Hide File Extensions, Invite Hackers?

By  |  Tuesday, May 5, 2009 at 12:56 pm

Mikko, at F-Secure’s Weblog:

…in Windows NT, 2000, XP and Vista, Explorer used to Hide extensions for known file types. And virus writers used this “feature” to make people mistake executables for stuff such as document files.

The trick was to rename VIRUS.EXE to VIRUS.TXT.EXE or VIRUS.JPG.EXE, and Windows would hide the .EXE part of the filename.

Additionally, virus writers would change the icon inside the executable to look like the icon of a text file or an image, and everybody would be fooled.

Surely this won’t work in Windows 7.

As a grizzled old Windows veteran, I remember the days when computer users spent a lot more time thinking about extensions (and we liked it, dagnab it!). It was kind of discombobulating when Microsoft began downplaying them. But Mikko brings up a pretty compelling reason why it’s not a great idea to hide ’em. Wonder if Microsoft has thought about this, and why it hasn’t erred on the side of safety?

 
13 Comments


Read more: , ,

11 Comments For This Post

  1. Tom B Says:
    May 5th, 2009 at 1:32 pm

    I “show extensions” on my Mac, as well, just so I’m sure what I downloaded.

  2. bob e Says:
    May 5th, 2009 at 1:35 pm

    I always show extensions, makes me crazy not to know what the file is.

    btw Win 7 RC on my Dell XPS Studio is very nice 🙂

  3. Scott Steubing Says:
    May 5th, 2009 at 2:26 pm

    I always Hide File Extensions, relying on the icon, Explorer’s Detail mode, and the file properties to tell me what a file is. If I see a file named “virus.jpg”, I know it’s not a picture file because if it was, it’s name would be just “virus” since I hide the extensions.

    The problem isn’t hiding file extensions. The problem is users who click unknown attachments. Showing the file extensions isn’t going to cure them of that.

  4. Brandon Says:
    May 5th, 2009 at 3:02 pm

    This is just silly.

    If the file is an executable, it will show a warning if it came from a non-trusted source, such as an e-mail attachment or a website. That is a much more reliable way for users to determine that executing something may be dangerous and that they should be sure they trust the source.

  5. Joe Says:
    May 5th, 2009 at 4:24 pm

    This isn’t news, it’s publicity for F-Secure who will probably claim to protect you.

    Showing file extensions is one of the first things I do on a new Vista/7 install.

  6. Esteban Says:
    May 5th, 2009 at 5:45 pm

    I prefer to view extensions. However, I often get tripped up when renaming files. Suppose I have a file called “DSC_0004.jpg” and I want to rename it “Steve in Paris.jpg”. I click on the name, type “Steve in Paris” and press enter. Then I get an error telling me that if I remove the extension, the file will lose its association with my image viewing program. If I tell Windows that I don’t want to rename it, then the file reverts back to the original name, and I have to type it all over again, making sure to get the extension on there. Either that, or I can tell Windows to strip the extension, wait for the icon to turn to a generic sheet of paper, and then rename it again, appending the extension to the new file name. Either way, it’s annoying. Why can’t Microsoft add an option to keep the current extension? Ninety percent of the time, I just want to change the name, not the file type.

  7. Pete Says:
    May 5th, 2009 at 5:47 pm

    Esteban, this is the behaviour in 7, maybe Vista too, I can’t remember.

  8. NanoGeek Says:
    May 5th, 2009 at 7:11 pm

    And Linux too. 🙂

  9. Brandon Says:
    May 5th, 2009 at 7:26 pm

    Esteban –

    In Vista or Win7, even if you have it set to always show extensions, if you click “rename” it selects the filename but not the extension. This largely removes the problem you described (which still affected XP and the other OSes I’ve used).

  10. Marc Says:
    May 6th, 2009 at 12:51 am

    Since XP SP2 any EXE downloaded from the Internet will show a warning unless it’s digitally signed, that and all current versions of Outlook and Windows Mail block EXE, BAT, REG, CHM etc

  11. PKerai Says:
    May 6th, 2009 at 3:34 am

    @Since XP SP2 any EXE downloaded from the Internet will show a warning unless it’s digitally signed

    Unfortunately USB sticks don’t get the same level of protection. W32/Yahlover and variants use a version of the trick described by F-Secure, where in a folder called “Foo” they create an exe called “Foo.exe” with the default Explorer folder icon. To the user it looks like a folder “Foo” within “Foo”. Many get confused and click again and promptly get infected (Unless their antivirus catches it — which doesn’t always happen, and assuming they have antivirus to begin with).

2 Trackbacks For This Post

  1. A simple security fix for all Windows users — Shooting at Bubbles Says:
    May 5th, 2009 at 3:51 pm

    […] Harry McCracken – Technologizer: As a grizzled old Windows veteran, I remember the days when computer users spent a lot more time thinking about extensions (and we liked it, dagnab it!). It was kind of discombobulating when Microsoft began downplaying them. But Mikko brings up a pretty compelling reason why it’s not a great idea to hide ‘em. Wonder if Microsoft has thought about this, and why it hasn’t erred on the side of safety? […]

  2. Hide File Extensions Invite Hackers Technologizer | debt solutions Says:
    June 15th, 2009 at 5:27 pm

    […] Hide File Extensions Invite Hackers Technologizer Posted by root 48 minutes ago (https://www.technologizer.com) I always hide file extensions relying on the icon why can 39 t microsoft add an option to keep the current extension brad joined the technologizer community leave a comment for copyright 2009 technologizer inc technologizer is pleased to be powered by wor Discuss  |  Bury |  News | Hide File Extensions Invite Hackers Technologizer […]