Archived Edition: May 04, 2004 | Back to Current	Sep 09, 2010

OIT limits file attachments in move to defeat viruses
Steven Myers - SENIOR EDITOR

In an effort to stem the tide of viruses that has plagued the College network this year, the Office of Information Technology (OIT) began blocking e-mails containing file attachments that could potentially be carrying viruses last Tuesday.

In addition to the name of the file, most file names include a 3-letter file extension that follows a period and specifies the file’s type. Because only certain file types are executable, or do not need another program to open them, a limited number of file types typically include the most dangerous viruses. The file extensions that OIT has begun blocking include .exe, .pif, .scr, .cpl, .vbs, .bat, .com and .hta.

Yesterday, OIT also began blocking .zip files, which are compressed archives storing other files. Although they are often used as a legitimate means of sending multiple files at once, when properly encrypted they can make it difficult for antivirus software to scan their contents.

“We always hesitate to put restrictions on as long as we can,” said Dinny Taylor, chief technology officer. “But the viruses are coming through much faster; the race is much faster.”

Messages containing these files will be deleted in their entirety, and the people to whom they were sent will never know that the message was sent or deleted. According to Taylor, OIT is aware that this could be frustrating for people legitimately sending file attachments, but had little choice.

“A lot of schools have done this,” she said. “We’re not the first one. These are the file types most likely to contain viruses.” She also said that prior to this change, when a virus was detected on a message, it was deleted as well.

She also said that the Informational Technology Committee approved these changes.

Although many of the file extensions that OIT will be blocking are rarely used for anything other than viruses, .zip files are different because of their more frequent use. “Zip files are the trickiest, because you can get legitimate ones,” Taylor said. “But really, if you don’t know who’s sending them, you shouldn’t be opening them.”

Taylor also said that if users need to send a .zip or other blocked file type, the sender can rename the file so that it does not have that extension and include instructions in the body of the to rename the attachment upon receipt.

Seth Rogers, associate director of desktop systems, said that although .zip blocking is currently turned on, OIT is seriously considering implementing it on an ad hoc basis, turning it on only during periods of major virus activity.

Rogers said that after its announcement of its intention to block .zip files, OIT received some concerns from users who routinely send legitimate .zip files.

Ultimately, if users did not open file attachments that they weren’t expecting, it’s doubtful that these changes would be necessary. “Even though we’ve said hundreds of times not to open [unexpected] attachments, people still do it,” Taylor said. “It’s very tempting for people to open something when it looks like its coming from someone they know.”

Although OIT expects that this change will make a substantial dent in the propagation of viruses by e-mail, viruses that spread across the network by themselves will not be affected. According to Rogers, two of the five major virus episodes this year were caused by network-borne viruses.

This summer, according to Rogers, OIT will be working on two major security initiatives. Because many viruses create their own mail engine when using e-mail to propagate, the College mail server will begin requiring authentication before accepting messages. “To me, that will be the most significant step that we take,” Rogers said.

He also said that implementing the authentication system could be a challenge because it would require every e-mail user to change settings in the mail program.

The second initiative will encourage users to make use of the firewall built into Windows XP, which would help slow network viruses. This will not be required, however, as use of a firewall sometimes stops users from using legitimate programs. Rogers highlighted file-sharing as one application that is typically limited by the use of firewalls.