Email attachments can be dangerous to your computer!
This message only relates to you if you have or are planning to use a
MIME compliant email program such as zmail or Eudora.
Many of the world's electronically challenged people mistake email for
a file transfer mechanism, and assume that everybody is using Micro$oft
soft-headed software.
As a result, they are sending an increasing number of binary
encoded files around as MIME email attachments, under the assumption
that the person on the other end has the same kind of email system as
them. Don't let this silly practice by fools tempt you
into configuring your email program in an unsafe fashion.
When you receive an email message with such a program, then depending
on the configuration, it will either
- automatically detach itself when it is viewed,
- invoke a program with the attachment as input to the program,
- invoke the attachment as a program.
While this may be convenient, this is an extremely easy way to
transmit viruses to your computer, and users should be careful in
configuring and using such email programs. Here are some guidelines:
- Don't add additional MIME types to your configuration unless you know
the consequences.
- Make sure that your configuration places detached files in a safe
area. Otherwise you risk having your .cshrc file or your autoexec.bat
file overwritten by an email bomb.
- Don't open attachments unless you think you know what is in them.
- Don't open email attachments unless you recognize the sender, and
certainly don't open email attachments that come from a mailing list.
Keep in mind that the source of email can be faked, so this is not a
reliable method of protection.
At some point in the future I expect that someone will mount a mass mailing of
viruses across the Internet using this transport method, and I expect much of
the world to be caught unprepared. At that point everyone will blame "the
Internet" for having no security, but in fact the blame should be placed on
the people who sell nonsense like MIME and MAPI when they know about the
security risks. Many people find MIME convenient (I do not). If you insist
on using it, you should at least be aware that attachments carry some risk
with them. For further information on a related subject, see the note from
CIAC. See also the recent disclaimer from Microsoft about
the
virus spread through a Microsoft Word document. They try to
minimize the risks of their software, presumably for marketing reasons.
Return to my home page.