Yup. Then again, knowing the lengths some people go to steal artwork and stick their own signatures and watermarks on them after painstakingly deleting the original... I wouldn't be that surprised if it happened. Strange folk are strange lol
Reply
:iconnamenotrequired:
namenotrequired Featured By Owner Oct 24, 2012  Student Interface Designer
I'm happy to hear you've been able to solve the problem a while ago, it's definitely caused issues in the past and it's really good to know it won't happen anymore :) shame it had to go this way - hopefully those stock artists will be able to use Premium Content in the future to solve this issue for them, but I don't know enough about it to be sure.
Reply
:iconelandria:
Elandria Featured By Owner Oct 24, 2012  Professional General Artist
:thumbsup: Thank you for the clarification! Its a shame, but I'd rather have the site free from viruses than leaving things with a potential risk.
Reply
Add a Comment:
 
×

:iconrealitysquared: More from realitysquared


Featured in Collections

JOURNALS AND NEWS by Elandria

Journals and News Articles by dekorAdum

Journals and News Articles by bradleysays


More from DeviantArt



Details

Submitted on
October 24, 2012
Submitted with
Sta.sh Writer
Link
Thumb

Stats

Views
26,139 (1 today)
Favourites
19 (who?)
Comments
43
×