What type of files can't carry a computer virus

I opened a text file (with the .txt extention) and my MIS person where I worked said you have to be careful as all files can carry viruses.

I know certain files can carry viruses but I always thought .txt files could not. Are there any types of computer files that cannot carry computer viruses?

Till someone more knowlegable comes along, as far as I know, every type of file can be infected with a virus, but only executable files can transmit them. So that would be exe and com files. Now, there are some exploits in some programs that allow a non-executable file to infect you, but that is done through the program. I’m mainly thinking of some problems with Microsoft Outlook awhile back.

Now, my knowledge is a little out of date, I know this was true back when, but with all the new stuff in XP and Vista, who knows.

Usually, only executable files(programs) can carry viruses. Now, Microsoft Office documents can contain programs(called macros) in them, so that’s why Office documents have been able to infect people with viruses as well. However, there have also been cases where files which never contain programs have been used to transmit viruses. That has happened by exploiting a bug in the program that displays the file and tricking it to run the file like an executable. Internet Explorer got hit with this once – someone found a way to make IE execute code embedded in a JPEG picture. This kind of virus is much more rare, though.

So, in theory, a text file could spread a virus if opened with a buggy text editor, but that’s exceedingly unlikely. Usually, you only ever need to worry about files that are programs or can contain programs.

One of the problems is that sometimes file suffixes are hidden. So, an executable file called readme.txt.exe will appear as readme.txt. It’s not a text file, but it looks like one. That’s a common distribution method for computer viruses.

Virtually any type of file can exploit a bug or vulnerability. One of the more prevalent methods relies on the so-called “buffer-overflow” problem that a lot of software exhibits, where deliberately malformed data ends up causing code to execute. Note that this does not require the file to be an executable itself, nor does the application loading the data have to support scripting or add-ons; it could be something as simple as reading a data file that triggers the exploit.

CMC fnord!

Most malicious code functions by taking advantage of exploits within specific applications or libraries. This means that, yes, any file can contain malicious code, but the programs that process .TXT files (for example) usually aren’t complex enough to have buffer overflows or other vectors for the malicious code to be executed.

M.I.C.E. Metafile Image Code Execution
GRC’s “MouseTrap” MICE detection utility.

CMC fnord!

That’s actually a different vulnerability. In that case, it was a picture file format that Microsoft allowed to contain programs.

I was talking about this security hole.

There’s just too many to keep track of!

CMC fnord!

You have never used EMACS, have you :smiley:

In fact MS chose this to be the *default *setting in Explorer, although I don’t know why anyone would *not *want to see the extensions.

If you can’t see your file extensions, open up Explorer and go to Tools…/Folder Options and click on the View tab. Find the setting “Hide extensions for known file types”, and uncheck that sucker.

Thanks to NTFS any file can carry a virus. You see NTFS supports things called Streams. See also here and here.

While any NTFS file can carry a virus tucked into a stream (a concept taken from the Mac filesystem - known as a resource fork) the fact that very few applications actually look at the streams means that there are limited avenues of infection.

Streams could have been useful - once upon a time. Now, they are generally considered irrelevant as there are no real uses for them. The were intended for Metadata (tags etc) and things like thumbnails on image files. Metadata generally gets tucked into extensible file formats (IPTC/EXIF for photos, ID3 for MP3s) so that they can be used across OSes, and MS did not implement stream-based thumbnailing, sticking with the stupid Thumbnails.db scheme.

Streams can be used to hide malware, and it has been a failing of the AV industry that stream scanning has not been implemented. Then again, streams have not actually been used by malware authors, in spite of the fact that the proof of concept has been about since 2000.


  1. Back in the old days…

One problem with text files was that many people used an ansi (or VT100) screen driver to get extra speed and functionality in a text screen. One “feature” of ansi screen coding was keyboard remapping. So you read a text file that contains the code to remap a key to something bad, you press the key, bad command gets executed.

Not really a problem now since it’s all old hat.

  1. Even if you have MS-Windows set to show file extensions, not all are properly handled. The most awful one is the “.url” extension. If you have a file that looks safe but has the “.url” extension hidden, then IE opens and takes you to the linked web site. Which can then infect your computer with everything imaginable.

Thank you Bill Gates. Brilliant security planning there.

ANSI command string bombs - that takes me back. You could send a DEC Mail that changed the charset on the terminal, or inverted the screen colours or any one of a number of other pranks. Now all I do is rotate peoples display.

Not if you set Firefox as your default browser. And don’t run as administrator. :smiley:


I know about the Windows function to make sure it is displaying file extentions, because if they are not showing extentions a .ext file wouldn’t show. Then someone could disguise a file as example.txt when it’s really example.txt.exe - because you failed to turn on ext. I wonder why it’s off by default?

Anyway I guess what I mean is could you get a file mearly by opening a TXT file?

Let’s say I got a file that was in a notepad as TXT and I just click to open it. Could something really run from it?

It depends on how you open it. It’s impossible to say that a file type is safe because the programs that are used to view files are so complex. Did you receive it through Outlook? What is running on your machine?

It’s theoretically possible (other posts in this thread have discussed possible attacks), but it’s a relatively minor risk compared with other things that people usually do on a computer.

The thing to keep in mind is that there are always risks, both discovered and undiscovered, when you use a computer. You should do what you can to decrease the risks, but you can’t really get rid of them completely unless you just never use the computer. The real challenge is balancing security versus usability.

Straying a bit into IMHO territory to explain this further: If you never double-click on another .TXT file again, you might (for example) reduce the risk of encountering a Notepad exploit from 1 in 50,000 to 1 in 100,000, but you would also (presumably) never read .TXT files again.

Is it a worthwhile trade-off? That’s ultimately up to you to decide, but I would say probably not because there are other things you can do like switch browsers, install firewalls or anti-virus programs, switch operating systems, etc. that will reduce a lot more risks without adversely affecting usability as much.

Notepad (in the past) could actually be riskier than a proper text editor. It used to just open the file and dump the contents into a Windows API TextEdit control (which was why it could only handle files up to 64K on Win95/98) and it wasn’t fussy what it loaded. Can you say Buffer Overflow.

Real text editors are far more careful about data handling - using multiple buffers and suchlike. But such complexity has risks of its own.

I don’t know of any exploits based around text files, but always ensure that you display extensions before launching. And notepad now is a better app than it was, but I always use Notepad++