Toledo Talk

Basic IT Question

OK, I took an online information security course at the request of an employer. I know a few dozen more acronyms now! However, one piece of advice struck me the wrong way and I'd like to hear from TT techies.

"When an e-mail contains a suspicious attachment, save it to your hard drive and scan it with antivirus software before opening. ... Suspicious attachments can be .html, .pdf, .xls (and a few others)."

This seems counterintuitive. If I'm suspicious about something, why would I want to save it on my hard drive? Doesn't that just bring the suspicious item into my system?

Conversely, if businesses I work for are sending me Excel spreadsheets (which I think are the .xls) or other PDF files to use at home, should I be isolating and scanning them every time?

Thanks for any insights.

created by viola on Feb 13, 2013 at 10:53:46 am     Technology     Comments: 13

source      versions

Comments ... #

Your risk from malicious software occurs when you open the file, viola. Downloading the file allows you to run antivirus software.

I am in the habit of scanning everything that I receive before opening it: I have been zonked a few times in the past with infected files from students submitting work. I also use my cloud folder for the destination zone, which gives me an extra level of protection.

posted by historymike on Feb 13, 2013 at 11:11:41 am     #  

I agree with historymike. However, I would add that the first defense is your awareness and care.

This is a very simple rule. If you receive an email that you were not expecting, whether from a co-worker or supervisor, please call them to make certain that they actually sent it. If they did not send to you, the delete it instead of downloading the attachment. If you were working on a project and then receive an email from someone with whom you were working, then fine, download and scan the attachment with your company's antivirus program that is on your computer.

Just remember, that even antivirus programs can fail to detect an "infected" file. That's where you come in. You are the first line of defense, not the antivirus program.

posted by paulhem on Feb 13, 2013 at 12:09:02 pm     #   2 people liked this

Good points, paulhem. I got paranoid the other day when a email from a former student had a PDF attached and the heading on the email just said "Re:", while the file had some convoluted file name. It turns out the student just emailed the wrong instructor, but I ran two antivirus programs on that file before I dared to open it.

posted by historymike on Feb 13, 2013 at 12:13:49 pm     #   1 person liked this

Thanks guys. I was wondering why I shouldn't just delete something if I'm "suspicious" about it. I have been doing so, and was surprised to not see that advice in an online security web course for newbs.

posted by viola on Feb 13, 2013 at 03:30:42 pm     #  

Sure, the "delete all unsolicited/unexpected files" method has its merits, viola. At worst you just run into a coworker who says "what about that TPS report?" and then you plead ignorance and have the person resend it.

posted by historymike on Feb 13, 2013 at 03:51:48 pm     #  

TPS report = Office Space reference. If you have not watched it, drop what you are doing and watch the film. You cannot effectively survive a corporate or institutional environment without this film to provide a dose of sanity.

posted by historymike on Feb 13, 2013 at 03:53:20 pm     #   5 people liked this

historymike posted at 03:53:20 PM on Feb 13, 2013:

TPS report = Office Space reference. If you have not watched it, drop what you are doing and watch the film. You cannot effectively survive a corporate or institutional environment without this film to provide a dose of sanity.

I just figured it was the actual report on the waste, fraud and abuse in the Toledo Public Schools.

posted by Linecrosser on Feb 13, 2013 at 04:13:08 pm     #  

Hijack my own thread ... Not only is Office Space mandatory, so is Idiocracy!

posted by viola on Feb 13, 2013 at 05:27:59 pm     #   3 people liked this

Not certain if it is clear from the advice above, but by indicating you should save the file to your computer first then scan it, they meant to do so directly from the email. Do not double click on the attachment and open it, then save it to your computer in order to scan it...just want to be certain that is clear.

Also if you run a local email application like outlook, some antivirus applications can integrate into it and effectively perform the same process without having to first save the file to your computer. This does not apply to webmail or accessing your email via your web browser.

Lastly the MOST important defense is making certain your computer is updated with the latest patches, not only for the operating system (such as windows) but for the other applications such as Java, Flash, etc and your web browser. Also do NOT run more than one antivirus application on your computer at a time as this can create a situation in which neither of them actually scans a file.

Stay safe!

posted by breeman on Feb 14, 2013 at 02:53:03 pm     #  

Man, I could really go for a Starbucks, y'know?

posted by jbtaurus98 on Feb 15, 2013 at 07:57:44 am     #  

Just wanna chime in here really quickly-
I'm an IT guy. I've been one since around 1999, and I've worked on some diverse and large networks, designing multinational architectures, virtualizing legacy equipment, yadda yadda yadda.

Most viruses nowadays don't touch email. Almost all mail systems have adequate filtering - that's not where you need to be paranoid. Most of the viruses we see that happen propagate due to either windows or add-on vulnerabilities that haven't been patched by the manufacturer (IE the recent Java mess). Another HUGE culprit we see is the USB drive bringing in viruses from home systems.

If you have a decent AV system in place on your network, you're mostly safe even if you DO open attachments. Not suggesting you should, mind, but just use some common sense whenever possible.

posted by endcycle on Feb 15, 2013 at 03:15:42 pm     #  

"Most viruses nowadays don't touch email"

I was attempting to raise the standard to address the spear-fishing threat.

If someone receiving an unexpected email should double-check before opening, clicking on an attachment or a link in that email.

BTW, spear-fishing is the most dangerous threat. Here is a recent example where a system adjacent the White House "nuclear football" was compromised.
Official confirms report by veteran Pentagon reporter Bill Gertz saying hackers linked to China's government "broke into one of the U.S. government's most sensitive computer networks - a successful "spearphishing" attack.

The fact that viola's employer requires security training is enough to make me suspect that it may be affected by the President's cyber security executive order that he signed this week.

posted by paulhem on Feb 15, 2013 at 05:00:00 pm     #  

Ah, I misspoke (mistyped? whatev :)) - one of the bigger security threats facing IT is definitely misdirection / attack URLs in email. I was referring only to the old days of (for example) the Melissa virus, which spread as an email attachment that looked like a standard safe attachment.

The URL problem suck - everything from phishing for passwords to actual exploits on websites (IE the recent Java mess) can hit you.

posted by endcycle on Feb 19, 2013 at 01:12:04 pm     #