[Xylakant]

Especially given how common media files are as an attack vector.

[gruez]

Are they? Compared to other forms (eg. trojans or browser/os 0days) they're not really common. I suspect you have a better chance of getting infected from a site asking you to download a "codec", than you have of the site serving you a malformed media file.

[Xylakant]

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jpeg returns 390 results. And that’s jpeg alone. It’s fairly common that you see some sort of media file format parsing bug to lead to command execution.

[gruez]

But how many of those are actually exploited, and how does that compare to the other vectors I mentioned? Media file exploits seem in same class of exploits as spectre/rowhammer. You hear about them often (not as often as spectre/rowhammer, but I frequently see security fixes being mentioned in media player changelogs), but you rarely hear about attacks that use them.

[anthk]

pledge(4)ing an image or video viewer under OpenBSD doesn't look difficult at all.

Also, you can convert your PNG images to Farbleld (+.gz | +.xz) without losing quality.

And the farbleld image format it's more difficult to exploit.

[geofft]

I think running pledge(2) on Windows is quite difficult. :)

(At least, I'm assuming the question here is "What should Windows Defender do?" I agree that the answer to "What should OpenBSD's built-in antivirus do?" is "Literally not even exist," which it already does.)