All newer version of Windows comes with a built-in image viewer. For example Windows XP came with Windows Picture and Fax Viewer, Windows Vista with Windows Photo Gallery and finally Windows 7 with Windows Photo Viewer. They are very useful because it has very basic features such as zooming, rotate and even playing slide show which are probably enough for basic computer user. All default image viewers in Windows can also open most common image formats such as JPEG, BMP, GIF, TIFF and PNG making most users don’t really need to install a third party image viewers.
One of my personal philosophy for computers are “less is better”. If you don’t need it, don’t install it. If it ain’t broken, don’t fix it. However after many years in fixing computer problems, I noticed many times that when I try to improve something that is working fine without problems, I will end up discovering a bigger problem and it would be even harder to fix. Today my recommendation to every Windows user is to use a third party image viewer and STOP USING the default image viewer provided by Microsoft. Reason is I recently found out that there is a private JPG exploit (selling as much as $4000) that when you double click on the JPG file and you can instantly get infected by malware turning your computer into a bot. This is either done by binding the malware into the JPG file or the JPG file is able to secretly download and run the malware. This updated JPG exploit is similar to MS04-028 but still unknown by Microsoft.
So now you know the danger of using the default image viewer provided by Microsoft. Using a third party image viewer and associating at least JPG extension lets you avoid being infected through this exploit. Another good thing about using a good third party image viewer is you get to do lossless rotation on JPEG photos. Here are a few reliable and popular image viewer that I recommend.
1. XnView (2.97MB)
What I like most about XnView is the tab and the shortcut key to close and switch between tab is the same as Firefox. Double clicking on the image from the XnView browser tab opens the image in a new tab and doesn’t fill up the screen in full. However, I noticed that XnView takes up a lot of memory usage, as much as 65MB to open up 8 JPG images in different tabs. Support about 400 graphic file formats and has the ability to adjust brightness and contrast, apply filters and effects but lack of editing features. Freeware for private non-commercial, educational use and non-profit organization.
2. IrfanView (1.32MB)
No tab support. Opened up 8 images at different window and took up a total of 55MB. The image viewer and the image browser (IrfanView Thumbnails) are 2 separate program. Can do JPG lossless rotation and support panorama creation. Has a paint dialog for basic image editing function. Has tons of features because of the plugin support. It’s fast, light, comes with a lot of features but I would personally prefer that the browser and viewer to be together with tab support. Free for non commercial usage.
3. FastStone Image Viewer (4.54MB)
No tab support and allows only one instances. Opening one image takes up 25MB. If you have dual monitor, you can display thumbnail browser on one and full screen preview on another monitor simultaneously. Comes with effects and filters, red eye removal, JPEG losless rotate, compare images and batch convert/rename. Free for home users.
4. Photoscape (16.5MB)
Doesn’t support tab. Each image is open at a new window. Felt a slow delay when opening an image. Opening 8 images on new editor window takes up 115MB. By default opening thumbnails in viewer tab shows full screen view but that can be disabled in options. Has basic image editing capabilities, batch editor, combine images, create animated GIF, image splitter and a very useful color picker.
My personal favorite for image viewer would be XnView (although IrfanView claims that XnView has been stealing/cloning features from them) mainly because of the tab support, the shortcut key that is the same as Firefox and also opens fast. By using third party image viewers, you get more control over viewing images and also avoid being a target of the JPEG exploit. I am sure there are a lot more third party image editor and if you’re using one that is not mentioned above, do share with us.
Related posts:
What about picasa and picasa photo viewer? Do you know how beautiful and easy is to navigate through photos?!
zoner photo studio free and wild bit viewer
Thanks, Raymond!
For simple image viewing, I still use a version of LView (1.d2) I started using with win95. It’s as light as it gets… the executable is less then 500kb, and the memory used roughly equals 5x the size of the image (a 1mb image = 5mb memory). Can’t beat it ;)
thanks ray, nice article
Not sure about that Jimbo. Perhaps the safest way is to just associate all known image formats to third party image viewers.
So if you rename that exploit in png and open it with default image viewer provided by Microsoft what happens? Nothing? You said in your article “Using a third party image viewer and associating at least JPG extension lets you avoid being infected through this exploit.”
hi, thanks for all the numerous tips you’ve been dropping over the years. I use picassa photo viewer. Is it safe from this exploit? In case I’m already infected by malware (I only started using picassa some days ago), how do I know/remedy the situation?
vdyll, I don’t know how it exactly works but I’ve seen it in action before. It’s an exploit and like i mentioned there are people selling it at $4,000 in underground forums.
This exploit only works on the default image viewer in Windows, hence using other image viewers protects the user from this exploit. I’ve actually already explained about this on the article.
