Is it Safe to double-click a file?
Someone recently asked me if it's safe to open a text file (received
via email) by double- clicking it. A couple of years ago I would
have said "no problem - you can't get a virus from opening
a text file".
Well, that's still true, but the problem is, how do you know it's
a text file?
If you see a file attached to an email message with a file name
like "myfile.txt" you can't really be sure that's its
full name. Windows has a sneaky practice of hiding some file extensions
and refusing to show them, so the real name of the file could be
something like "Myfile.txt.pif"
The file extension .pif indicates a shortcut to an MS-DOS programme,
and it can be used to execute code. There are a few other file extensions
such as .scr and .shs which also remain hidden and can be used to
execute code.
People who create viruses have recently made use of this feature
of Windows to spread viruses via files with innocent sounding names.
For example, someone recently sent me an email message with a file
attached called "News_item.doc" When I did my routine
check, I found that the file's real name was "News_item.doc.scr"
and that it was carrying the "Badtrans" virus. It received
the appropriate treatment!
The safest thing to do with email messages that just arrive in
your in-box with attachments is to just delete them immediately.
However, if you're reluctant to do this because you think the file
may be harmless and genuine, I would still recommend that you DON'T
open by double clicking.
It would be safer to first save the file attachment (eg to the
desktop) and then open it from the application it's intended to
run in, using file - open. For example, if I had received the file
mentioned above (News_item.doc) in Outlook Express, I could save
it to the desktop by right-clicking the paperclip for this file
in the email message window and choosing "save as", then
start up Wordpad and use it to open the file from the desktop. This
would display any text readable content in the file without the
risk of executing any code hidden in the file, offering the chance
to form an impression of whether it's a genuine document.
By the way, if you want to delete an email from Outlook Express,
remember you have to do it twice. When you first delete an email
it is sent to the Deleted Items folder. You then have to open the
Deleted Items folder and delete the email from there.
Another "by the way" - don't think that because you have
an antivirus package on your computer you can open any files with
impunity. An antivirus package is worth having but none will provide
absolute protection. They have to be properly set up and kept up
to date.
The famous "Love Bug" virus went undetected long enough
to cause havoc all around the world because it spread quickly and
did its work before the antivirus manufacturers were able to update
their virus definition files.
- by John Selby - technical bloke.
First Printed in SNN Newsletter February 2002
|