Someone recently asked me if it's safe to open a text file (received via email) by double- clicking it. A couple of years ago I would have said "no problem - you can't get a virus from opening a text file".

Well, that's still true, but the problem is, how do you know it's a text file?

If you see a file attached to an email message with a file name like "myfile.txt" you can't really be sure that's its full name. Windows has a sneaky practice of hiding some file extensions and refusing to show them, so the real name of the file could be something like "Myfile.txt.pif"

The file extension .pif indicates a shortcut to an MS-DOS programme, and it can be used to execute code. There are a few other file extensions such as .scr and .shs which also remain hidden and can be used to execute code.

People who create viruses have recently made use of this feature of Windows to spread viruses via files with innocent sounding names. For example, someone recently sent me an email message with a file attached called "News_item.doc" When I did my routine check, I found that the file's real name was "News_item.doc.scr" and that it was carrying the "Badtrans" virus. It received the appropriate treatment!

The safest thing to do with email messages that just arrive in your in-box with attachments is to just delete them immediately. However, if you're reluctant to do this because you think the file may be harmless and genuine, I would still recommend that you DON'T open by double clicking.

It would be safer to first save the file attachment (eg to the desktop) and then open it from the application it's intended to run in, using file - open. For example, if I had received the file mentioned above (News_item.doc) in Outlook Express, I could save it to the desktop by right-clicking the paperclip for this file in the email message window and choosing "save as", then start up Wordpad and use it to open the file from the desktop. This would display any text readable content in the file without the risk of executing any code hidden in the file, offering the chance to form an impression of whether it's a genuine document.

By the way, if you want to delete an email from Outlook Express, remember you have to do it twice. When you first delete an email it is sent to the Deleted Items folder. You then have to open the Deleted Items folder and delete the email from there.

Another "by the way" - don't think that because you have an antivirus package on your computer you can open any files with impunity. An antivirus package is worth having but none will provide absolute protection. They have to be properly set up and kept up to date.
The famous "Love Bug" virus went undetected long enough to cause havoc all around the world because it spread quickly and did its work before the antivirus manufacturers were able to update their virus definition files.

- by John Selby - technical bloke.

First Printed in SNN Newsletter February 2002