Windows 7 Users Warned Over Filename Security Risk
Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows.
Hidden File Extensions by Default
The issue involves the way Windows Explorer displays filenames.
In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type.
The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe'.
Executable File Icon Appearance Ambiguous
Windows will see this, treat it as a Word document file, and simply display it as 'partyinvite'. Because executable files can be set up to appear with any icon (usually one specific to the program concerned), anyone could set this file to appear with the Word icon. This means that unless the user has the 'Details' view switched on and notices that the file is listed as an 'Application', they would have little chance of realizing it was not a legitimate Word file. (Source: computerworld.com)
Security firm F-Secure has noted this option is still the default setting in Windows 7, despite the problem. It's possible Microsoft could still change this in Windows 7, but it seems unlikely now that the system is at the Release Candidate stage. (Source: f-secure.com)
Users More Easily Fooled
It's worth remembering that you should never open any file unless you are 100% certain it is legitimate and comes from a trusted source. However, most users are much more likely to be fooled by a document file than an executable program file, particularly when it is spread through an email virus. A rogue executable file can do much more damage, as it can attack Windows directly rather than have to exploit a specific problem in an application.
Windows Explorer's settings can be changed so that the legitimate file extension is always visible, regardless of what view mode you have selected. To make the change, open a folder in Windows Explorer, select Folder Options from the Tools menu, and then choose the View tab. From here, un-select the options 'Hide extensions for known file types'.
Free guide: Windows 8 Cheat Sheet: Touch and Mouse Gestures. Windows 8 brings a revolutionary way to use your mouse, touchpad, and touchscreen using 'gestures'. If you're new to gestures, you'll most certainly find them confusing - especially if you don't mean to invoke a gesture in the first place! That said, gestures are widely used on mobile and touch-based devices, and the technology is here to stay. Gestures can be a huge time-saver (similar to keyboard shortcuts) once you understand how to use them. For example, you can use gestures to move objects from one location to the next, zoom in, zoom out, enter passwords, and similar. This Windows 8 gesture cheat sheet is designed to make your life easier by demonstrating and explaining the basics. Print, share, and enjoy! Click here to download this guide now! Note: this guide is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.