On 2009-12-09, rgheck wrote: > The problem, as I understand it, is that, under certain circumstances, > even a file with extension .jpg can be executed by windows, not by the > "default viewer". Ask your local spammer for details.
AFAIK, the local spammer will attach a file "nice-pic.jpg.exe" and the mailer will show it helpfully without the "administrative" extension as "nice-pic.jpg" but call it as an executable. > But you should know that running without admin privileges is not proof > against infection. ....................... > More importantly, the question whether a file is executable is not the > same as the question what its extension is. That's the whole point. On a DOS (or derived) system, "executability" is determined on the base of the extension, because > It doesn't really have any conception of an executable file. > Windows can - see + show > the extension .wmf and still treat the file as executable. > This is one of the big security holes on Windows: Therefore it is advised to display the extension in the file manager or file selector (this is configurable but by default off). Günter