I would love to know how this jpg exploit works. As far as I know, you can hide exe files and javascript in a jpg, but it won’t run. It’s how the data is stored. jpg works in such a way that at the end of the image data, jpg tags it. You can then add data on to that, such as an exe or javascript without anyone knowing, because all that’s read is the jpg data. For the exploit to run, you need to convert the jpg into a true bitmap (removes the jpg tag so the malware code can be seen) and save it as something like an hta, allowing the malicious code to run.
Can you please explain how the hidden malware is runnable from a .jpg? And how do these programs protect from such a threat? (not that I advocate Micro$soft, Linux user here, but I like to have a reason for things)
I work with thousands of images, including .psds and .tiffs that often go above 600-700MB each so I really need a reliable viewer (for editing I always use Photoshop). I use (or least had been using till now) ACDSee Pro 3 because of the preview bar BUT it has problems when it comes to a gallery of 1000 images most of which above 7-12 Megapixels and when you add tiff and psd it’s like an old horse, but I really liked the bar with the small previews in this version.
However, I would like to thank Raymond for this topic and give my profound gratitude to Dumbo for this wonderful program! I’ve tried lots and lots and lots of software (this Zoner app SUCKS hard!) and finally I found a viewer simple, reliable, FAST, smart and that can open a 811MB psd with lots of layers in 5400×7200 in just a few seconds! ACDSee could never do that, nor the other acclaimed programs.
MY ADVICE TO ALL:
FastStone MaxView (most current 2.4)
Thanks again Dumbo!
@Raymond (comment #12)
I think you meant “As long as you’re NOT using the Windows default Image Viewer, then you’re safe.” :)
@abdullah (comment #3) You never know. Its the world wide web, buddy. You’d be better off using a 3rd party app as Raymond suggested.
I’ve tried IrfanView before and it’s good. Picasa and Windows Live Photo Gallery are also good alternatives. But yeah, Picasa memory usage can go upto 80 mb even in idle state.
I use FastStone MaxView 2.1, it’s faster than all you mentioned.
I prefer InfranView with Ghostscript. It allows you to view all those proprietary Adobe formats without installing a bunch of crapware
I used XnView before and I also think it’s the best from the ones you’ve mentioned, but since I also have the “less is better” approach and I started using Picasa because I wanted to use some of the features it provided and that these viewers/editors didn’t have such as more organizing (by person), uploading (to picasaweb, flickr, blogger), and sharing features, I decided to switch completely to Picasa and stop using XnView.
Thank you for the “heads-up” Raymond – much appreciated.
Thanks Raymond.
I am considering replacing Windows Photo Viewer with ACDSee Pro (3.0.475). Does it is able to avoid JPEG exploit?
irfanview i guess, thanks mate!
All 4 sites are working, I just accessed them few seconds ago.
went to a site you talked about but no longer available….Wiredness…bummer.
i choose irfanview as the best, because can automatically play the png and all animation picture
well i am more interested to know about that exploit :D
i guess firewall would be only escape to that
Thanks as always Ray :)
I’ve been using Fastone Image Viewer since some months and to me it’s the best free image viewer.
It’s easy, light and fast.
Also thank you for letting me know about that exploit.
Keep up the good work!
Andrea
Or Fast Picture Viewer which is also very good.
Picasa is able to avoid the JPG exploit as well. As long as you’re using the Windows default Image Viewer, then you’re safe.
Is Picassa also safe to use?
My first favorite is Faststone Image Viewer and second one is Xnview. Both of them very powerfull to do simple work about photos
-I also don’t like Windows 7 ‘Windows Photo Viewer’.
-I use Microsoft Office ‘Picture Manager’ to View/Edit images .
-If I wanted to use a 3rd party Photo Viewer, it would be XnView.
how about picasa ? why you don’t include it ?
i think it’s very excellent
Thanks..
I think Picassa deserves a place too..
Have you tried Zoner Photo Studio Free before Ray? It looks a little like ACDSee.
free.zoner.com/
Wat abt Windows Live Photo Gallery? I have heard that it is a pretty good replacement to the default image viewer in Windows.
Thanks Raymond. Another one I like (viewer/basic editor) is Zoner free version. It has replaced all photo viewers on my home computers. I hope you get a chance to review it sometime. I wrote Zoner and asked about the differences between the free version and the Xpress version which usually comes in magazine offers. I was told the free version is updated regularly while the Xpress not so much. In fact I saw an update came in the free version today- now on Version 12 Build 10.
can you add a facebook share button ?
and regarding the article I don’t think that the guy who will pay the 4000 $ will come to me , so I’ll stick with what I have :)
great informative article ,,
thanks :)
Already use all and I found FastStone Image Viewer is the best!
Thanks for sharing this news Ray.
I guess anyone can be safe from this exploit by having its antimalware app up-to-date. Antivirus vendors should be informed already of this dangerous threat.