Copyright 2002, Rick Macmurchie - October 18, 2002

E-Mail Attachment Safety Update 2

What are ZIP files and are they safe attachments to open?

Please read the original article E-Mail Attachment Safety for basic information about safe email use before reading this article.

What are ZIP files?

The ZIP file format was developed by Phil Katz in the late 1980s as a way to compress any number of files into a single smaller file to reduce the amount of space the files need on disk and to reduce download time. The file format was given to the public domain allowing anyone to write a program that creates or extracts ZIP archives. The format quickly became very popular and there are now a large number of programs available for creating and extracting ZIP files as well as a large number of programs that use the format behind the scenes.

Are ZIP files safe attachments to open?

While ZIP files are not inherently dangerous, there are some issues that you should be aware of when using them.

  1. A recently discovered bug exists in some programs that extract ZIP files which may cause programs to crash or allow your system to be infected by a virus or worm. (If a ZIP file contains a compressed file with an extremely long file name some programs will not handle the name correctly.) Current versions of WinZip and WinRAR appear to be safe, but the built in ZIP support in Windows ME, Windows XP, and Windows 98 with the Plus! pack are affected. A fix for the Microsoft ZIP problem is available on the Windows Update site and more information is available in their bulletin MS02-054.

  2. ZIP archives can contain any type of file, therefore files extracted from a ZIP archive (or any other archive file) may be dangerous if they are an executable file type. (See E-Mail Attachment Safety for a list of executable and safe file types.)

The Good News

If you install available patches for the Microsoft ZIP problem, or use WinZip or WinRAR to open ZIP files you should be reasonably safe. Even if you are using a buggy ZIP reader you would have to deliberately open a file to have a problem. Also I currently know of no Virus or Worm that deliberately distributes itself in a ZIP file (because it would make it more difficult to infect your system.)

To be absolutely safe, scan any executable files that you extract from a ZIP file with an up to date anti-virus utility. (Most anti-virus software will scan the files automatically as they are extracted.)

Back to the article IndexBack to the Great White North Home Page

Did the information on this site help you solve a problem?
Consider making a donation to support the site.

Rick Macmurchie
(250) 658-6319

Hit Counter