Don’t you dare touch that .DOC

An executable e-mail attachment can bring nasty bugs into your network as easily as a 2-year-old brings the sniffles home from daycare. Hence the multibillion-dollar virus-protection business and all those worm-of-the-week news stories you read.

But are we actually reaching the point where even the humble Word document is no longer welcome in workplaces if it comes in over the modern-day transom?

And does yanking the welcome mat out from under ol’ .DOC represent a prudent security precaution in these risk-filled times . . . or overkill bordering on paranoia?

The questions arise from a recent e-mail encounter between an editor at another IT publication, which shall remain nameless, and Joel Synder, a regular contributor to these pages and the Network World Test Alliance, as well as a senior partner at Opus One, an IT consulting firm in Tucson, Ariz. Because Snyder is not a member of the Network World staff, he’s free to write for other periodicals, which he does periodically. However, he’s finding that filing his copy isn’t as easy as it used to be. Take this recent e-mail exchange with that other publication:

Editor to Snyder: “By the way, our IT folks have gotten religious about stripping .DOC attachments. Please send story in .RTF.”

Snyder to editor: “Your IT people are morons, and you should write up how stupid they are in your magazine. You should make fun of them mercilessly in print, in large letters, preferably on the cover. . . . If they cannot deal with this problem, they need to be fired and replaced by people who understand that a magazine is a place where people send and receive Microsoft Word documents.”

As you see, Snyder is a bit shy about expressing his feelings, but I’m sure you get the drift. And because only a moron would publicly ridicule the men and women who hold the keys to the network kingdom, Snyder was no doubt aware that his editor was unlikely to take his suggestion literally.

So he wrote to me, knowing full well that I might.

Be clear about the relationship we’re describing here: We’re talking about a magazine, a company that buys and sells words. A writer – a bona fide security expert, by the way – is sending a common Word document to an editor with whom he has an established professional relationship. This isn’t a case of some knucklehead in distributing the latest bit of filthy animation glommed off the Internet to everybody in his address book.

Yet the magazine’s IT department says no can do, the rules are the rules, and we make the rules.

The reason?

“It’s macros,” Snyder says. “Macros can be in .DOC files and not in .RTF files.”

Which means the folks in Redmond don’t exactly get off scot-free on this matter.

“Certainly it’s also an opportunity to get in a jab at Microsoft and the lack of configurability that keeps poor little security people from being so frightened of Word,” he says.

But the question before the court isn’t whether .DOC attachments present any risk at all – everything has some risk these days. The question is whether those attachments present such a danger that allowing them to remain on incoming e-mail is a bad idea.

Now it’s your turn to chime in, Network World readers. Are .DOC attachments too dangerous to allow them to pass through to your end users? Or is Snyder’s tirade justified?

Opinions to the address below. Presuming this generates enough chatter, we’ll revisit the topic in a few weeks after Buzz gets back from a couple of conferences.

You can send your comments in .CRAYON for all I care. The address is buzz@nww.com.