File Extensions

White Paper on
File Extensions, Viruses,
E-Mail Etiquette, etc.

I'm going to try and provide you with some information that may keep you from getting a computer virus. It will also enable you to help other people to whom you send e-mail determine that the e-mail you send them is not being sent by a rogue virus program.

First, let's look at how you can get a virus. I'm not going to try and cover every conceivable situation in this article, only the most common ones. I will assume that you don't have a virus checking program, but I will also cover how to select and use an anti-virus program later.

There are generally only two ways people get a virus.

The first is via e-mail and the second is by bringing an infected file from another computer via floppy or other removable media.

Let's look at how you get a virus via e-mail since this is the most common way viruses are transmitted these days.

Generally a virus infects a computer when an e-mail is sent with an attachment. Just "opening" the e-mail will not generally infect a system. However, when there is an attachment and the user clicks on the attachment then all bets are off. You simply "MUST" understand the consequences of this action. Later on I will elaborate more on this.

There are two things that should give you a clue if this attachment "could" contain a virus. The first is what is called the "FILE EXTENSION". The file extension is the last set of characters after the last period in the filename.

Example 1
Windows 95 filename.doc

This would be a filename that you might see in a Windows type of environment. There can be spaces in it and it can be up to 256 characters long. The extension in this case would be .DOC which would most likely indicate a Microsoft Word (DOC)ument.

Example 2
My Picture.gif

This would be a picture file because the extension is .GIF which is a graphics file format (see table below). You can set options on your browser such that this may not show as an attachment but will just show as a picture inside your e-mail.

Example 3
My Picture.gif.vbs

This is the sneaky way that viruses get into your system. If you glance at this you might think the extension is .GIF. However, remember what we said earlier. The extension is the LAST set of characters after the last period. So the extension above is .VBS which is a Visual Basic Scripting file (hence VBS). It's not important to understand what that means but is important to know whether it is safe to open this type of file (the table below will tell you). Hint: It's NOT safe to open such files.

If you look at an extension and you don't recognize it or you look at it and it is one of the types listed below that can contain a virus then you need to look at WHO sent it to you and what (if anything) they said in the body of the message.

It will help if you understand how viruses are spread. The most common way is that once a computer is infected by a virus, most viruses will try and find e-mail addresses on your system and e-mail itself to any address that it can find. That is how it spreads. Most of the time the virus uses the names in the Microsoft Outlook address book. If you aren't using Outlook (or LookOut as it's more affectionately known), then your risk of spreading the virus is diminished. Once it finds the names, it sends an e-mail message to the people in your address book posing as you. Sometimes there will be a subject line and sometimes there will be a message in the body of the e-mail. However, there will almost always be an attachment. The attachment IS the virus.

Depending on how clever the virus is, the subject line might have the person's name that the message is being sent to such as . . .

"Hey Jim, thought you might be interested in this" or "Hey Jim, check this out for a good laugh".

The body of the message may be blank or it may have a generic sentence or paragraph something like . . .

"I found this really interesting program that will display the time of day in all 24 time zones. I thought you might be interested."

The attachment might have a filename like "World Time.exe".

So let's examine this example. Look at the sender's name. If you recognize it then ask yourself this, "Would the sender have any reason to believe that you would be interested in time zones in other countries?" Remember, the FROM: address is more than likely going to look like it came from somebody you know since you were in their address book. If you don't have any reason to believe that this person would know you were interested in "time zone" data then you need to look at the body of the message. If the body of the message is a generic message that could be sent to anyone and it would make sense, then you have to ask yourself if a virus program could have sent this.

This is where the E-Mail Etiquette part of this article comes in. If you really were sending this to someone named Jim then this is what the message might look like. . .

Subject:
Hey Jim, thought you might be interested in this time zone program"

Message body
"Jim,

You were asking me the other day if I knew of a program that would display the time zones around the world. Here is a program that will do just that.

Talk to you later,
Joe

P.S. Tell Linda Hi and we hope to see you Sunday."

Notice that the subject line indicates what this message is about. In addition, the body indicates that you were discussing this with Joe earlier.   Plus, Joe had done something that is a dead give away that this was NOT sent by a virus program. He added a P.S. and made reference to specifics that a program would not possibly know (Linda, Joe's wife's name and the fact that they would see them Sunday). This is what you need to do if you are sending files (with attachments) that someone might think could contain a virus. Put something specific in the body that a generic virus program couldn't possibly know. A family member name, a colleague's name, an event, etc. This will help the recipient evaluate whether this e-mail is really from someone they know or was sent by an imposter (a virus).

If you don't have any reason to believe this message was sent to you by the sender because you requested it then you must ask yourself "Do you feel lucky?".   Obviously a virus scanner program can help so I'll cover that in a moment.

Remember, I told you that there were two ways to get a virus, e-mail and floppy.

If you transfer files from other computers to your computer then you simply "must" be able to convince yourself that these programs are free of viruses BEFORE you copy it to the destination computer.

This is where anti-virus programs come in. I happen to be partial to Norton Antivirus but there are several good programs on the market.

Today, the anti-virus programs will actually scan attachments in your e-mail when you click on them. This is a great improvement from anti-virus programs of a few years ago. If you use Explorer or Netscape then these anti-virus programs have plug-ins that will interface with these e-mail programs.   A word of advise . . . always update these programs as new versions become available. The price is small compared to the protection you will receive. Plus, newer versions tend to offer features such as e-mail scanning that an older version might not offer. Also, you need to update the VIRUS DEFINITION files frequently. Every two weeks is more than adequate but certainly once a month. In particular, if you hear about a virus that is spreading you will want to get the latest definition files from the publishers web site.

