« More Worthless Stats | Main | How to Know Your Web Site Has Been Cracked »

March 11, 2008

I have a friend here and there who insists on forwarding the cute singing dogs PowerPoint presentation that had been forwarded to them by their nieces, who got it from...who knows where? I call these types serial forwarders, potentially almost as dangerous as serial murderers. Whenever they receive a funny/poignant/thoughtful/quasi-spiritual email attachment from someone they know, they immediately open it and then forward it to their "closest friends" distribution list.

Of all the types of email attachment possibilities, Microsoft Office document files frighten me the most. Word, Excel, and PowerPoint document files are routinely sent around the Internet as a way to share data. When I'm working on a book, I submit chapters to my editor as MS-Word .doc files; those files are marked up with comments and come back to me via email attachments, still as MS-Word files. Back and forth the files go, and I have no idea how well-protected my publisher's employee computers (or the ones they use at home) are. Familiarity with Office files breeds complacency and a misplaced trust in a file type that can be abused by the knowledgeable crook.

Today Microsoft released a batch of security updates that addressed vulnerabilities in Microsoft Office applications, including those that run on the Macintosh. One vulnerability affecting Excel has been exploited in the wild since November 2007, leaving tons of folks exposed to the potential of having a remote attacker execute other code on victims' computers.

Microsoft Office documents aren't the only ones to have such vulnerabilities. We receive a steady stream of patches for Apple's QuickTime, Adobe Acrobat and Flash, RealPlayer, Windows Media Player...the list goes on. Unfortunately for users, the list includes popular programs whose documents are frequently attached to email blasted to personal distribution lists.

As primarily a Mac user, I can be smug when someone tries to send me a .exe or .pif file because such files won't run on Mac OS X to do any damage to my machine or data. But send me an unexpected .doc, .xls, .ppt, .pdf, .swf, or .mov file, and you're getting too close for comfort.

So, keep your dancing kitty animations and flubbing public speaker video clips to yourself. Send me the YouTube URL instead.