The fact they are container formats - and thus they are supposed to contain arbitrary data - is a reason to consider them safe. They are not supposed to be executed under any conditions. A viewer that runs any sort of script from a .gif is highly insecure and should not be used, period.
I didn't know about the NTFS data streams (and I still see very little point in such a function), but what would trigger those streams? Are they opened at the same time as the main file (in which case, they can do as much damage as the file itself - thus, in the case of a .dll or .exe, lots, but none as a plain text), or must they be called separately? And, if they must indeed be called separately, what would call them on a freshly installed system?
EDIT: And would copying the files over to the tmpfs, before moving them over to a FAT32 not get rid of these streams? Does FAT32 even support them?
Bookmarks