Personally I DON'T let anti-virus programs install themselves the way most of them want to. I don't let the program load at start-up or place itself in the Windows task bar. I have just found too many situations where this causes more problems than it fixes. Since I know when I'm about to expose my system to the possibility of a virus infection I manually scan any files that might be suspect "before" I load or run the questionable file.

OK, so I've told you how you get viruses, what you can do to protect yourself and how you can help other users to whom you send e-mail be more comfortable that the attachment you are sending is really from you. Now, what you need to know is which file extensions are safe and which ones aren't.

I have made a table below which is NOT complete by any stretch of the imagination but it does cover the most common file types that you might find being sent to you. If you receive a file with an extension that is not listed on this list then it is up to you to know whether or not the file is capable of doing any damage. Again, when in doubt, scan the file.

Common File Types File types in red are capable of infecting your system with a virus. Open these files at your own risk. CLICK HERE for a smaller version of this table suitable for printing.
.EXE .COM	These two are THE MOST DANGEROUS. These are programs. A program can do anything it wants to do. It can be a nuisance and not do any real damage or it can delete every file on your system and any network drive it can find. These programs do not depend on the existence of any other program you might have loaded on your system.
.DOC .XLS .PPT .MDB	These are Microsoft Word, Excel, Power Point and Access data files. These programs have a macro facility that a malicious user can exploit to embed a virus in a document. Don't open it unless you know the source. You must one of the above applications to open this file type and be exposed to the virus. There are a number of VIEWER type programs that allow you to look at the data without actually running the application (Word, Excel, etc.) You are generally pretty safe doing this as most viewers do not deal with the macros embedded in the data.
.GIF .JPG .JPEG	These are graphics image formats. You cannot get a virus by opening one of these files. Very safe. Most modern browsers support these file types and may just display the picture without even showing that it is an attachment.
.PCX .PNG .PDF	These are additional graphics formats. You may or may not need an additional application other than your browser to open them. PDF files require an Adobe Acrobat reader. Very safe.
.TXT	This a simple text file and cannot contain a virus. Most browsers can display the attachment automatically without showing it as an attachment and having to click on it.
.HTM .HTML .ASP	These are file types associated with a web site. Unfortunately, it is possible for a malicious web site to infect your system with a virus if you don't have the proper settings on your browser. Bottom line . . . If you are sent an e-mail with a link to web site and you don't recognize the web site then access it at your own risk. You can't run any kind of virus program to protect against this type of attack.
.SCR	This is a "Screen Saver" program. It can contain a virus. Do not run it if you don't know the source.
.BAT	This is an MS-DOS batch file. It can contain any command that you could run from your system. It can be just as dangerous as an .EXE or .COM file type.
.VBS	This is a VB Script (Visual Basic) file. It can do serious damage also. Do not open it unless you know the source.
.DAT .FIL	These are generally data files and as such cannot contain a virus. Generally, you cannot get a virus from any file that only contains data. An example of a DATA ONLY file would be Quicken or Microsoft Money data files,
.ZIP	Zip files contain one or more compressed files. By themselves .ZIP files are not dangerous. However, once the .ZIP files are decompressed they can contain any of the file types above. You must understand what is being sent to you in order to determine your exposure.

CLICK HERE for a smaller version of this table suitable for printing.

I know there are thousands of other file types, but these are the most common. The ones in red are the ones to be aware of.

Remember, "Curiosity Killed the Cat". If you don't think someone sent you the file specifically you must either delete the file without opening any attachments, scan the attachments with an anti-virus program that has up-to-date virus definition files or call/e-mail the sender to find out if they really sent you the file. Any other action will put you and or your entire company at risk.

I hope this helps. I want to leave you with just a few last thoughts.

Don't be an innocent spreader of a virus. If you get a chain letter e-mail with an attachment or you receive a "Virus Warning" and it says to send it to everyone you know. . . Don't. Just delete it. Even if you are told that you will die from a horrible death if you don't follow the instructions. If you send a virus to all your friends you might REALLY die of a horrible death if the virus does any real damage to their systems. Just play it safe. When in doubt, DON'T. If you receive a virus warning and really want to see if it is a valid warning and not a hoax then go to the Symantec web site below and type in a few keywords about the virus. It will quickly tell you whether or not the virus is a hoax. Most of the virus warnings that I receive are a hoax.

Symantec Antivirus Hoax Research Center

Most virus do not announce their presence (at least not immediately). If you click on an attachment that has a .EXE or .COM file extension you might actually be presented with some delightful entertainment such as a simple game or an animated graphic. But while you are playing the game or watching the graphic image the virus has been activated and will do it's damage when instructed to do so. You are most likely not even going to know you received the virus until some time later unless it is very malicious and starts destroying items immediately.

You will notice that through out this article I used the term "generally" and "most likely" several times. It is impossible to cover every conceivable possibility in trying to describe how a virus can attack a system. So the best that anyone can do is inform you as to what "generally" happens. That is the intent of this article. If I can just educate people to pay attention to the issues raised in this article they will be an order of magnitude more prepared than those that don't understand how viruses can infiltrate their computer.