Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software Windows

Windows 7 Users Warned Over Filename Security Risk 613

nandemoari writes "Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows. The issue involves the way Windows Explorer displays filenames. In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type. The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe.'"
This discussion has been archived. No new comments can be posted.

Windows 7 Users Warned Over Filename Security Risk

Comments Filter:
  • by Burkin ( 1534829 ) on Thursday May 07, 2009 @02:57PM (#27865685)
    How can this possibly be? I thought this was the most secure OS on the planet.
    • by Kadagan AU ( 638260 ) <kadaganNO@SPAMgmail.com> on Thursday May 07, 2009 @03:06PM (#27865901) Journal
      I see your sarcasm, but honestly this isn't as much of a security flaw in the OS as it is a "feature" in the OS that makes stupid users even stupider. A maliciously named file does nothing on its own, only when a user double-clicks it does it turn bad. Stupid users will break things on any OS.
      • Re: (Score:2, Insightful)

        by Foofoobar ( 318279 )

        but honestly this isn't as much of a security flaw in the OS as it is a "feature" in the OS that makes stupid users even stupider.

        Wow. What an amazing feature. Looks like the development team at Microsoft has been hard at work on the new OS as per usual.

      • Re:How can this be? (Score:5, Informative)

        by pugugly ( 152978 ) on Thursday May 07, 2009 @03:19PM (#27866123)

        This is something I have instantly turned off in every version of Windows so far. Thank god for nLite [nliteos.com] - you can create your install disk with all this bs turned off to start with!

        • Re:How can this be? (Score:5, Interesting)

          by cayenne8 ( 626475 ) on Thursday May 07, 2009 @04:20PM (#27867331) Homepage Journal
          I do the same thing.

          For the life of me, I've never understood why they turn off the extensions by default, and not only that,why do they keep burying the windows explorer further and further away? Don't people use that to find files? Start applications?

          Does no one still get into the tree structure to create their own folders to organize things?

          Or...do most people just put everything in My Documents?

          • by snowraver1 ( 1052510 ) on Thursday May 07, 2009 @04:24PM (#27867407)
            Does no one still get into the tree structure to create their own folders to organize things?

            Or...do most people just put everything in My Documents?


            You forgot option 3: Whereever the default save path is.or option 4: I save my important files in (recycle bin|temp folder|ram drive)
          • Re:How can this be? (Score:5, Interesting)

            by dave562 ( 969951 ) on Thursday May 07, 2009 @04:34PM (#27867549) Journal

            Windows Explorer is always in the same place no matter what version of Windows you are using. WindowsKey+E.

            Standard best practice is to put everything in My Documents. My Documents can be redirected to a network file share. The network file share can be backed up. As long as data is stored in My Documents, it is safe. That approach presents a problem when users want to store gigs of music or photos in there, but for a typical work place environment, it works great. It sure beats the old method of having to manually adjust file storage locations for each individual program.

          • why do they keep burying the windows explorer

            You can always hit "Windows Key + E" to get Windows Explorer. Ironically, for reasons that are simply a quirk in my brain, I mentally say "Apple+E" every time I hit those keys...
          • Re: (Score:3, Insightful)

            > For the life of me, I've never understood why they turn off the extensions by default

            The 'feature' was born, oh so many years ago, because some Windows Program Manager had Macintosh Envy. The Mac allowed you to have "Letter to Grandma", not "Letter to Grandma.doc". What this dork PM failed to recognize is that extensions, a very simple concept, is really quite useful, and easy to use. C'mon MS, turn them back on (by default) in Win7.
          • Re: (Score:3, Informative)

            by DavidD_CA ( 750156 )

            I'll assume that you're being sarcastic, but just in case you're not...

            No, normal users do not use Windows Explorer to open documents they're normally working on. They tend to go to the application that created the file (like Word or Access) and quickly get to it from that app's Recently Used Documents. And if it's not there, they use that app's File | Open, which only shows filetyes registered to that program.

            It's more effecient than the way you're suggesting.

            The only time Windows Explorer is commonly us

          • Re: (Score:3, Insightful)

            Or...do most people just put everything in My Documents?

            No. Most people just put everything on the desktop. And some actually put everything into Recycle Bin (yes, I've seen this IRL).

      • by Vexorian ( 959249 ) on Thursday May 07, 2009 @06:18PM (#27869479)

        It isn't exactly a 'feature' it is a design flaw. Specially because of the whole "double clicking something runs strange program" deal.

