Windows 7 security fail

[raj11650]

Windows 7 still allows unsafe files to be disguised as safe files

The good folks at F-Secure uncover the first Windows 7 security fail … and it’s a classic.

The issue in question is nothing new. In fact, it’s been around for so long that I didn’t even bother checking to see if it had been fixed.

You see, in Windows NT, 2000, XP and Vista, Explorer used to Hide extensions for known file types. And virus writers used this “feature” to make people mistake executables for stuff such as document files.

The trick was to rename VIRUS.EXE to VIRUS.TXT.EXE or VIRUS.JPG.EXE, and Windows would hide the .EXE part of the filename.
Additionally, virus writers would change the icon inside the executable to look like the icon of a text file or an image, and everybody would be fooled.
Surely this won’t work in Windows 7.

Lets try.

Hmm. It sure looks like a text file in Explorer:

Read More

 

[Digger]

hehe.... yea... had forgotten about all this myself... back on 98 as well if i recall correctly... is why enabling the file extensions is one of the first batch of steps i do after a fresh install, while updates are downloading. Freaky stupid to see it still acting and how it acts with 7 as described/shown in the pic

 

[Compaker]

Can MS really overlook such stupid mistakes? I mean, they make millions of dollars a year, they can afford it.....

 

[darkassain]

which i why i always have show filetypes on always...
there is no reason not to have it on by default
so in my POV there is no reason why MS would not show that as the default..

 

[johngalt]

+1 - I turn that on, as well as show hidden files *and* system files. SOP on my end for any machine I am on that I am not restricted out of ....

 

[darkassain]

+1 - I turn that on, as well as show hidden files *and* system files. SOP on my end for any machine I am on that I am not restricted out of ....

++1 on that (or would that be 1++...)
forgot about that and like was said before is one of the first things done in my system...

 

[mxosder16]

and if someone wants to see the extensions i have put together this little tutoiral, lol



-in the start menu search box type in 'show hidden files and folders' (minus the quote marks of course)
-click on the folder
-uncheck the 'hide extensions for known file types'
-done (that was easy)

 

[Handycam]

Someone will report it and MS will patch it up..

 

[johngalt]

Actually, you can get away with typing

show hid

and that should be sufficient for bringing up that setting....

Also, you can use the arrow keys to navigate instead of clicking on the shortcut, *and* you can simply hit [ENTER] after typing that in and the shortcut folder shows in the list.....

 

[mxosder16]

Actually, you can get away with typing Code:
show hid
and that should be sufficient for bringing up that setting....

Also, you can use the arrow keys to navigate instead of clicking on the shortcut, *and* you can simply hit [ENTER] after typing that in and the shortcut folder shows in the list.....

i know... but that is too easy. i had to make such a simple task a bit more complicated and thus worthy of a tut

 

[Win7User512]

which i why i always have show filetypes on always...
there is no reason not to have it on by default
so in my POV there is no reason why MS would not show that as the default..

I agree that it is most beneficial to have it set to show extensions.

MS prob feels it is more aesthetically pleasing to not have it as default.

 

[Meyithi]

Hmmm, this is Paranoia on so many levels...

1) The Action Center Flag warns you that you have no Virus Checker because?

2) If the .exe is on your machine something is already wrong.

3) When you download in any browser that I know of, the browser doesn't hide the extension.

4) If the .exe is on removeable media, why are you running stuff you don't know the origins of?

5) See 1. Will tell you if what you are running has a Virus!

 

[Barman58]

Someone will report it and MS will patch it up..

You would think so , but as they've known about it since Windows 98 and haven't done anything I doubt they will suddenly see the light

 

[madbusu]

that's why i learn to use i file manager (TC)....win explorer s.u.x.

 

[swarfega]

One of the first things I do is enable exentions, I like to see what Im handling and dont need to be hand held by MS.​

 

[Barman58]

Hmmm, this is Paranoia on so many levels...

1) The Action Center Flag warns you that you have no Virus Checker because?

2) If the .exe is on your machine something is already wrong.

3) When you download in any browser that I know of, the browser doesn't hide the extension.

4) If the .exe is on removable media, why are you running stuff you don't know the origins of?

5) See 1. Will tell you if what you are running has a Virus!

The weakest link in any security system is, and always will be, the user. The fixing of this long running issue would I feel just add to the other protective systems available.

for example the file "ReadMe.pdf" looks a whole lot more inviting to the user with some knowledge, who knows not to run unknown .EXE files, than when it's displayed as "ReadMe.pdf.exe"

We all know this type of thing should not happen, but it does , and every option possible should be protected against.