Am I about to download a virus? (Part 1)

There are lots of good, useful things you can download from the Internet for free. Unfortunately, there are also a lot of things that will harm your PC, pop-up fake warnings, mess with your search results, and so on.

How do you tell a good download from a bad one?

The same applies to e-mail attachments – how do you tell a safe attachment from a dangerous one?

The first thing NOT to do is judge by appearances. The people behind dodgy downloads make lots of money and can afford the best programmers, the best web designers, and so on. A dodgy website will not look dodgy.  Just like any other fraudster, their stock-in-trade is to look convincing and plausible. A con artists who looks like a con artist won’t get on too well!

Ask yourself some questions: how did I find this website? How do I know it’s trustworthy? Is there a contact postal address, a proper phone number, an email address (not just a contact form). If it has these things, are they true? What happens if I google the phone number or postal address? Is there such a place? (Don’t judge by the website itself – any one can say anything on a website, any photo could be of anyone or anywhere.)

Fake web site
Fake web site

The image above is taken from an excellent article about the widespread phone scam that claims to be a call from “Windows Technical Support”. Read the full article here.

Fake sites are not beyond posting fake customer testimonials, logos of various awards they say they’ve won, or links to reviews of their services on a (fake) review site! So don’t trust what they say about themselves, and don’t trust any links they provide.

If you can find a postal address, can you view it with Google Street View? Is it what you’d expect?

The best way to assess a website is by who told you about it … a knowledgeable friend, a reputable national newspaper (that you’ve heard of), another website that you know and trust?

If you found them by googling, was it an ad or a genuine search result?

Who is paying to get in your search results?
Who is paying to get in your search results?

Nothing wrong with ads in theory, but they paid to be there. So if they are paying to advertise their site, how are they making money? A free product can’t usually afford to advertise unless it has some hidden way of making money … so what is it?

A useful thing is a “WHOIS” lookup – it tells you who registers a website and when. Is it what you’d expect? For .uk site, a WHOIS lookup can be done here.

A UK website registration. How does that seem to you?
A UK website registration. How does that seem to you?

Non-UK WHOIS lookups are a little trickier, but here might be a good place to start.

The next thing to do, after being appropriately suspicious, is to educate yourself. If you’re going to download something (or click on an e-mail attachment), you need to know what sort of thing it is. The key here is file extensions. These are the three or four letters after the full stop in a filename: paul.doc is a file with the doc extension.

The file extension tells you (and your computer) what type of file it is. Some files are executable – that is, they are programs in their own right, and could possibly harm your computer all by themselves. These should always be regarded as potentially dangerous.

The most common sort of executable file is an exe file. But there are lots of others. Here’s a (partial) list:

DANGEROUS

.ade, .adp, .bat, .chm, .cmd, .com, .cpl, .exe, .hta, .ins, .isp, .jse, .lib, .lnk, .mde, .msc, .msp, .mst, .pif, .scr, .sct, .shb, .sys, .vb, .vbe, .vbs, .vxd, .wsc, .wsf, .wsh

Other files are data files – they have to be fed into another program for anything to happen. So a music file has to be fed into a music program to play it, or a picture file fed into a viewer program to display it. So a word-processing data file (for example a .doc file) has to be fed into (for example) Microsoft Word to handle it.  Word processing files, however, can contain macros which are then executed by Word as programs, so these sort of data files should be treated with caution.

CAUTION

.doc, .xls, .ppt, .pps, .docm, .xlsm, .pptm

If you do decide to run any of these types, make sure the application program (Word, Excel, PowerPoint) is set to ask you before it runs any macros.

Other data files – ones which cannot contain macros or similar are pretty safe (although nothing is 100 percent):

PROBABLY SAFE

.jpg, .bmp, .gif, .png
.mp3, .wma
.mp4, .wmv, .flv
.docx, .xlsx, .pptx
.pdf

The first row are (or should be) pictures or images, the second row are sounds or music, the third row are video formats, the fourth row are Microsoft Office files without macros, and the last row is a document format.

Compressed files (zip files) are a collectection of one or more files packaged together. They are not in themselves dangerous, but they may contain dangerous files. It wouldn’t be dangerous to unzip them, but then you need to look at the extensions of the file(s) within to see how you feel about it.

COMPRESSED FILES

.zip, .tar, .tgz, .taz, .z, .gz, .rar

It’s only the file extension that counts: photo.exe is a program, not a photo (and why is it trying to fool us?) And it’s only the last extension that counts: invoice.pdf.exe is still a program (and very definitely suspicions!)

All this applies to e-mail attachments too – when you double-click  on them they are executed (if they are executable) or fed into the relevant program (if they are data files). It’s at this point that the damage to your PC may occur.  So check the extension before you double-click.

Sometimes the senders of malware attachments may call the attachment something like
delivery-note.pdf__1286186239776323496.exe – they hope that your email program won’t be able to show you the full filename and you won’t notice it’s an exe file (a program) not a PDF file (a document). You’ll think it’s safe when it isn’t.

There are many other file extensions, far too many to list here. But if you don’t know what it is, don’t risk it without finding out more. And don’t download a program which claims it can “open any file” or “fix unknown file types” – such a thing isn’t possible, so what’s it up to?

More on file extensions here, and in my next post I’ll show how we might apply our new-found knowledge.

Be careful out there!