        By the way, the security problem is not that much with hiding the extensions (though it is certainly VERY annoying) The real issue comes with the fact that executable files can be anywhere and all that is needed to [a) display an icon determined by the executable and b) being executable by double click] is to just change the extension to .exe , that's rather bad for security.

        A similar misguidance was present in Linux, at least gnome and KDE desktops' support of the .desktop extension, if Linux had more users you can be sure that thing was going to have social engineered the heck of all people into installing rootkits in their systems. That's right, just like windows' .exe non-sense, just the .desktop file extension allowed you to have an icon that [ a)Had a bogus extension/name. b) Had a custom icon, in fact it was easier to use the system's icon for folder or doc file. and c) launched a script with double click. ] I personally was happily surprised to see that after my Jaunty Jackalope update, these .desktop monstrousities finally need an executable permission to work.

        For people noticing how lame these things are in both windows and Linux, I am tagging the story as "suddenoutbreakofcommonsense".

    • by David Gerard ( 12369 ) <{ku.oc.draregdivad} {ta} {todhsals}> on Thursday May 07, 2009 @03:25PM (#27866241) Homepage
      Bah. Vista is far superior [facebook.com]. Windows 7 is for Mac-wannabes who want to "do" things with their computer, not just admire its AWESOME MIGHT as your CPU fan starts lifting your house into the air.
    • by goombah99 ( 560566 ) on Thursday May 07, 2009 @03:29PM (#27866369)

      How can this possibly be?

      Your question actually has a face value in excess of it's sarcasm content. How did we get here?

      I'm stating common knowledge but it's worth reflection since it paints a large picture. In the begining there was the file and the file was just a marked off stretch of physically contiguous bytes on a tape or drum. it had no internal structure. Have a directory that associated names with files regions was something you had to implement yourself. The filesystems formalized this to having names, hierarchies, and even non-contiguous allocation tables for blocks.

      Since that time every new file system has tried to codify the notion of metadata. And in this land of babble, the only common durable hiding place for meta data has turned out to be the filename itself.

      Look at HFS for example as a valiant effort in defining meta data like "kind" and "creator", and defining different kinds of forks some of which had uniform storage protocols for resource, so that programs other than the creator could inspect and edit them. And boy what a snarl that has perpertually been. While these still exist, apple has punted and gone to just using file structures and a specially named file (plists) to hold meta data in a quasi XML format.

      And so here we are 30 years later and were still putting suffixes on our files just like back in the days of DEC and Prime and even before.

      And think about perhaps the biggest failure of the Longhorn Debacle. The promise of a revolutionary new filesystem that put meta data and it's inspection first. An entirely relational storage system underneath that only mimmiced the hierachical system for legacy purposes.

      Deleted from Longhorn, promised again for vista, and then gone. Promised for windows 7 then gone.

      It's bizzare. Everyone knows what the problem is. HFS was much maligned precisely because it was more complex than suffixes but it's what we really needed back in 1984. and all the others all made so much sense too.

      Why are suffixes so enduring? How can this be?

      • by colourmyeyes ( 1028804 ) on Thursday May 07, 2009 @03:39PM (#27866589)

        Why are suffixes so enduring?

        Because the human using the computer wants a quick way to determine what the file most likely contains.

        • Re: (Score:3, Interesting)

          by goombah99 ( 560566 )

          Well yes. But how hard would it be to have a colum in the either the gui or the command line file list that provided that info right beside the file name. indeed that's what OS9 and all it's predecessors did. Even posix will show you the privledge masks in the listings. And if you wanted a more compact "ls" format then have one called "lse" that faked the file extensions back on to the names from the creator meta data.

          it's not hard or even incompatible with how the user views the files right now. It's

          • by coolsnowmen ( 695297 ) on Thursday May 07, 2009 @03:59PM (#27866929)

            my "file" command seems to do a pretty good job. So there are some standards even if they are just because of common practices of using a so-called "magic number" in the file data itself.

          • Re: (Score:3, Insightful)

            You're right about implementation with respect to my "human-readable" comment - in practice it wouldn't be much different if there were a standard and ls could tell me the file type as well (kind of an integration of file and ls... which wouldn't be hard to hack together just to see what it would look like, but I digress).

