Windows 7 Users Warned Over Filename Security Risk 613
nandemoari writes "Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows.
The issue involves the way Windows Explorer displays filenames.
In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type.
The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe.'"
Um, Win7 is not yet a release (Score:2, Interesting)
I am a Microsoft Hater.
Having said that, Win7 is *not* yet a release, so I do not think that they can be blamed for this with regards to Windows 7.
That this was apparently a real problem on every OS they have released in the last 11 years, on the other hand, is blameworthy.
i seen js javascript the same way (Score:3, Interesting)
Re:Isn't this a dupe? (Score:4, Interesting)
Now, I'll go make a quick patch and submit the .diff
I wonder if ReactOS, the project to make a free Windows XP clone, might take it.
if less clutter was the design goal (Score:2, Interesting)
If less clutter was the design goal, MS could have started somewhere else. Like the explorer toolbar (just leave the up, back, and forward buttons thank you), the "Go" button beside the address bar, the big explorer sidebar with the many superfluous items, the cluttered search side bar, the pointless icon view, i could go on. They could probably even drop the whole Start menu paradigm and move to right-click on desktop to display the start menu contents, leaving the whole taskbar for application tabs.
How to rename files (Score:4, Interesting)
Users have a tendency to accidentally remove extensions when they're renaming if you don't hide them.
That's why a good file manager, like the version of Nautilus that comes with Ubuntu Hardy, selects everything before the extension when the user chooses "Rename".
Re:Not new, not unique to Windows (Score:3, Interesting)
True. Ideally, the extension would be visible, but would not be changed unless the user deliberately intended to.
For instance: When renaming, the extension would not be highlighted by default. Deliberate selection with the mouse would permit the extension to be highlighted. Ctrl-A would initially highlight only the filename; to select both filename and extension, you would need to press Ctrl-A twice.
How can this be? sufixication (Score:5, Interesting)
How can this possibly be?
Your question actually has a face value in excess of it's sarcasm content. How did we get here?
I'm stating common knowledge but it's worth reflection since it paints a large picture. In the begining there was the file and the file was just a marked off stretch of physically contiguous bytes on a tape or drum. it had no internal structure. Have a directory that associated names with files regions was something you had to implement yourself. The filesystems formalized this to having names, hierarchies, and even non-contiguous allocation tables for blocks.
Since that time every new file system has tried to codify the notion of metadata. And in this land of babble, the only common durable hiding place for meta data has turned out to be the filename itself.
Look at HFS for example as a valiant effort in defining meta data like "kind" and "creator", and defining different kinds of forks some of which had uniform storage protocols for resource, so that programs other than the creator could inspect and edit them. And boy what a snarl that has perpertually been. While these still exist, apple has punted and gone to just using file structures and a specially named file (plists) to hold meta data in a quasi XML format.
And so here we are 30 years later and were still putting suffixes on our files just like back in the days of DEC and Prime and even before.
And think about perhaps the biggest failure of the Longhorn Debacle. The promise of a revolutionary new filesystem that put meta data and it's inspection first. An entirely relational storage system underneath that only mimmiced the hierachical system for legacy purposes.
Deleted from Longhorn, promised again for vista, and then gone. Promised for windows 7 then gone.
It's bizzare. Everyone knows what the problem is. HFS was much maligned precisely because it was more complex than suffixes but it's what we really needed back in 1984. and all the others all made so much sense too.
Why are suffixes so enduring? How can this be?
Re:How can this be? sufixication (Score:3, Interesting)
Well yes. But how hard would it be to have a colum in the either the gui or the command line file list that provided that info right beside the file name. indeed that's what OS9 and all it's predecessors did. Even posix will show you the privledge masks in the listings. And if you wanted a more compact "ls" format then have one called "lse" that faked the file extensions back on to the names from the creator meta data.
it's not hard or even incompatible with how the user views the files right now. It's just not done because there's no standard implementation of how to store that metadata that is common to file systems, api's or programs.
Re:How can this be? sufixication (Score:4, Interesting)
my "file" command seems to do a pretty good job. So there are some standards even if they are just because of common practices of using a so-called "magic number" in the file data itself.
Re:How can this be? (Score:5, Interesting)
For the life of me, I've never understood why they turn off the extensions by default, and not only that,why do they keep burying the windows explorer further and further away? Don't people use that to find files? Start applications?
Does no one still get into the tree structure to create their own folders to organize things?
Or...do most people just put everything in My Documents?
Re:How can this be? (Score:5, Interesting)
Windows Explorer is always in the same place no matter what version of Windows you are using. WindowsKey+E.
Standard best practice is to put everything in My Documents. My Documents can be redirected to a network file share. The network file share can be backed up. As long as data is stored in My Documents, it is safe. That approach presents a problem when users want to store gigs of music or photos in there, but for a typical work place environment, it works great. It sure beats the old method of having to manually adjust file storage locations for each individual program.
Re:The reason for this setting is... (Score:3, Interesting)
Vista fixed this. Now, when you rename a file, it highlights everything except the extension, so when you start typing, the extension isn't overwritten.
So, this is no longer a valid excuse for extensions being hidden by default.
Re:umask 224 (Score:3, Interesting)
detail view is the easiest for me to navigate. I have never understood why people with 20/20 vision would use Icon view for anything other than images, or even consider using list view. when i am looking for the file I want, I either know its Name, its Size, its Type, or its Date Modified. I click one of those buttons at the top to sort by that criterion and the file I want emerges before my eyes. There is one way to scan the files -- vertically.
With icon view, you have the useless icons taking up space and obscuring the file name, and you have to scan the files both horizontally and vertically to find a file. Unless I am looking at image thumbnails, I can't ever stand using icon view for longer than 5 seconds. I can only assume that icon view is useful to people with crappy vision and as the common denominator for people who didn't know you could change the view in to begin with.
The first thing I do on every Windows system I use is to enable file extensions, view all hidden and system files, and force detail view for all folders.
[vista rant]
Since Vista came out, MS has added an incomprehensible folder categorization feature, so anytime you open a folder it is completely random what view you will get and what properties will be displayed. I think the intent was to "guess" that you want thumbnail view and look at metadata like "tags" or "artist" because a folder contained some images, for example. It never works and is f***ing retarded. You can set a default view for all folders "of this type", whatever that means, but not for truly "all folders". For that you need to edit the registry. So long story short, my standard Windows UI modifications now include a registry edit to get my plain detail view back. I wonder if this is still necessary in Win7.
[/vista rant]