EMAIL ATTACHMENTS: .doc, .xls, .ppt
is generally accepted network security practice not to allow
accepting email attachments that are capable of running scripts,
executing instructions, or otherwise initiating activity which
could result in a compromise of the recipient, and/or cause
actions to occur on the recipient workstation
unknown to the recipient. This is not directly related to
virus, trojan horse or worm issues, but rather to legitimate
functions performed in a way that would be unacceptable if
understood by the recipient. Thus, anti virus software can
not protect against malicious .doc document functions.
intentionally designed their software to do these kinds of
things expecting that people would welcome the ability to
send an email, document or spreadsheet to someone that would
play music, show pictures, or do other "cool" things
upon receipt. In so doing, they have created a hackers paradise.
It is now common practice to receive email that will create
Including sending random information found on the recipient
PC to everyone with an email address on that PC (and saying
that the email is from someone other than the real source).
is not to say that all such attachments are going to do something
undesirable. Even so, security aware corporations do not allow
the receipt of any of this class of attachment because to
do so would open the door to unacceptable risk and potentially
enormous disaster recovery costs.
most flagrant of these potentially unsafe files are:
Microsoft does not admit the above are unsafe, they do admit
there are many other file formats that are unsafe, including
many Microsoft file types such as Access, Visual Basic and
many more. If you go to their main web page and enter in their
search box "unsafe file list" you will find, among
other things, the following reference:
Knowledge Base, FAQs, security bulletins, tips...
291369 - Information About the Unsafe File List in Internet
Internet Explorer 6 includes an "unsafe" file list
that is coded in the
Shdocvw.dll file. The purpose of the unsafe file list is to
prevent you from
accidentally opening a file type that could potentially cause
diligence suggests that corporate acceptable use policy require
the use of .rtf or .pdf files in lieu of .doc, and the use
of .csv (comma delimited ascii) in lieu of .xls, thus avoiding
potentially unsafe outcomes.
of the time, .rtf does just fine for nicely formatted document
exchange. It is very easy to tell Word to use .rtf as the
document storage format. If there are lots of graphics in
a document, .pdf is a better choice. There are MANY .doc to
.pdf conversion programs available for free or very little
cost. It is not even necessary to have a full version of Adobe
Acrobat to create and send
graphics rich formatted files is .pdf format.
running red lights, just because almost everybody does it
does not make it safe. If you never send .doc, .xls, etc.,
you can never be suspect. And if you do not accept .doc, .xls,
etc., you can never get compromised by them.
Nova Business Systems, Inc. Reproduction of this article is
forbidden without prior consent from Nova Business Systems,