            But I still think there are situations in which there is no way to get that info - e.g. a list of links on a page, each to a file of a different type. If it says http://example.com/file. [example.com]
            • by andi75 ( 84413 ) on Thursday May 07, 2009 @04:33PM (#27867521) Homepage

              > Metadata sufficient to render file extensions obsolete would leave us with http://example.com/file [example.com], with no way to tell what it contains.

              That's where MIME types come in to save you. While it is true that from the URL you can't tell the contents, the moment you do a "GET /file" the server will tell you the mime type (e.g. application/msword), and you can save that information in the file's meta data on your local filesystem (e.g. save it as file.doc).

          • Re: (Score:3, Insightful)

            by vux984 ( 928602 )

            Well yes. But how hard would it be to have a colum in the either the gui or the command line file list that provided that info right beside the file name. indeed that's what OS9 and all it's predecessors did.

            That's great if you only look at files in detail view. In the file explorer.

            Sorry, but in the real world, files are all over the place. I've got a bunch of them sitting as icons on my desktop. There's another one as an attachment to an email I've got up on the screen. And links to download a few more on

        • Re: (Score:3, Insightful)

          by clone53421 ( 1310749 )

          And changing it. You have any idea how many files are plain text, if you actually want to look at them?

          Let's see... txt bat cmd htm(l) hta js vbs url scf php asp ...well, you get the picture.

      • Re: (Score:3, Funny)

        by mrbene ( 1380531 )

        Why are suffixes so enduring? How can this be?

        Because they always end up being the default. Because they have the final say / last word. Because they are enduring.

        OK, prolly could come up with more, but I don't think it's really worth it.

      • Re: (Score:3, Insightful)

        by TrixX ( 187353 )
        To solve this security issue (malicious execution), you don't need separate forks, complex metadata, or anything like that. You just need a single bit of metadata, telling you if the file is executable or not. In other words (Henry Spencer's, not mine): Those who do not understand UNIX, are comdemned to reinvent it, poorly. With that metadata, the worst that somebody can do is name a file foo.txt.jpg to trick you into opening an image making you think it's a text file, but nothing that makes a security ri
    • by Qzukk ( 229616 ) on Thursday May 07, 2009 @04:30PM (#27867501) Journal

      How can this be?

      It is the Kwisatz Haderach?

  • umask 224 (Score:5, Funny)

    by ArsonSmith ( 13997 ) on Thursday May 07, 2009 @02:57PM (#27865701) Journal

    it shouldn't be made executable by the default umask though, so when you go to click on it it'll just try to associate an application with the .exe extension.

    • Re: (Score:3, Insightful)

      by tilandal ( 1004811 )

      Less clutter? How about showing file information in a list by default instead of as 1000 little icons without any useful information? Really, who in the world though that was a good way to display file information?

  • Bah (Score:5, Funny)

    by MyLongNickName ( 822545 ) on Thursday May 07, 2009 @02:58PM (#27865713) Journal

    This is a non-issue. With all of the vulnerabilities in applications that think they are a programming interface (like Acrobat), EXE's might actually be safer to open.

  • by EvilBudMan ( 588716 ) on Thursday May 07, 2009 @02:58PM (#27865719) Journal

    or any of the others that make you jump through hoops to get at something.

    1. Partial menus (Office)
    2. The Search Dog (Windows XP)
    3. I don't what else but the way they have features turned off and on makes no sense at all.

    The I'm done sig.

  • Maybe I read this somewhere else, as I can't find it on here.

    Anyway this is just some prick trying to get a bunch of publicity over something stupid.

    You want a solution? How about this: Windows should only hide file extensions for files that don't use custom icons. IOW, a .doc would show up as a Word document (by icon), so it doens't need the .doc. But if you change the icon of your .exe file to be the word doc icon, then the .exe still shows up.

    Now, I'll go make a quick patch and submit the .diff... o

    • by tepples ( 727027 ) <.tepples. .at. .gmail.com.> on Thursday May 07, 2009 @03:07PM (#27865909) Homepage Journal

      Now, I'll go make a quick patch and submit the .diff

      I wonder if ReactOS, the project to make a free Windows XP clone, might take it.

    • by Hatta ( 162192 ) on Thursday May 07, 2009 @03:26PM (#27866265) Journal

      You want a solution? How about this: Windows should only hide file extensions for files that don't use custom icons

      How about we never hide the extension for any reason? If you're worried about clutter, and redundant information on screen, ditch the icons. The extension is all of 3 bytes, and it's far, far easier to read 3 letters than it is to squint at the icon and guess what it's supposed to be.

