Windows 7 Users Warned Over Filename Security Risk

[gregmcc]

http://www.infopackets.com/news/sof..._users_warned_over_filename_security_risk.htm

Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows.

 

[mercurial]

Hidden File Extensions by Default

The issue involves the way Windows Explorer displays filenames.

In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type.

The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe'.

I still don't see why this is an issue. If you have an anti-virus application installed, it should pick it up anyway.

 

[Park@82]

I cant access that link for some reason but wouldn't, unticking "hide extensions for known file types" help solve this?

 

[fragtion]

If the 'hide file extensions for known filetypes' option is enabled, then if you see partyinvite.doc you should already know that the .doc you see is part of the filename and not the extension... plus, as mercurial said, antivirus should detect most, more common harmful exe's anyway. This is really turning a useful, optional 'feature' into reason to whine about nothing. Instead of complaining about the feature (which is actually there for people who aren't very PC-literate to be able to rename their files without damaging the extension / what application opens the filetype) rather suggest a better method...

 

[Lord-Nikon]

I also don't see the reason for havoc!

As mercurial said, your AV should pick this up straight away. Failing to have an AV leads to a lack of sympathy from me Also, if you are fairly computer literate you should be able to recognize file types by their icons and not their extensions. A .doc have a nice blue icon and an .exe has an awfully dull looking block icon

They are just giving MS flak about this because they can't give the other OS' any flak

 

[soulman]

'hide file extensions for known file types' should be disabled by default.

 

[ld13]

'hide file extensions for known file types' should be disabled by default.

Yes, I agree. But only for me and my peers.
I'd have to say No for my mom and her peers.

 

[d0b33]

Yes, I agree. But only for me and my peers.
I'd have to say No for my mom and her peers.

Exactly... had issues where people rename photos and remove the ".jpg" then complain about it and I'm asked to fix it

 

[Pyro]

Either it's disabled, or it's not. If you always see files extensions, you'd expect the .doc, if not you won't.

Not rocket science.

But, I guess it had to be said.