|Zip files by themselves are not harmful or dangerous. However, they have been used by malicious individuals to hide the fact that they are sending harmful files.|
Here are some steps you can take to help protect yourself from viruses, trojans, and other malware that may be distributed in Zip files:
System Protection and Updates
- WinZip Computing recommends that all WinZip users upgrade to the latest version of WinZip, because it contains important security related fixes and enhancements.
- It is very important to have a good antivirus program installed on your computer. We recommend that you configure your antivirus program to scan all files that you work with in real time. Most virus scanners can also be configured to scan email as it arrives and quarantine infected messages. We also recommend that you enable this option. Also, because new viruses are discovered almost daily, be sure to keep your antivirus program up-to-date. Most antivirus programs have an automatic update facility that can help with this.
- Consider also installing an application to prevent and clean out malware and spyware, such as WinZip Malware Protector.
- You should also use Microsoft's Windows Update feature to be sure that you have Microsoft's latest fixes for your version of Windows. Windows Update also has an automatic update facility that can help keep you up to date.
- Make regular use of WinZip's Check for Updates feature to insure you have the latest version installed.
Know Your Source
- Never open a Zip file that is attached to email from an unknown source.
- If an unexpected Zip file is attached to an email from someone you know, consider verifying with the sender that the attachment is legitimate. Some viruses spread by emailing copies of themselves to everyone in the contact lists of infected computers; this means that you can receive infected files even from people you know.
- Avoid downloading Zip files from untrusted websites.
- Double-check the From address. Faked emails may imply a friend's name, but have a different email address. In the picture below, the email appears to be from Joy, but the email address has the name Mark. Some email programs do not show this clearly, so you should make the effort to check.
Of course, these guidelines don't apply only to Zip files; they apply equally to any file type.
Disable Hidden File Name Extensions
All current versions of Windows are initially installed with an option called "Hide extensions for known file types" enabled. When this option is enabled, Windows will not display the file name extensions (.EXE, .DOC, etc.) for file types that it knows about.
This option is considered by many knowledgeable users to be dangerous, primarily because it can mislead you about the true nature of your files. For example, you might have a virus-infected file named "vacation.jpg.exe". If the hidden extension option is enabled, this file will appear on your desktop or in Windows Explorer as "vacation.jpg", leading you to think that it is a harmless vacation picture. In fact, it is an executable program, and opening it could infect your computer.
For information on how to disable hidden extensions, see How to configure Windows to show file extensions and hidden files.