Can you trust that file?

If you suspect a file might be malicious, there are Web sites that can scan (and scan and scan) it for you.

Earlier I had a trilogy of postings about DropMyRights ( Part 1 , Part 2 and Part 3 ) that included the warning to run Microsoft Office applications in restricted mode in case a file (Word document, Excel spreadsheet, etc.) carried a virus or some other type of malicious software.

But what do you do if a Word document or Excel spreadsheet doesn't display or work properly when the application is run in restricted mode? A decision needs to be made whether to trust the file and open it in unrestricted mode.

If the file was sent to you by e-mail, you'll no doubt be tempted to judge it based on the person who sent the message. Don't.

For one thing, you can't trust that the reported sender of an e-mail message is the actual sender. It is trivially easy to forge the From address in an e-mail message. And even if the message really did come from the person in the From address, and you trust that person, you still should not assume the file is safe. The sender's computer could be infected with malicious software that sent the e-mail message on its own, without human involvement. But what if the trusted person actually sent the file on purpose? It still could be infected with malware without him or her knowing it.

What to do?

The safest thing, of course, is to delete the file. But if you want or need to use it, then I suggest using the Virus Total and/or Jotti Web sites. Each site lets you upload a file to be scanned by multiple antivirus programs.

The last time I used Virus Total, a free service from Hispasec Sistemas, it scanned my suspicious file with 29 different programs. The list included popular antivirus software from Symantec, Kaspersky and Clam, some less well-known products such as NOD32, Avast and Panda, and a host of products that I had never heard of such as DrWeb, Ikarus and TheHacker. That's the good news.

The bad news is that there probably won't be a consensus opinion. Each time I submitted something suspicious to Virus Total, the results were all over the map. For example, in this screenshot from July 10, you can see that 7 of the 29 programs felt the file was malicious. Democracy is great in other contexts, but here, I'd rather be safe than sorry.

About the author

    Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

    He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

    Disclosure.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    The Next Big Thing

    Consoles go wide and far beyond gaming with power and realism.