We've all heard of viruses by taking over a user's email address book and sending a message with the virus in it to everyone in the address book. How can we protect ourselves from those? The answer is that each of us will probably receive some of these. The main question is whether we open the infected attachment and infect our own computer, or whether we just delete the message (and delete it from "Trash" as well) and avoid the infection.

I think about whether I "expect" the attachment and whether it is a type of file that is relatively safe. (See file types.)

Some caution: When I receive a message from a colleague with whom I am working on a project, we have agreed that we will exchange files, and I receive a file from her with a name that clearly relates to the project, then I feel pretty comfortable opening the attachment just by clicking on it. That assumes, of course, that I believe my colleague does have up-to-date virus protection on her computer. If I am not sure, then I use "more caution".

More caution: If the message is from a colleague but the attachment is unexpected, I DO NOT OPEN it by just clicking on it. What I do depends on the circumstances, but this list gives some possibilities.

• Wait a few hours. If there is a new "hijack the person's address book" virus, I'll probably hear about that within half a day or so and then I won't need to open the attachment to find out what happens!
• Call the person and ask if he sent me this attachment on purpose and what it is.
• If it is from a person who has good intentions, but who may not have good virus protection on her computer, then I open the file in a "safe" way that won't execute any macros in it. To learn about how to do that, see file types.

Extreme caution: If the message is from someone I don't know, I simply don't open attachments, unless I am sure that I can do it in a way that will not execute any commands included in the attachment. If it is a message from a person I know and is a file type that seems to be inappropriate for the sort of information they are likely to be sending me, I don't open the attachment. I can usually find another way of getting the information I need.

Special note for teachers getting email attachments from students: I don't think it's a good idea to assume that all students who send me something are "trustworthy" sources. I'm very willing to grant their good intentions, but students must use computers in various places, which may or may not have good up-to-date virus-checking software installed. My advice is to insist that students send information in the simplest form that I can use. For instance, in the on-line continuing education courses that I take, the instructors usually insist that the information be submitted in the text of an email message, with no attachments. I'd go a step further and readily accept as an attachment a .txt or .dat file. For any other type of file, I'd treat it with "More caution" by opening it in a safe way that won't execute any macros in it. There would have to be an excellent reason for me to take a file from a student that I couldn't check in this way: an Excel spreadsheet, an executable file, or a zipped file. Of course, I have done this -- there are excellent reasons, but I have to trust that the student is being as careful as I would be about virus-checking.

MP's Virus Protection Info | MP's Internet Hints | MP's Home Page |

Last updated May 7, 2000. Mary Parker