    • You want a solution? How about this: Windows should only hide file extensions for files that don't use custom icons. IOW, a .doc would show up as a Word document (by icon), so it doens't need the .doc. But if you change the icon of your .exe file to be the word doc icon, then the .exe still shows up.

      Why not just have the OS make anything that has the extension of *.exe to display no matter what?

      That way, docs and pdfs won't show extensions but no matter what icon is being used and no matter the name, the ex

  • Gah, these things never die, do they. You'd think the only people falling for this old trap are senior-citizens and six-year-olds.

    Today I had to explain to my father that he didn't need to reinstall flash just because some website said so. One of those video sites had simply changed media-servers and since it wasn't on the whitelist the vids began suddenly getting blocked by noscript again.

    So I glad I was young when computers were new ._. and old before they got really dangerous (in virus terms).

    • Today I had to explain to my father that he didn't need to reinstall flash just because some website said so. One of those video sites had simply changed media-servers and since it wasn't on the whitelist the vids began suddenly getting blocked by noscript again.

      But that is mostly a flaw in noscript (which, judging from your post, you installed on your father's machine) rather then the site or any viruses.

      So I glad I was young when computers were new ._. and old before they got really dangerous (in virus terms).

      Really most viruses actually aren't dangerous now. Most try to sell you something via adware or other malware. On the other hand, most viruses before that became popular decided to wreck havoc on Windows (or DOS) by changing registry values, clobbering partion tables, wiping hard disks, infecting floppies, etc. Today, viruses are merely annoyances unless by ch

      • Re: (Score:3, Insightful)

        Plus both have lower total cost of ownership.

        [citation needed]
        Seriously. It's not like I paid for my A/V software. It's not like I run scans when I'm using the system, so my work isn't being slowed.

        Then, vs. just OSX, the hardware's cheaper, you can upgrade it and futureproof it, so you don't need to buy an entirely new $1.5k machine, and software's same price or cheaper, with more options. And as for security, may I point you to the Mac-only botnet that was recently discovered due to pirated copies of iLife, or iWork, or whatever it was? Stupid peopl

  • by lukas84 ( 912874 ) on Thursday May 07, 2009 @03:01PM (#27865767) Homepage

    Most people wouldn't change their behaviour even if the did see the file extension.

    Email programs such as Outlook block .exe attachments, and Executables downloaded using IE display a stern warning before execution.

    Changing this wouldn't have helped anyone.

    And associating this with Windows 7 is mostly FUD, jumping on the bandwagon just because you don't like it.

    • Hey, here's an idea. WHY not have the file contain the meta data needed for it, within it, and not use Extensions to decide what runs, what is a doc, and what opens a particular file? That way, I can have one JPG file that opens in GIMP, and another that opens in Firefox?

      I know, I know, that is too complicated for the user to figure out, and extensions (which are hidden) are SO much easier to figure out.

      • Re: (Score:2, Insightful)

        by lukas84 ( 912874 )

        The metadata-thing is what Apple did and it has the same security issues - there's no way to tell from the icon or filename if something is an application or a document.

        Think of the file-extension as filename embedded meta-data, and it starts to make more sense.

      • Re: (Score:3, Insightful)

        by clone53421 ( 1310749 )

        Because an extension is far easier to change when I actually want to change it than the meta-data would be.

        There are already the "Open with" and "Send to" options if you want a choice of applications to open the file with.

      • That way, I can have one JPG file that opens in GIMP, and another that opens in Firefox?

        I know, I know, that is too complicated for the user to figure out, and extensions (which are hidden) are SO much easier to figure out.

        No, the issue is the massive time sink in needing to tell the OS what to open the file with on each "first-run." I rip a CD, that's 14 times telling it to, yes, open with VLC. Even batch processing would slow it down, since the OS would need to tag each file, then double-check each one if you ever tried to open them individually. And then what happens if you run, say, WMP, and it opens the files? Does it retag them to open in WMP? If it doesn't, are you going to have issues trying to run an auto-play list,

  • Um (Score:5, Insightful)

    by Man On Pink Corner ( 1089867 ) on Thursday May 07, 2009 @03:02PM (#27865795)

    Welcome to Windows 95?!

    Filename extensions have been hidden by default for many years now, in all shipping versions of Windows. And they've been making it easy for malware authors to fool users for just as long.

    It was an insanely stupid policy on MS's part, and it borders on negligence that they're still doing it.

