Fear no attachments

A searchSecurity user offers two simple tips for avoiding malware-infected e-mail attachments.

This Content Component encountered an error
This Content Component encountered an error


This tip was submitted to the searchSecurity Tip Exchange Contest by user Marc Deschenes. Let other users know how useful it is and help Marc win a prize by rating the tip below.

Learn and follow these two simple steps, and you won't have to be afraid of attachments.

1. Don't allow Windows to hide file extensions (those three letters after the "." in the filename).

Why Microsoft ships Windows with its default settings being the most dangerous they can be is a mystery to all of us. Well, I suppose it helps to keep the antivirus companies in business. :-O

By default, Windows is set to hide file extensions of known file types. What this means to you is that you are easy prey to the most common type of e-mail virus tactic, which is to mail an attachment with a filename that looks like something that it is not. The trick is that the virus hackers will simply name the file in such a way as to appear to be a JPG or something harmless, because they know that most peoples' systems will not show the actual file extension. For example, if your system is hiding file extensions, a file attachment of "MyDog.JPG.VBS" will appear in your e-mail program as "MyDog.JPG," which leads you to believe that it is simply a picture, when in fact it is a VB script (a program that can do whatever the virus writer wants if you decide to double-click on it). So, let's change the system setting that determines if file extensions are displayed or not.

To keep Windows from hiding file extensions, do this:

  • Open Windows Explorer, and use the Explorer menu and to to View/Folder Options (or Tools/Folder Options, depending on what version of Windows you have). A window will appear.
  • Click on the "View" tab.
  • In the list of checkboxes on that screen, make sure you uncheck "Hide file extensions of know file types."
  • Click on Apply.
  • Click on "Like Current Folder" to apply this setting to all folders.
  • Then click OK on all windows to get back to your Windows Explorer window.

    Depending on which folder you had selected when you started Windows Explorer, you might immediately notice that you can now see the file extensions for all your files (that you couldn't see before). Actually, there are still some file types that Windows insists on hiding from you, but for our purposes today, this new setting will suffice. To learn more, go to http://apcsnh.com/vacm/.

    2. NEVER just double click file attachments in e-mails directly!! There's a safer way...

    Whenever I get file attachments, here's what I do:

  • First, I do a LiveUpdate to get the latest virus definitions installed (LiveUpdate is Norton, yours may differ. Just get the latest virus updates for your antivirus software installed.)
  • Make VERY sure that your auto-protect is enabled (usually this means that the antivirus icon down in the system tray area does not have a red circle and line through it).
  • Go back to the e-mail message with the attachment, right-click on the attachment and do a "Save As" (this may be done differently in e-mail programs other than Outlook. Just make sure you save the attachment to your hard drive, rather than opening it directly from within the e-mail message by double-clicking on it). I usually do the "Save As" and send the attachment right to my desktop where it's easy to get to later (for deleting or filing somewhere else).

    So, what good did all that do?

    Well, first you got the most up-to-date virus protection. Then, by doing the "Save As" you actually gave your antivirus software a chance to scan the file as it was being written to your disk (desktop or folder you chose). That's right -- you made sure that your antivirus had a chance to look at the attachment.

    Plus, you got to see exactly what the filename was when you did the Save As. If the filename ended in .VBS or .VBE or .PIF or .LNK or .SCR or .EXE or .CMD or .BAT, these are highly suspect. Go ahead and do the Save As to let the virus scan happen, but you might still want to just delete the e-mail since nobody has any business sending you a file of this type, unless they are trying to get you to execute a virus program, that is.

    By the way, if you get an .EXE or one of the other suspect file types, and it came from someone you know, you might just e-mail them back and ask if they sent it to you and what it is. Then wait for their reply before opening it. They may not know they sent it to you if their system has a virus quietly sending infected e-mails to everyone they know.

    If the Save As completes without generating a warning from your antivirus and it is really a valid file (such as a .DOC or .TXT or .XLS), only then should you consider opening the attachment. You can double click on it from the e-mail message, or you can double click the copy you saved to your desktop. Either way, when you are done with the file, you have a copy on your desktop that you can either delete or move to a folder of your choice if it is something you wish to keep.

    Follow these two simple tips always and never fear a file attachment again!


  • This was first published in March 2002

    Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close