Fonts seem innocent when on the computer. Most of the time, we do not even pay attention to the fonts on webpages except when they are too hard on eyes. But untrusted fonts on webpages may be misused by hackers to compromise your network. This post explains how to block untrusted fonts in Windows 10.
While working locally, almost all the fonts we use, come from the %windir%/fonts folder. That is, the fonts are installed into the Windows fonts folder when Windows or any other application is installed. These are trusted fonts and do not pose any threat. When we encounter such fonts on webpages, they are loaded from the local fonts folder.
But when the fonts on a webpage are not present on our computer – i.e., the local fonts folder – a copy of that font is loaded into our computer’s memory and that is when a cyber-criminal can gain access to your network.
Dangers of untrusted fonts
When a webpage utilizes a font that is already present in the local fonts folder, the browser picks up the fonts from the local folder to render the webpage. Since the fonts in local font folder are scrutinized by antivirus programs when being installed, they do not pose a threat.
When a website or webpage utilizes a font that is not present in local fonts directory or folder, browsers will need “elevated privileges” to load a copy of the fonts into local memory by downloading them to the computer. Simple downloads are not much of an issue as the antimalware packages will detect if the fonts contain any malware. There is no threat of malware with such fonts. The issue is “elevated privileges” that can be found and exploited by the cybercriminals. If they take control of browser under such a situation, they are capable of doing much harm to not only the computer but to the network as a whole.
The best method is to avoid browsers from using “elevated privileges” and that can be done in Windows 10 by blocking the fonts that are not present in the local folder. In such cases, the website will be rendered by substituting the untrusted website fonts with the trusted fonts in local folder. This may however, cause the webpage to render improperly and create problems while printing.
Three states available for untrusted fonts in Windows 10
There are three options available to you when it comes to untrusted fonts in Windows 10. They are:
Block the fonts
Audit mode: you do not actually block the font but you keep a log that shows if untrusted fonts were loaded and if yes, which website and application used them
Exclusion of apps: You can whitelist some of the apps on Windows 10 to use untrusted fonts if you think they won’t be a problem; For example, if you whitelist Word app, it can utilize third-party fonts originating from the Internet even though you have blocked untrusted fonts
The best method, in my opinion, given the limited number of options, is to block all untrusted fonts and whitelist only those apps that pose less threat via downloading fonts to local memory. Compared to a browsers, apps like Microsoft Word, Excel, etc. pose less of a threat as when the fonts are downloaded, your antimalware is triggered and if it finds anything objectionable, it will give you a message or block the downloaded fonts. Browsers, on the other hand, are a complex architecture (relying on rendering engines and processors etc.) so even if the antimalware blocks fonts in memory, cybercriminals may still be able to take control of the machine easily.
Visit my Facebook Fanpage;