  • by nine-times ( 778537 ) <nine.times@gmail.com> on Thursday May 07, 2009 @03:03PM (#27865815) Homepage

    OSX hides extensions, too, and what's arguably worse, OSX allows you to arbitrarily replace the icon of any file, thereby allowing you to disguise files more easily. Don't some Linux DEs do the same thing?

    It's sort of unfortunate that we rely on filename extensions to identify file type at all. Users have a tendency to accidentally remove extensions when they're renaming if you don't hide them. But then if you hide them, then users are missing the single most important cue as to what file-type a file is.

    • How to rename files (Score:4, Interesting)

      by tepples ( 727027 ) <.tepples. .at. .gmail.com.> on Thursday May 07, 2009 @03:19PM (#27866131) Homepage Journal

      Users have a tendency to accidentally remove extensions when they're renaming if you don't hide them.

      That's why a good file manager, like the version of Nautilus that comes with Ubuntu Hardy, selects everything before the extension when the user chooses "Rename".

    • Re: (Score:3, Interesting)

      by clone53421 ( 1310749 )

      True. Ideally, the extension would be visible, but would not be changed unless the user deliberately intended to.

      For instance: When renaming, the extension would not be highlighted by default. Deliberate selection with the mouse would permit the extension to be highlighted. Ctrl-A would initially highlight only the filename; to select both filename and extension, you would need to press Ctrl-A twice.

    • Yeah. It's almost like we should move towards some type of hidden metadata that indicates what a file's type is, and maybe another one indicating what application created it. That way, a user could change the filename as much as they want, but the file will still retain the key information that identifies what it really is (which lets other programs open it), as well as what program initially created it (so that program will launch when the document is opened or double-clicked). Probably too advanced for mo
      • I don't know if you're being sarcastic or something, but that's what the old MacOS used to do. Of course, it became a problem because, if you transfered the files to some other filesystem, you could lose that metadata. With OSX, Apple switched over to using extensions in order to have greater compatibility.

        It doesn't completely solve the problem, though. It was still possible to change the icon of programs and documents, and I don't know of anything that prevented people from disguising a program as a d

    • by StikyPad ( 445176 ) on Thursday May 07, 2009 @03:23PM (#27866193) Homepage

      Vista (and 7) decrease the likelihood of accidental file extension deletion by highlighting only the filename (sans extension) when renaming files through explorer. Personally, I'm usually renaming the extension, or adding ".old".

    • Don't some Linux DEs do the same thing?

      Hiding extensions in Linux is rather pointless because Linux doesn't use the extension to decide what kind of file it is. (It does, granted, use it to decide the default application to use with it, but that's easy to override.) As an example, shell scripts don't need to end in .sh, they just need to have the executable flag set.

  • I am a Microsoft Hater.

    Having said that, Win7 is *not* yet a release, so I do not think that they can be blamed for this with regards to Windows 7.

    That this was apparently a real problem on every OS they have released in the last 11 years, on the other hand, is blameworthy.

  • by FudRucker ( 866063 ) on Thursday May 07, 2009 @03:04PM (#27865859)
    many years ago when i was using win98 i would always set folder options to NOT hide file extensions and it still hides that second extension, i had what looked like an ordinary bitmap file file_name.bmp but i clicked on it to open it and bam! its true colors show up and it disappears completely even with show all files enabled (file_name.bmp.js) shows for a second and its gone, so i fdisk windows off and reinstall since anti-virus did not find anything and that looked too fishy to be innocent, that taught me no not click on a file to open it, always open a graphics editor/viewer and use file > open to open them then if something is wrong the graphics app will complain if something is wrong with the file.
  • At least it'll take the really dumb Windows users out of the loop for a while so the rest of us don't look so bad.
  • by clone53421 ( 1310749 ) on Thursday May 07, 2009 @03:11PM (#27865997) Journal

    Do we really think that it's going to make a difference to Joe Schmoe? If it has a Word document icon, our hapless friend is going to be duped regardless of whether it ends in ".doc" or ".doc.exe".

    May I remind you that, with file extensions hidden by default, ONE SHOULD NEVER SEE A FILE ENTITLED "partyinvite.doc", because that extension should be hidden. The fact that it isn't hidden is already a glaring red flag — which Joe Schmoe is obviously oblivious to.

    I turn extensions on by default, but I really don't think that would help Mr. Clueless. Somebody needs to sit him down and explain to him what's going on, and nothing is going to save him from the trouble of paying the proper attention to the files he opens.

