I mean, they are basically just text (the standard used for encoding and the raw data). You can copy it and execute its code or links, but its about as simple as it gets, and simple enough that there’s no easy exploit for .txt files that doesnt require the user actively doing something wrong.
I dont know enough about epubs to be honest, but I would guess basic images and videos with no link or script insertion possible on execution are relatively safe, so basically the simplest common file types, since they should just read data, pass it through the decoding needed, and display it.
Videos may be trickier since they include more information on how to be run, compression tricks used and a lot more stuff, as well as the data, but simple images should not have anything, just basic information on the co-dec standard used, info on the width and length, and the raw data.
It may be possible to build a SQL insertion program for any file depending on the system and how that file is opened in it (a malicious driver for some file type could run some hidden code in images of that type, its been investigated as a possible cyberattack), but I would hope such obvious stuff would be figured out for simple programs and sensible OS distributions (if unexpected input: break and return “unreadable file”).
Its honestly a bit complicated since I am not a cybersecurity expert, so please ask professionals and dont rely on this alone if big money relies on this kind of security.
TLDR: I dont like videos, and SQL insertion and malitious drivers are the main issue for a smart user in terms of malitious image/text files, but also mostly outside their control
I mean, they are basically just text (the standard used for encoding and the raw data). You can copy it and execute its code or links, but its about as simple as it gets, and simple enough that there’s no easy exploit for .txt files that doesnt require the user actively doing something wrong.
I dont know enough about epubs to be honest, but I would guess basic images and videos with no link or script insertion possible on execution are relatively safe, so basically the simplest common file types, since they should just read data, pass it through the decoding needed, and display it.
Videos may be trickier since they include more information on how to be run, compression tricks used and a lot more stuff, as well as the data, but simple images should not have anything, just basic information on the co-dec standard used, info on the width and length, and the raw data.
It may be possible to build a SQL insertion program for any file depending on the system and how that file is opened in it (a malicious driver for some file type could run some hidden code in images of that type, its been investigated as a possible cyberattack), but I would hope such obvious stuff would be figured out for simple programs and sensible OS distributions (if unexpected input: break and return “unreadable file”).
Thanks for replying. This is useful to know.
Its honestly a bit complicated since I am not a cybersecurity expert, so please ask professionals and dont rely on this alone if big money relies on this kind of security.
TLDR: I dont like videos, and SQL insertion and malitious drivers are the main issue for a smart user in terms of malitious image/text files, but also mostly outside their control
It’s always useful having the details explained. We can’t know too much. So thank you.