Number 223 - December 2001

Is Danger Lurking in Your E-mail Attachments?
by Ray Mills, President & Webmaster, Tacoma Open Group for Microcomputers
Which of these extensions are safe and which aren't:        .VBS .REG .PCD .PIF .SCR     Guess what? They're all potentially dangerous. Opening files with these attachments has the potential to install a virus, worm, or Trojan horse.     Most viruses, worms, and Trojan horses are spread via email. It's no longer safe to blindly open files attached to your email.     Opening files attached to an email is the computer equivalent of Russian roulette Computer safety rules     It's crucial that everyone follow the three golden rules of computer safety:     . Install a good anti-virus program and update it weekly.     . Update your browser, email program, and operating system regularly to patch security holes.     . Don't open email attachments.     You've heard me say it a million times: Never open email attachments. Viruses spread quickly, and up-to-date, anti-virus software is no guarantee of safety. If you open files attached to your email, you are running a risk. It doesn't matter if the email comes to you from someone you know--most viruses do.     If you must open an attachment, make sure it is not an executable file. If an attachment contains no executable program code, it can't contain a virus. It is very difficult to know if a file contains executable code.	I was doing some research last night and found this list of executable extensions. I had no idea that there were so many plus there are probable more.     The following file extensions can contain executable code. This means they can potentially carry a virus to infect your computer or execute something like fdisk.exe (which can reformat your hard disk - ed)     Add any extension for a document that contains macros, including Microsoft Word, .DOC, Microsoft Excel, .XLS, and Microsoft Powerpoint, .PPT. Beware of .HTM and .HTML files; they may not be safe because they can access the Internet to download unsafe files.     Mac extensions     It's harder to detect executable files on the Mac. Some common file types that may cause problems are Applications (APPL and APPC), Extensions (INIT), Control Panels (cdev), AppleScripts (osas), and files containing macro scripts such as Microsoft Word (WDBN), Excel (XLS8), and Filemaker (FMP5).     The future or viruses     This list of dangerous file types is far from complete, and it changes all the time.     It's possible to get a virus that activates just by reading an email. No attachment is necessary. A recent virus known as Wscript.KakWorm spread by taking advantage of a security hole in Microsoft Outlook Express. Many people became infected even though there was no attachment to the email.     I expect to see similar exploits in the future. If you must send email attachments, do it safely. As for me, don't bother to send me attachments of any kind. I never open them.
Number 223 - December 2001