Friday 19 June 2009


Last month I wrote about the fact that Windows (XP, Vista and 7) hides file extensions by default. In my view this poses a security problem. Let's illustrate this using a real-life example...

I received a malicious email yesterday that contained a link to a file called bestvideo.avi.exe.

If I was silly enough to download this file then my PC would show the file as being called:


If my default settings were in place (hiding the file extension), then the file would be called:


In both cases, double-clicking the file would run the executable file. In the latter case, a user might expect Windows Media Player to run and to load and display a video file but that's not going to happen.

More than likely the real result would be that the program would run and would make some changes to the system, such as editing the hosts file or downloading further malicious software. Whatever it does, it won't be anything useful.

No comments:

Post a Comment