Windows 7 Users Warned Over Filename Security Risk
Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows.
Hidden File Extensions by Default
The issue involves the way Windows Explorer displays filenames.
In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type.
The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe'.
Executable File Icon Appearance Ambiguous
Windows will see this, treat it as a Word document file, and simply display it as 'partyinvite'. Because executable files can be set up to appear with any icon (usually one specific to the program concerned), anyone could set this file to appear with the Word icon. This means that unless the user has the 'Details' view switched on and notices that the file is listed as an 'Application', they would have little chance of realizing it was not a legitimate Word file. (Source: computerworld.com)
Security firm F-Secure has noted this option is still the default setting in Windows 7, despite the problem. It's possible Microsoft could still change this in Windows 7, but it seems unlikely now that the system is at the Release Candidate stage. (Source: f-secure.com)
Users More Easily Fooled
It's worth remembering that you should never open any file unless you are 100% certain it is legitimate and comes from a trusted source. However, most users are much more likely to be fooled by a document file than an executable program file, particularly when it is spread through an email virus. A rogue executable file can do much more damage, as it can attack Windows directly rather than have to exploit a specific problem in an application.
Windows Explorer's settings can be changed so that the legitimate file extension is always visible, regardless of what view mode you have selected. To make the change, open a folder in Windows Explorer, select Folder Options from the Tools menu, and then choose the View tab. From here, un-select the options 'Hide extensions for known file types'.
How to Fix: Windows 10 Upgrade Failed Error 80240020
Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- No Service Packs For Windows 10; Support ends 2025
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Windows 10 to Natively Support iOS, Android Apps
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?