Harmless .exe files fall to virus threat

Bruce Owen couldn’t believe his eyes when he looked at his e-mail. Sitting in his inbox was a message from his sister that included an attachment: “Intel E-mail Postcard.”

Wary about a possible virus, he immediately deleted the file – as most virus-wary PC users are trained to do – then called his sister to ask her about the message. Turns out it was legitimate. She sent him a small program with audio and video she generated using an Intel digital camera and software package.

Owen says he doesn’t regret his decision to delete first and ask questions later. “Just because it came from her doesn’t mean it’s safe,” he says.

He’s justified in his concern. One in every 300 e-mail messages circulating contains a virus, according to e-mail security company MessageLabs. That’s up from one in every 700 in October last year.

Stats like that make savvy users more concerned than ever that the next Nimda virus is waiting in their inbox. So people and companies are quick to filter out and/or delete any attached .exe files that arrive from cyberspace. Unfortunately, that approach means you’ll likely also destroy fun, perfectly harmless files in the name of safety.

And that’s the way it has to be, says Stephen Trilling, director of research at Symantec Security Response.

“Certainly there is going to be a trade-off from convenience and fun and security,” he says. “By deleting the .exe you’ll be safer, but you will lose some stuff.”

The Internet has always been great for sharing information, photos, and all types of other stuff, Trilling says. Over time, creative Web users began sending more sophisticated attachments that ran videos, animations and other self-contained programs.

“Unfortunately, people use it [an .exe] to do malicious things as well,” Trilling warns.

The list of bad things people can do with an .exe continues to grow.

“It can delete files, it can e-mail info, it can e-mail copies of itself, it can steal passwords, it can steal documents. Anything you can imagine a computer program doing, an .exe can do,” Trilling says.

Because of this, he says many companies simply strip .exe files from all incoming messages before they reach the recipient’s desk.

Should the company be doing that? It’s up to each organization to decide what protections are necessary. In the process, some legitimate .exe files will be deleted, but most of these attachments are not work-related items.

At home, where people expect to get more fun e-mails, the question gets trickier to answer.

First, there’s no assurance that the mail is really coming from the named or trusted sender.

“Just cause your e-mail comes from your best friend, doesn’t mean it came from them,” he says. Some .exe viruses are known to utilize a person’s address book to send damaging messages to all of the addresses in a computer.

One clue that an e-mail might be unfriendly: a generic subject line. If you are e-mailing something to a friend, be sure to put something in the subject line that makes it obvious, Trilling suggests.

“There is some onus on the sender of these things to make it very clear,” he says.

Another option: check the validity of the file before you open it.

“The telephone is a very effective low-tech device to protect you against this type of stuff,” he says. When in doubt, call first.

Symantec’s expert is quick to point out that Intel hasn’t done anything wrong by offering a program that generates .exe files. Besides, plenty of other programs offer similar features. He also notes that he’s never had any complaint about Intel’s program, or others that generate .exe files.

“In fairness, I can’t think of many cases where some fast-spreading virus came from commercially generated software,” he says.

Even so, Intel acknowledges the potential for problems, says Rich Hannah, a product-marketing engineer at Intel.

“We recognize this is an issue for some people,” he says.

Current users of Intel’s Postcard Creator, part of its Create and Share package, can opt out of sending an .exe, Hannah says. Instead, they can send a basic JPEG file by simply selecting the correct button during the process of creating a postcard.

Unfortunately, a JPEG isn’t nearly as much fun as a video and audio postcard, he says. “If they want the richer experience they have to send it as an .exe.”

As Intel updates the software, the company plans to implement a new way for people to send and receive postcards, says Hannah. The latest version of the larger program has a new feature, called the Intel Digital Puzzle, which generates a URL that the user sends via e-mail to their friends and family. That URL leads users to an Intel-branded Web site where they can download the necessary .exe file to run the digital puzzle.

Down the road, Intel plans to do the same thing for its postcards.

While this scenario should help to reassure users about the validity of .exe files generated from Intel’s program, Hannah points out there is still no way to be 100 percent safe because someone could still send a malicious .exe file with Intel’s Postcard subject line.

Symantec’s Trilling says, in the end, the key to safe e-mail usage is constant vigilance and the use of regularly updated anti-virus software.