In the past, email servers accepted all file attachments, allowing viruses to be executed by unwary recipients who clicked on them. It was not uncommon to get messages such as "click this - coolest thing I've ever seen" from a friend whose email address was stolen from the user's contact list.
Today, most mail systems will not allow an executable to be attached in the first place, let alone accept them. Nevertheless, executable files can find their way into a user's computer, and the important thing to know is which files are potentially dangerous.
Data Are Not Executed (Theoretically)
It is commonly assumed that, except for macros within spreadsheets and word processing documents, all data are safe because they do not contain instructions. However, some illustration and image files do contain commands that are executed. In addition, every application in the act of processing its data is in an execution mode that can be diverted to do harm if the file contains bogus code and the software is not rock solid from a security standpoint. See
virus,
double extension and
extension.
The Windows Extension Default
When looking at file names in Explorer, be aware that new installations of Windows hide the file extension. See
hidden file extensions.
POTENTIALLY DANGEROUS
WINDOWS EXTENSIONS
EXE/COM (machine language)
BAT/CMD (script)
EPS/PS (PostScript document)
HTA (hypertext app)
INF (AutoRun file)
JS/JSE (JavaScript)
LNK (link)
MSI/MSP (MS Installer, patch)
PIF (shortcut)
PS1/PS2 (PowerShell script)
PSC1/PSC2 (PowerShell script)
REG (Registry file)
SCF (Explorer command)
SCR (screen saver)
SHS (OLE object package)
TIFF (TIFF image)
VB/VBS/VBE (VBScript)
WMF/EMF (Windows Metafile image)
WS/WSF (Windows script)
POTENTIALLY DANGEROUS
MAC EXTENSIONS
APP (application)
DMG (installer)
SH (script)
JS/JSE (JavaScript)
DATA - WINDOWS & MAC
(can contain executable macros)
DOC/DOCM/DOCX (Word)
PPT/PPTM/PPTX (PowerPoint)
XLS/XLSM/XLSX (Excel)
GENERALLY SAFE EXTENSIONS
TXT (text)
GIF (image)
JPG (image)
PNG (image)
BMP (image)