MIME can be dangerous to your computer

Email attachments can be dangerous to your computer!

This message only relates to you if you have or are planning to use a MIME compliant email program such as zmail or Eudora.

Many of the world's electronically challenged people mistake email for a file transfer mechanism, and assume that everybody is using Micro$oft soft-headed software. As a result, they are sending an increasing number of binary encoded files around as MIME email attachments, under the assumption that the person on the other end has the same kind of email system as them. Don't let this silly practice by fools tempt you into configuring your email program in an unsafe fashion. When you receive an email message with such a program, then depending on the configuration, it will either

automatically detach itself when it is viewed,
invoke a program with the attachment as input to the program,
invoke the attachment as a program.

While this may be convenient, this is an extremely easy way to transmit viruses to your computer, and users should be careful in configuring and using such email programs. Here are some guidelines:

Don't add additional MIME types to your configuration unless you know the consequences.
Make sure that your configuration places detached files in a safe area. Otherwise you risk having your .cshrc file or your autoexec.bat file overwritten by an email bomb.
Don't open attachments unless you think you know what is in them.
Don't open email attachments unless you recognize the sender, and certainly don't open email attachments that come from a mailing list. Keep in mind that the source of email can be faked, so this is not a reliable method of protection.

At some point in the future I expect that someone will mount a mass mailing of viruses across the Internet using this transport method, and I expect much of the world to be caught unprepared. At that point everyone will blame "the Internet" for having no security, but in fact the blame should be placed on the people who sell nonsense like MIME and MAPI when they know about the security risks. Many people find MIME convenient (I do not). If you insist on using it, you should at least be aware that attachments carry some risk with them. For further information on a related subject, see the note from CIAC. See also the recent disclaimer from Microsoft about the virus spread through a Microsoft Word document. They try to minimize the risks of their software, presumably for marketing reasons.

Return to my home page.