Program Extensions

You should never run a program that you download or receive in an e-mail without virus checking it. But exactly what constitutes a "program" may not be totally clear to you. Here's a list of filename extensions to watch out for:

.EXE -- This is the most common type of program file. It can contain 16- or 32-bit Windows programs or DOS programs.

.COM -- This type of file can only contain 16-bit DOS programs. But they can be just as destructive as a malicious EXE file.

.BAT -- These text files contain lists of DOS commands. These commands can launch other programs, rename and delete files, and perform other potentially destructive acts.

.CMD -- same as .BAT files, but only run under Windows NT and Windows 2000.

.PIF -- A Program Information File. It provides information about a DOS program, such as how much memory it needs, how it accesses the screen, etc. Open or run a PIF file, and its associated .EXE, .COM or .BAT file is executed.

.VBS -- A text file containing a program written in the VBScript language. They are 32-bit Windows programs, and can do anything an EXE program can.

.VBE -- A VBScript (.VBS) file that has been encoded to prevent you and I from seeing its true contents. The authors of the Love Bug virus originally intended to distribute their program as a .VBE file, to hide its purpose. But they discovered this file format is only recognized by Windows 2000, and older versions of Windows that have been specially upgraded to Windows Scripting Host v2.0.

.JS -- Same as .VBS, except the program stored in the file is written in the JavaScript or Jscript programming language.

.JSE -- A JavaScript or Jscript (.JS) file that has been encoded to prevent you and I from seeing its true contents.

.WSH -- A text file that contains settings used when running a particular script. Open or run this file, and its associated script file (.VBS, .VBE, .JS or .JSE) will be executed.

.WSF -- A file containing scripts, data and other information in the XML (extensible Markup Language).

Other types of files, while not exactly programs, can cause damage if opened or double-clicked. For example, .REG files contain information that is automatically copied to your Windows Registry Installation information files, those with names ending in .INF, contain information describing how a program or driver should be installed. This includes lists of files to be copied, and even Windows Registry entries to be added, changed or deleted. Opening or double-clicking either of these types of files can have undesired consequences.

Remember also that a filename's extension is not always visible. It's possible to ask Windows to hide common filename extensions. As a result, a file named "Text.txt" might appear in a file open dialog, a Windows Explorer window, or elsewhere simply as "Text." The only clue to its extension might be the file's icon, and even that can be altered.

Excerpted from Power Tools May 15, 2000 By Karen Kenworthy,

 Back to Leigh's Security Page
Back to Leigh's Home Page Site Map                   Site Search

This page hosted by
Leigh Brasington / / Revised 20 June 03