How to prove the font contains no virus?

Hello, I am a designer from Tokyo and new here.
I could really benefit from your professional experience.

Now, I am planning to design a corporate-font with Glyphs for a company in Japan, as my business.
To do that, I have to prove the font I will deliver (will be .ttf) contains no virus, malware and such a things, since the font will be in the system of the company.

It sounds a bit weird question. But,

  • Is there a way to prove that to the client?

If you have the same (or similar) experience in the past, I would appreciate it very much if you could tell me about it.
Also any suggestion would be thankful!

Thank you very much for your time.

2 Likes

This is a quiet unusual request.
You can’t prove that, because whatever you tell them is no prove. You can tell them how they can prove it themselves. There are several options:

Run it through a virus scanner.

Convert the font to XML with ttx. Then they can check for hidden code.

Use is as a webfont in FireFox. They have pretty good guards against malicious fonts. If it shows up in the website, ti should be fine.

3 Likes

I 100% agree with all that.

The data in an OpenType/TTF font is relatively inert except for the hinting. If a TT font is not hinted, then it is not executed in computational terms; its just data that is interpreted rather safely.

The data in a OpenType/CFF font is interpreted in a less safe way, and has been the source of some security problems; eg http://googleprojectzero.blogspot.com/2015/07/one-font-vulnerability-to-rule-them-all.html

1 Like

Thank you so much for your reply.
I might be going to tell those 3 options to my client just as it is.
Thank you again for the golden tips!

Thank you so much for your reply too.
Since you agreed with GeorgSeifert, the opinion became much persuasive.

  • your knowledge and case example is very helpful. Thank you very much!