|
Security on Your PC: Extensions and Sending Files By Barbara Kreiss (ACUG Webmaster, Webcentric Computer Services)
Due to increased cyber criminal threats and attacks, the utopian vision of global harmony that the computing industry originally designed for, where everyone happily shared files and information, and everyone was honest and upright, now seems naive and shortsighted. A decade ago, no one worried about receiving attachments to their emails. Viruses and worms existed, but were seldom seen. Few people thought virus protection was necessary or indeed ever encountered a virus. With the whole-hearted and enthusiastic embracing of the personal computer (PC), email and the World Wide Web by the public, security issues started to gain in importance as the industry grew. As more people used the technology, and the vulnerable computers grew exponentially, so did the incidences of cyber crimes and criminal hacking. It became incredibly easy to introduce a virus or worm by email or other means and have it spread by social engineering (I Love You virus) and by taking advantage of people who did not update their software. In order to grow the industry in the early days, the software manufacturers had focused on ease of use and added features as the most important factors to develop for. They listened to what their customers wanted, and gave them the bells and whistles they asked for. As the security threat grew, however, the emphasis had to change. The open, share with everyone, gee-whiz features from the past are moving to a more closed cautious approach in the present.
So how do you send a database file to a
friend without them having to lower their security settings? There is a way.
MS Outlook and MS Outlook Express will accept text (.txt) files without a
problem. So she tried it. I am fortunate to have an ISP who filters for SPAM and also aggressively filters for Viruses and Worms (even so, I update my own virus protection daily). However, in this case, the ISP's virus filter stripped the ".txt" attachment from the email and I received nothing but a virus warning! What had happened? After some trouble-shooting back and forth by email, I determined that she had her version of Windows set to hide file extensions. When she tried to rename the file, she simply added .txt to the name. She saw databasename.txt on her desktop, but because she couldn't see the file extension, the file was actually named databasename.txt.dbs! The ISP virus filter rightly saw that as a possible threat and dumped the file.
Having her file extensions hidden was also not a good idea
from a security stand point. She would never know if a virus program was
hidden in files she looked at: for example as in filename.jpg.vbs
because she would not be able to see the ".vbs" (Visual Basic Script)
extension. The file would look to her like filename.jpg and
she might mistakenly open it, setting off a Trojan worm. Here's how you do it in Windows XP:
Click Start
|