But the e-mail came from someone I trust...

The single most harmful advice perpetrated on computer users is to only open e-mail attachments from people they know.

The implication is that you have no control over getting a computer virus — you must rely on trust. The problem is most viruses come from people you know.

IT departments around the world have given out this dangerous advise for years. It's failed us miserably and resulted in a give up and surrender mentality of relying on virus scanning software to save our pathetic, helpless selves.

Instead, IT departments should educate computer users to only open (click on) e-mail attachments if they know the file type of the attachment is safe and does not run a program or script. It's ok to open a picture or a movie but only if you know the attachment actually is a picture or a movie. If you are not sure, don't open it. Simple. Any file extension you are not familiar with should be considered dangerous regardless of who sent it. In particular, never open e-mail attachments with extensions of ".exe", ".bat", or ".cmd".

An e-mail attachment is not ok just because it is from a trusted friend. However, an e-mail attachment is almost certainly safe if the file extension (characters after the LAST dot in the file name) is known to be safe.

Sample Files with Safe Extensions:

fun.mpg (movie)
fun.jpg (photo)
fun.png (image)
fun.txt (plain text)

Sample Files with Dangerous Extensions:

fun.exe (runnable program — very dangerous on Windows)
fun.bat (runnable script — very dangerous on Windows)
fun.cmd (runnable script — very dangerous on Windows)
fun.doc (Word file with VBScript/VBA can contain viruses)
fun.xlsx (Excel file with VBScript/VBA can contain viruses)

Be careful of masquerading file types. For example, the file "fun.txt.exe" is not a text file; it is a potentially very dangerous executable file.

And when curiosity is getting the best of you, ask yourself, "If this content is so great, why isn't it on a web site somewhere so I don't have to mess around with opening an e-mail attachment?"

In general, viewing a web page is safe as long as you don't download and open files from the web site. However, the web browser Microsoft Internet Explorer (a.k.a. IE) is special — it automatically runs special Microsoft ActiveX controls from the web site. And ActiveX can contain viruses. IE has definitely gotten safer recently, but it has a long history of automatically running dangerous stuff. You are much, much better off with Firefox, Safari, or Opera.

Likewise, Microsoft Outlook has long history of automatically running scripts in e-mail messages even before the user has opened the message. Use safer e-mail clients, like Thunderbird or Apple Mail (mail.app). Or use a web-based e-mail system, like Gmail.

While computer viruses are primarily a problem for Microsoft Windows users, Apple Mac OS X and Linux users should also adopt a policy of only opening e-mail attachments if the file type is known to be safe.

You have more control over your Internet fate than you think. Take control — don't just rely on antivirus software.