A company we are working with has a few ridiculous security measures. One of them goes like this:
- You cannot e-mail us .zip files. If you want to transmit a .zip file, rename it to .txt.
IMHO, there is no good reason for this. I can only see two reasons to do such a thing:
- Their employees are idiots and click on every zip file, and every .exe/.vbs/britney.jpg.com file in the zipfile. By only telling the smart people to use the rename-to-.txt files trick, the stupid people pose no threat. Actually, I like this explanation.
- There is a known bug in the email software which auto-opens .zipfiles and gets infected. Renaming prevents the software to do this.
Other than that, when the .txt arrives, their user still has to re-rename it to .zip and then we are back to square 1: we have a potentially unsafe zipfile.
Am I missing something? Is there any reason why this could be a recommended practice?