Avast WEBforum
Other => General Topics => Topic started by: polonus on May 05, 2009, 08:32:11 PM
-
In Windows NT, 2000, XP and Vista, the option " Hide extensions for known file type in Windows Explorer is the default setting, And virus writers used this "feature" to make people mistake executables for stuff such as document files or text files.
The trick was to rename VIRUS.EXE to VIRUS.TXT.EXE or VIRUS.JPG.EXE, and Windows would hide the .EXE part of the filename.
Additionally, virus writers would change the icon inside the executable to look like the icon of a text file or an image, and everybody would be fooled.
Surely this won't work in Windows 7.
Lets try. Windows 7 RC is out today.
Well. It sure looks like a text file in Explorer:
But it actually is an executable:
Windows 7 Fails
So hold to your av solution, folks, re: http://www.f-secure.com/weblog/archives/00001675.html
polonus
-
wow i would've opened the "text" file so fast without thinking
thanks for the post
-
Shame... when we think we're improving, old tricks come back again :P
-
I'm sure there are other ill advised default settings inherited from previous versions (rather just accepted as the norm).
Me I can't understand when MS went to the trouble of providing outbound protection in the Vista firewall, yet by default it is disabled. I wonder if that is the case in W7 ?
Personally I feel the same about Hidden Files and Folders being the default action (in the same area as known file types) are they still hidden by default in W7 ?
-
Very interesting. I can see why so many people are fooled into opening malware like this.
-
Win 7 RC succeeded here. ;D ;D
-
Win 7 RC succeeded here. ;D ;D
Actually Win 7 RC Fails, thats the version F-Secure used at the link in Polonus' post.
-
The only fail are uneducated users.
-
The only fail are uneducated users.
I agree. Sadly, MS automatically hides file extensions from users, only because most users don't understand what they are. If they weren't hidden by default though, you'd think that people would start gaining experience and hopefully learn that opening files with "multiple" extensions might not be safe.
-
Hi guys,
I must somewhat disagree, allthough I also think that hidding the extension is bad, and I hate it, showing it does not appear to me as a big security advantage for average grandma.
Since .txt is good, .exe is bad, .ini is good, .reg is bad, .jpg is good unless you have your system unpatched, .avi is good, unless it downloads you some codecs, .rtf is bad since it actually may run word and be actually infected .doc, .ppt might be good, but actually is bad as well, .eml is good, but might contain attachments, .cmd is bad, .pif and .lnk might be good and bad at the same time, I am afraid I have already lost your attention and my grandma surely must be already sleeping....
-
I have already lost your attention
Lol ;D
-
Win 7 RC succeeded here. ;D ;D
Actually Win 7 RC Fails, thats the version F-Secure used at the link in Polonus' post.
Mac,
If you look carefully at the picture I posted, you'll notice it shows the .iso extension.
This picture was made on an updated Win7 system.
Showing extensions always required a settings change. No different now.
Why is this such a big deal in Win7 ? It wasn't mentioned in Vista.
Or is this just another ploy by the usual MS bashers ???
I found the upgrade to be extremely smooth and without any troubles.
I upgraded one Vista system and one test computer that had used a previous beta version of Win 7.
-
I agree with lukor. Plus, if extension is there, users can break themself. Imagine users renaming lets say avast.exe to avast.exf or erasing entire extension and then wondering why the program doesn't work anymore. Thats probably the main reason why MS prefers extensions to be hidden.
-
The thing that gets me about the hide extensions is that it is 'only' applied to what they say are known extension types, known to whom for heavens sake, well MS. Certainly not the people whom we seem to be trying to protect from themselves.
Me I'm for transparency show them all so that these double file extensions would be seen. If someone decides to change a file type, having done so MS pop-up the are you really sure you want to do this, if they then continue, well I have very little sympathy (sorry about that). Some people are their own worst enemy when they start tinkering and hiding known file types won't stop that.
