Author Topic: Windows 7 fails here....  (Read 11689 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Windows 7 fails here....
« on: May 05, 2009, 08:32:11 PM »
In Windows NT, 2000, XP and Vista, the option " Hide extensions for known file type in Windows Explorer is the default setting,  And virus writers used this "feature" to make people mistake executables for stuff such as document files or text files.

The trick was to rename VIRUS.EXE to VIRUS.TXT.EXE or VIRUS.JPG.EXE, and Windows would hide the .EXE part of the filename.

Additionally, virus writers would change the icon inside the executable to look like the icon of a text file or an image, and everybody would be fooled.

Surely this won't work in Windows 7.

Lets try. Windows 7 RC is out today.

Well. It sure looks like a text file in Explorer:

But it actually is an executable:

Windows 7 Fails          

So hold to your av solution, folks, re: http://www.f-secure.com/weblog/archives/00001675.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

johnny223

  • Guest
Re: Windows 7 fails here....
« Reply #1 on: May 06, 2009, 12:08:40 AM »
wow i would've opened the "text" file so fast without thinking

thanks for the post

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Windows 7 fails here....
« Reply #2 on: May 06, 2009, 12:14:07 AM »
Shame... when we think we're improving, old tricks come back again :P
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Windows 7 fails here....
« Reply #3 on: May 06, 2009, 01:32:46 AM »
I'm sure there are other ill advised default settings inherited from previous versions (rather just accepted as the norm).

Me I can't understand when MS went to the trouble of providing outbound protection in the Vista firewall, yet by default it is disabled. I wonder if that is the case in W7 ?

Personally I feel the same about Hidden Files and Folders being the default action (in the same area as known file types) are they still hidden by default in W7 ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: Windows 7 fails here....
« Reply #4 on: May 06, 2009, 04:14:22 AM »
Very interesting. I can see why so many people are fooled into opening malware like this.
"People who are really serious about software should make their own hardware." - Alan Kay

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Windows 7 fails here....
« Reply #5 on: May 06, 2009, 04:22:39 AM »
Win 7 RC succeeded here.  ;D ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: Windows 7 fails here....
« Reply #6 on: May 06, 2009, 06:05:02 AM »
Win 7 RC succeeded here.  ;D ;D

Actually Win 7 RC Fails, thats the version F-Secure used at the link in Polonus' post.
"People who are really serious about software should make their own hardware." - Alan Kay

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Windows 7 fails here....
« Reply #7 on: May 06, 2009, 10:52:57 AM »
The only fail are uneducated users.
Visit my webpage Angry Sheep Blog

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Windows 7 fails here....
« Reply #8 on: May 07, 2009, 04:57:14 AM »
Quote
The only fail are uneducated users.

I agree.  Sadly, MS automatically hides file extensions from users, only because most users don't understand what they are.  If they weren't hidden by default though, you'd think that people would start gaining experience and hopefully learn that opening files with "multiple" extensions might not be safe.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: Windows 7 fails here....
« Reply #9 on: May 07, 2009, 09:00:00 AM »
Hi guys,

I must somewhat disagree, allthough I also think that hidding the extension is bad, and I hate it, showing it does not appear to me as a big security advantage for average grandma.

Since .txt is good, .exe is bad, .ini is good, .reg is bad, .jpg is good unless you have your system unpatched, .avi is good, unless it downloads you some codecs, .rtf is bad since it actually may run word and be actually infected .doc, .ppt might be good, but actually is bad as well, .eml is good, but might contain attachments, .cmd is bad, .pif and .lnk might be good and bad at the same time, I am afraid I have already lost your attention and my grandma surely must be already sleeping....




Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Windows 7 fails here....
« Reply #10 on: May 07, 2009, 01:47:22 PM »
I have already lost your attention
Lol ;D
The best things in life are free.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Windows 7 fails here....
« Reply #11 on: May 07, 2009, 02:21:36 PM »
Win 7 RC succeeded here.  ;D ;D

Actually Win 7 RC Fails, thats the version F-Secure used at the link in Polonus' post.
Mac,
If you look carefully at the picture I posted, you'll notice it shows the .iso extension.
This picture was made on an updated Win7 system.

Showing extensions always required a settings change. No different now.
Why is this such a big deal in Win7 ?  It wasn't mentioned in Vista.
Or is this just another ploy by the usual MS bashers  ???

I found the upgrade to be extremely smooth and without any troubles.

I upgraded one Vista system and one test computer that had used a previous beta version of Win 7.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Windows 7 fails here....
« Reply #12 on: May 07, 2009, 03:37:38 PM »
I agree with lukor. Plus, if extension is there, users can break themself. Imagine users renaming lets say avast.exe to avast.exf or erasing entire extension and then wondering why the program doesn't work anymore. Thats probably the main reason why MS prefers extensions to be hidden.
Visit my webpage Angry Sheep Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Windows 7 fails here....
« Reply #13 on: May 07, 2009, 03:45:19 PM »
The thing that gets me about the hide extensions is that it is 'only' applied to what they say are known extension types, known to whom for heavens sake, well MS. Certainly not the people whom we seem to be trying to protect from themselves.

Me I'm for transparency show them all so that these double file extensions would be seen. If someone decides to change a file type, having done so MS pop-up the are you really sure you want to do this, if they then continue, well I have very little sympathy (sorry about that). Some people are their own worst enemy when they start tinkering and hiding known file types won't stop that.
« Last Edit: May 07, 2009, 03:48:14 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: Windows 7 fails here....
« Reply #14 on: May 07, 2009, 05:28:37 PM »
The thing that gets me about the hide extensions is that it is 'only' applied to what they say are known extension types, known to whom for heavens sake, well MS. Certainly not the people whom we seem to be trying to protect from themselves.

Isn't it "known to the system" which means there is an association for the extension in question ?