said by JohnInSJ:Your question is a philosophical one - why support hyperlink navigation if some links lead to malware? Why have active web content if some of that content is malicious?
No, it isn't. I don't get this article and I don't think I'm alone in that regard. Having malware hidden in a password protected archive does not seem to make it much different than any other file.
The question I raised, which perhaps eluded you, was simply: how is malware in a password-protected zip archive DIFFERENT than malware in a NON password-protected zip archive? If the AV scanner would have caught it in the NON password-protected archive, why would the AV scanner have any less chance of catching it when you insert the password and try to unpack the archive? (That's hardly philosophical.)
Your hyperlink analogy is rather ridiculous. Cudni stated "block
anything password protected" and I suggested that then there would be NO point to having password-protection as a feature in archives. It's akin to saying "Don't open the door to
anyone who rings the doorbell". In that case, why have doorbells? Your equivalent analogy should therefore be "why have hyperlink navigation if
ALL links lead to malware?" (And I'd agree, why indeed.)
The article Cudni cited seems somewhat misleading: ""Antivirus software can't see the hidden payload. Once the file is opened the payload (or malware) is on the system." That implies that once the ARCHIVE is opened, the payload is on the system. But I believe that they mean that the AV can't scan the password-protected archive, but it WILL scan it once it is opened. So what's the difference?