-
The thing that gets me about the hide extensions is that it is 'only' applied to what they say are known extension types, known to whom for heavens sake, well MS. Certainly not the people whom we seem to be trying to protect from themselves.
Isn't it "known to the system" which means there is an association for the extension in question ?
-
Isn't it "known to the system" which means there is an association for the extension in question ?
You know the answer: yes.
-
Well, isn't odd enough that something DOES have an extension even though they are hidden? That would have raised my eyebrow so why doing it the other way around and confusing users with 2 visible extensions (one real and another fake one)?
-
Isn't it "known to the system" which means there is an association for the extension in question ?
That is the true problem, as it is the poor user that has the problem as they don't know either those file types known to the system or otherwise. I fail to remember the number of times when we send a user to check/modify the avast4.ini file only for them to come back and say they can't find it, there is no avast4.ini file, but there is an avast4 file.
So the system know the ini file type and doesn't display it and the user is the one suffering the confusion and this isn't the only file type which could cause this confusion when trying to find a file. It seems crazy to do this as there can't be any real overhead in simply displaying all file types.
Well, isn't odd enough that something DOES have an extension even though they are hidden? That would have raised my eyebrow so why doing it the other way around and confusing users with 2 visible extensions (one real and another fake one)?
But at least when they can see all file types, they will see all the rest only have one, so would that not raise their suspicions to at least seek advice.
-
Has the beta version of Windows 7 been introduced?? Where is it available???
-
DavidR, wouldn't extension existing where it shouldn't do the same? There shouldn't be any .JPG appended to any file if extensions are hidden (as by default). So if user spots that it should work with caution.
-
Has the beta version of Windows 7 been introduced?? Where is it available???
No, the RC version has been released which is later in the development phase of windows7 than the beta, which has ended.
Check the forums as suggested earlier for the other windows 7 topics/posts there are some links.
DavidR, wouldn't extension existing where it shouldn't do the same? There shouldn't be any .JPG appended to any file if extensions are hidden (as by default). So if user spots that it should work with caution.
The problem being the user isn't to know that, how do they know if the extension should exist or not. That is the point of my first statement about the hide extensions for known extension types, known to whom, certainly not to your average user. They wouldn't know it isn't displayed because it is a known type (to the system/MS), hell they can't see the file type to understand that it is a known type. It is the proverbial chicken and egg, how do they know when they can't see.
-
What is the Rc version? ??? ???
-
***
RC = Release Candidate
***
-
Has the beta version of Windows 7 been introduced?? Where is it available???
It's been released and links are posted here:
http://forum.avast.com/index.php?topic=19387.msg376257#msg376257 (http://forum.avast.com/index.php?topic=19387.msg376257#msg376257)
-
Win 7 RC succeeded here. ;D ;D
Actually Win 7 RC Fails, thats the version F-Secure used at the link in Polonus' post.
Mac,
If you look carefully at the picture I posted, you'll notice it shows the .iso extension.
This picture was made on an updated Win7 system.
Showing extensions always required a settings change. No different now.
Why is this such a big deal in Win7 ? It wasn't mentioned in Vista.
Or is this just another ploy by the usual MS bashers ???
I found the upgrade to be extremely smooth and without any troubles.
I upgraded one Vista system and one test computer that had used a previous beta version of Win 7.
This was just the opinion of Mikko H. Hyppönen, F-Secure's Chief Research Officer, that he thinks (as do others) that it should not be hidden by default. Its not some "ploy" against Microsoft, although I would be thrilled if there was one ;D
-
I agree with lukor. Plus, if extension is there, users can break themself. Imagine users renaming lets say avast.exe to avast.exf or erasing entire extension and then wondering why the program doesn't work anymore. Thats probably the main reason why MS prefers extensions to be hidden.
Agreed, I've had too many users rename something and lose the extension.On the computers I service I keep the extensions hidden and warn the users.