"Nova Business Systems has always had our best interests at heart. And they've always given us helpful, informative answers to our questions."
OSAA, Wilsonville, OR

It is generally accepted network security practice not to allow accepting email attachments that are capable of running scripts, executing instructions, or otherwise initiating activity which could result in a compromise of the recipient, and/or cause actions to occur on the recipient workstation
unknown to the recipient. This is not directly related to virus, trojan horse or worm issues, but rather to legitimate functions performed in a way that would be unacceptable if understood by the recipient. Thus, anti virus software can not protect against malicious .doc document functions.

Microsoft intentionally designed their software to do these kinds of things expecting that people would welcome the ability to send an email, document or spreadsheet to someone that would play music, show pictures, or do other "cool" things upon receipt. In so doing, they have created a hackers paradise. It is now common practice to receive email that will create corporate havoc.
Including sending random information found on the recipient PC to everyone with an email address on that PC (and saying that the email is from someone other than the real source).

This is not to say that all such attachments are going to do something undesirable. Even so, security aware corporations do not allow the receipt of any of this class of attachment because to do so would open the door to unacceptable risk and potentially enormous disaster recovery costs.

The most flagrant of these potentially unsafe files are:

While Microsoft does not admit the above are unsafe, they do admit there are many other file formats that are unsafe, including many Microsoft file types such as Access, Visual Basic and many more. If you go to their main web page and enter in their search box "unsafe file list" you will find, among other things, the following reference:

Support & Troubleshooting
Knowledge Base, FAQs, security bulletins, tips...
291369 - Information About the Unsafe File List in Internet Explorer 6
Internet Explorer 6 includes an "unsafe" file list that is coded in the
Shdocvw.dll file. The purpose of the unsafe file list is to prevent you from
accidentally opening a file type that could potentially cause problems on
your computer.;ZH-TW;291369

Due diligence suggests that corporate acceptable use policy require the use of .rtf or .pdf files in lieu of .doc, and the use of .csv (comma delimited ascii) in lieu of .xls, thus avoiding potentially unsafe outcomes.

Most of the time, .rtf does just fine for nicely formatted document exchange. It is very easy to tell Word to use .rtf as the document storage format. If there are lots of graphics in a document, .pdf is a better choice. There are MANY .doc to .pdf conversion programs available for free or very little cost. It is not even necessary to have a full version of Adobe Acrobat to create and send
graphics rich formatted files is .pdf format.

Like running red lights, just because almost everybody does it does not make it safe. If you never send .doc, .xls, etc., you can never be suspect. And if you do not accept .doc, .xls, etc., you can never get compromised by them.

©2004, Nova Business Systems, Inc. Reproduction of this article is forbidden without prior consent from Nova Business Systems, Inc.


Nova Business Systems, Inc. PO Box 1005 Lake Oswego OR 97034
Phone: 503-636-8414 email: sales
©2004 by Nova Business Systems, Inc. All Rights Reserved.
Privacy Policy: Your information will not be disclosed.