A few readers asked why .RTF email attachments are considered a security risk?
The confusion is understandable. After all .RTF (Rich Text Format) files aren’t designed to carry any computer code that can be run to start a virus infection. So they would seem to be ‘safe’ from virus infection.
Sadly, that doesn’t stop hackers using RTF’s maliciously.
RTF documents can still be used to compromise a computer. Over the years there’s been various instances where hacked RTF files have been used to run malicious code when the RTF file has been opened with Word.
In other words, hackers take advantage of security lapses in Word that are available when RTF files are opened.
In 2014 Microsoft took the step of recommending RTF’s be blocked as email attachments and provided a tool to do that.
Now we have .docx files that are both more secure and smaller (they are compressed by default) so .rtf files are less commonly used.
There have been similar situations with ZIP files which officially can’t run code. ZIP’s can be hacked to do so, which is why .zip files are often used by hackers in their emails.
Be wary of incoming documents in either .DOC or .RTF format as well as .ZIP attachments.
When sending out documents, the polite and security aware option is the Office 2007 and later document formats – .docx .xlsx or .pptx