Since pictures are also a vehicle for distribution of unwanted devices to be installed on your hard drive
I'm not sure what you mean by this, can you explain?
There are FTM members better equipped than I to explain the technicalities but, as I understand it, the code for things like viruses or devices to collect information can be hidden in the code for an image. By viewing or using the image, the recipient unknowingly provides an invader with access to their hard drive.
This is only an issue with compressed pictures. Uncompressed formats like TIFF are always interpreted as pictures.
When a picture is compressed, like jpeg, gif, pdf, etc, the file can contain instructions for how to uncompress the image, and parameters for use in the decompression.
If the decompressing program is poorly written, invalid information can be used to make a "specially crafted image file" as the security people would say. Usually the goal is to exploit a bug in how the decompressor handles unexpected, uncommon, or invalid compressed data. Sometimes it causes the decoder to crash. In the worst cases, it causes the decoder to generate more picture information than it's expecting to, and the information overflows from the picture data in memory into other memory being used for other things, like to store running programs. This is a "buffer overflow". The worst outcome of that is that the decoder is tricked not only into overflowing its buffer, but doing so in a very specific way, storing very specific information in the overflow. This information can wind up in the middle of a running program, and can then get executed as program instructions. At that point, the picture has created a running program, usually running under the authority of the decoder. Security people call this "arbitrary code execution".
If the decoder is "sandboxed", the rogue program can't usually do a lot because it doesn't have access to the entire computer, but that is sometimes combined with other exploits (code that takes advantage of bugs that create security risks) that allow code to break out of the sandbox. This can result in "privilege escalation", meaning the rogue program has more access to the computer than the picture decoder.
The recent "browse to this web page to jailbreak your iphone" page takes advantage of these two issues to overwrite protected programs on the iphone to jailbreak it, simply by browsing to a web page that has a specially crafted image file that exploits a bug in the browser's image decompressor, causing a buffer overflow and code execution, and the code exploits a privilege escalation to perform the jailbreak.
So, simply attempting to
view a compressed picture (or video) can be risky, if your picture viewing software isn't secure and bug-free. Quicktime has been an ongoing target for malware, but Apple does a pretty good job of keeping on top of it. The mere presence of quicktime on a mac is a huge plus - programs that want to render images and video don't have to do it themselves and make sure their code is perfect - they rely on Apple's quicktime APIs to do all the picture decoding so all the security is in one central place, carefully managed and maintained. Windows only recently started centralizing image and video decoding, so internet explorer, an app with all the image rendering inside it, has always been a popular target for malware and gateway into your computer.