Tuesday, 5 May 2009

Windows 7 will help hide viruses

The version of Explorer included in Windows 7 will hide file extensions by default. This is the same behaviour as Explorer in earlier versions of Windows, which had been abused by virus writers frequently to trick unsuspecting victims into running programs.

For example, on a default Windows XP PC Explorer would display a file called 'image.jpg' as simply 'image'. Thus users are not confronted by strange looking file names. However, here's the problem. Non-technical users don't know what's going on half the time and the bad guys know this, which is why they do things like renaming malicious files with a false extension just before the real one.

For example, rename file.exe to file.jpg.exe and it will will appear in Explorer as 'file.jpg', which looks pretty innocent if you forget that you shouldn't see any extension at all (and it's so subtle that most people won't notice this anomaly). Double-clicking this file will not open an image editor or viewer. It will run the program, which is going to be a bad thing. In this respect Windows helps the criminals disguise their Trojans.

Microsoft should balance the convenience of hiding file extensions with the danger that accompanies this as a default setting that only experts will change. I'm not even sure that hiding file extensions is any more convenient. It just makes the screen look fractionally less cluttered. There is still time for the company to change the default setting - Windows 7 is at least a few weeks away from a final release. I hope that it makes that change.

Regardless of which version of Windows you use, it is a sensible idea to change Explorer's default settings so that you can see all file extensions. In Windows XP you can do this by running Explorer, choosing Tools from the menu and clicking on Folder Options. Click the View tab and untick the option called 'Hide extensions for known file types'.

Security company F-Secure posted about this setting in Windows 7 earlier today.