Can e-mail contain a computer virus?

A STAFF REPORT FROM THE STRAIGHT DOPE SCIENCE ADVISORY BOARD

Dear Straight Dope:

Everywhere on the Internet, everyone has an opinion on whether or not you can send/receive e-mail with a virus in it. Half of us think you can only get a virus from running an infected file. The other half think computers are "spooky, mystery objects that can be infected at anytime by anything" ... from my phrasing obviously you can see which half I'm on. But no one seems to be able to come to a conclusion on it ... a permanent one ... so I'm asking you, what's the Straight Dope on e-mail viri?

Tech replies:

The pat answer, Dante, is “No, you cannot get a virus simply from reading your e-mail.” It’s a physical impossibility, as no matter what method you’re using to read your mail, it’s only text. Computers use two kinds of files–program files and data files. Program files are (or can be) active; data files are passive. Viruses and trojan horses are actual programs–that is, they initiate a set of instructions to your computer, which then executes them to the best of its ability. When you read mail, what you are doing is having a program (your mail reader, or AOL) acquire a selection of text (data) and display it. In doing so, your mail reader does not in any way execute any additional instructions; all it is doing is displaying text, which is why simply reading your mail is safe.

However.

Certain mail programs (most notoriously AOL’s e-mail interface) allow you the ability to download any mail you’ve received, and also download and extract any attached files. This presents a problem if the file is a self-extracting .zip file, as said file will then be executed by the mail program, causing your system to become infected if the file is, indeed, a trojan horse designed to do just this.

As long as your preferences are set to not extract any .zip (or .sit or .arc) files, you should be safe. Better yet, don’t allow your program to automatically download attached files at all–that way you don’t even have to worry about downloading an inactive virus that’s just waiting for you to double-click on it. There is a drawback to labor-saving technology. Imagine that. You’re better off just grabbing the mail, and if there’s a file attached that you know is safe (and this doesn’t include those pictures of women and horses from that Internet address you’ve never heard of), then go back into your inbox and download it manually.

Personally, I read all my mail that I know contains a virus, just for a laugh. You should see some of this stuff, I’m telling you. I just don’t download the file.

Some cautions, in closing:

– There are viruses that can be embedded within popular word-processing documents. In these cases, you download the file, usually ending in .doc, and read it. Problem is, an OLE (Object Linking and Embedding) command has been inserted into the document (usually via a push-button), and is only activated and executed when you instruct the computer to do so by clicking the button–which is almost always labelled “Click here for important information” or something similar that should be a glowing red beacon that you’re about to be suckered.

– Run an anti-virus program regularly, no matter what, just to be on the safe side.

– If you’re a Windows user, there’s a file in your windows directory called “win.ini” that you should become familiar with, especially if you’re an AOL user. Check it everytime you reboot or turn on your computer to see if there is anything in the “run=” or “load=” lines, especially anything with the letters “aol” in the filename. It’s dead certain you’ve got a trojan horse if you see that.

– Be especially careful with hyperlinks. On AOL specifically, they can be cruel practical jokes sending you to chat rooms which AOL’s Terms of Service department monitors because they are hacker hangouts, and you can get your account cancelled just for being there. Or they can be links to web pages which download files which may be viruses. If you click a link that starts downloading something, cancel the download–even rebooting your computer if necessary to interrupt it.

– Above all, always be careful. If there’s a file or link attached to your e-mail, don’t mess with it unless you know the sender, their mail lets you know that it really is them somehow, and they offer you an explanation of what the file or link is.

Send questions to Cecil via cecil@straightdope.com.

STAFF REPORTS ARE WRITTEN BY THE STRAIGHT DOPE SCIENCE ADVISORY BOARD, CECIL'S ONLINE AUXILIARY. THOUGH THE SDSAB DOES ITS BEST, THESE COLUMNS ARE EDITED BY ED ZOTTI, NOT CECIL, SO ACCURACYWISE YOU'D BETTER KEEP YOUR FINGERS CROSSED.

Comment on this Column