Due to increased cyber criminal threats and attacks, the utopian vision of global harmony that the computing industry originally designed for, where everyone happily shared files and information, and everyone was honest and upright, now seems naive and shortsighted. A decade ago, no one worried about receiving attachments to their emails. Viruses and worms existed, but were seldom seen. Few people thought virus protection was necessary or indeed ever encountered a virus.
With the whole-hearted and enthusiastic embracing of the personal computer (PC), email and the World Wide Web by the public, security issues started to gain in importance as the industry grew. As more people used the technology, and the vulnerable computers grew exponentially, so did the incidences of cyber crimes and criminal hacking. It became incredibly easy to introduce a virus or worm by email or other means and have it spread by social engineering (I Love You virus) and by taking advantage of people who did not update their software.
In order to grow the industry in the early days, the software manufacturers had focused on ease of use and added features as the most important factors to develop for. They listened to what their customers wanted, and gave them the bells and whistles they asked for. As the security threat grew, however, the emphasis had to change. The open, share with everyone, gee-whiz features from the past are moving to a more closed cautious approach in the present.
So how do you send a database file to a friend without them having to lower their security settings? There is a way. MS Outlook and MS Outlook Express will accept text (.txt) files without a problem, so I told my colleague to change the file extension from databasename.dbs to databasename.txt and send it to me. After receiving it, I could easily change the extension back to what it was before, and (drum-roll, please), I would have the database without changing my security settings.
So she tried it. I am fortunate to have an ISP who filters for SPAM and also aggressively filters for Viruses and Worms (even so, I update my own virus protection daily). However, in this case, the ISP's virus filter stripped the ".txt" attachment from the email and I received nothing but a virus warning! What had happened?
After some trouble-shooting back and forth by email, I determined that she had her version of Windows set to hide file extensions. When she tried to rename the file, she simply added .txt to the name. She saw databasename.txt on her desktop, but because she couldn't see the file extension, the file was actually named databasename.txt.dbs! The ISP virus filter rightly saw that as a possible threat and dumped the file.
Having her file extensions hidden was also not a good idea from a security stand point. She would never know if a virus program was hidden in files she looked at: for example as in filename.jpg.vbs because she would not be able to see the ".vbs" (Visual Basic Script) extension. The file would look to her like filename.jpg and she might mistakenly open it, setting off a Trojan worm.
I suggested that she turn on her "view file extensions". Then she would be able to rename files correctly and her system would be more secure at the same time.
Here’s how you do it in Windows 98:
Now after making the above changes, if my colleague looks at that copy of her database file on her desktop, she will see the extension as it truly is. If she renames it, she will see the correct extension and will also see the database icon change to the text icon. She may get a warning that she is about to do something terrible, (as in changing file extensions will cause the file not to open) but since she is working with a copy, she can ignore it. When she sends me the file, it will pass all the security checks both from my ISP and my system, and I will receive it successfully. I will then change the extension back to .dbs and ta-da! I will have the database file without compromising my over-all security. A quick and easy tip for everyone that needs to share a file, just make sure your virus scanner is up-to-date!
Note to APCUG editors: This article was first published in an issue of the Bytes and Bits Online Newsletter. I thought it might have broad interest for the UG community. Please drop me an email if you publish this article to: barbara@web-centric.net. I would be very pleased to receive either a link to your online publication, PDF, or a hard copy of your newsletter if possible. I enjoy seeing what everyone else is doing, thanks. If this article is too long, please feel free to break it up into 2 or 3 parts at appropriate points if that would work better for you.
For more information on the Tulsa Computer Society click here