RSS and Viruses?

Thanks to Steve Matthews for clearing up some misconceptions over at Vancouver Law Librarian Blog.

In his post RSS and Viruses? he clarifies:

Are RSS feeds a virus risk for law firms? or any other company? I’ve had this question before, so let’s clear this up. The answer is NO!

RSS is an xml file, which by definition is an ASCII text file with mark up. It is an interpreted file. By itself, it cannot execute a virus. The only potential risk would be within the feed’s description field, which can carry html data. Viruses can be embedded within html, but there is no more risk to allowing RSS feeds than allowing employees to use html email, or to surf the web.

Also, consider the facts. Email recipients never choose to get spam, and web surfers cannot anticipate clicking on an expired domain that’s been redirected to an unsavoury website. RSS users, on the other hand, choose their content sources. On that point alone, which technology would you trust?

Let me emphasize one of his statements above: “there is no more risk to allowing RSS feeds than allowing employees to use html email, or to surf the web.”

The question came to me yesterday. I knew intuitively why it didn’t make sense that RSS would bring in viruses, but I didn’t have the technical knowledge to explain why. Thanks to Steve for this. Hopefully this will reduce some of the “fear of the unknown” as people try to make bold changes in their organizations!