    • by taustin ( 171655 ) on Thursday May 07, 2009 @03:17PM (#27866079) Homepage Journal

      ONE SHOULD NEVER SEE A FILE ENTITLED "partyinvite.doc",

      That is true. However, an .exe can have it's own icon embedded in the file, so one could name it partyinvite.exe and give it the icon from a Word doc, and Joe Schmoe would have no clue. In fact, a lot of people would miss that.

      • True enough. Even so... if that was going to make a huge difference in the number of people who were duped, malware authors would have surely figured this out and you'd see it happening more often.

  • by line-bundle ( 235965 ) on Thursday May 07, 2009 @03:16PM (#27866073) Homepage Journal

    The filename should not contain any metadata. The date is not included in the filename, so why is the filetype in there?

    • by thomasdn ( 800430 ) on Thursday May 07, 2009 @03:53PM (#27866825) Homepage Journal

      The filename should not contain any metadata. The date is not included in the filename, so why is the filetype in there?

      No metadata in the filename? But isn't the filename metadata in itself? By giving the file a name -- a description of the content -- I provide some metadata that lets me know what the file contains. I don't think it is all that stupid to have a convention for file naming.

    • Re: (Score:3, Insightful)

      by BikeHelmet ( 1437881 )

      Perhaps for speed?

      I'd like to see files without an extension auto-resolved to whatever they were - but I do find extensions handy.

      On Windows I can open a folder with say... 200 ~350MB files, and they show up instantly - but on Linux (with its wonderful libmagic), it takes dozens of seconds.

      I feel it should go like this:

      1) No extension -> Resolve extension
      2) Extension -> Check if file compatible with programs registered to handle that file type

      Extensions are handy for searching, too. The more specific

  • If less clutter was the design goal, MS could have started somewhere else. Like the explorer toolbar (just leave the up, back, and forward buttons thank you), the "Go" button beside the address bar, the big explorer sidebar with the many superfluous items, the cluttered search side bar, the pointless icon view, i could go on. They could probably even drop the whole Start menu paradigm and move to right-click on desktop to display the start menu contents, leaving the whole taskbar for application tabs.

  • I never did understand why this fuss wasn't made when it was still such an idiot default setting in XP.... and then AGAIN in vista. I was utterly flummoxed it was still so in win7. I'm sure they have the 'well we've got security right now so it doesn't matter' attitude but they're still wrong.
  • Similar with OS X (Score:4, Informative)

    by Charles Dodgeson ( 248492 ) * <jeffrey@goldmark.org> on Thursday May 07, 2009 @03:20PM (#27866139) Homepage Journal

    As an Apple fan-boy, I am chagrined to have to point out that there is an analogue of this problem on OS X. Meta information about a file will contain information about its "Creator" (which is often used to determine what application it should be opened with) and also the file Icon.

    This allows for a file to have, say a plain text icon but open as something else altogether. Apple has taken some mitigating steps (warnings before executing downloaded files for the first time), but has not changed the underlying problem which stems from concealing information from the user.

  • On every windows system I've configured, one of my first tasks is to change the file exlporer to show extensions and a detailed list view.
    I've always found extensions much easier to use than an icons, and a list view with size/dates much easier than a page of freaking big icons.
    I assume most /.ers would be the same, but what do you find your users prefer?

  • BULLSHIT FUD (Score:3, Informative)

    by sexconker ( 1179573 ) on Thursday May 07, 2009 @03:31PM (#27866437)

    Run virus.exe in XP (SP2), Vista, or (I presume) 7.

    What's that box? A security warning about unsigned code?

    Rename the file to virus.txt.exe and try again.
    What's that box? A security warning about unsigned code?

    Fuck off insecurity experts.

  • Spouting off about "moot" this and "moot" that.

  • The MacOS X approach (Score:5, Informative)

    by Midnight Thunder ( 17205 ) on Thursday May 07, 2009 @04:30PM (#27867495) Homepage Journal

    Upon reading this, I wondered whether MacOS X suffered the same issue, so I decided to test. I disabled the showing of all extensions (Finder preferences), duplicated Text Edit, so it appeared as "TextEdit 2" and then edited the visible name to "TextEdit 2.doc". The result was displaying itself as "TextEdit 2.doc.app". For other file types, such as a PDF doing the same thing results in being asked if you are sure you want to change the filename extension, though renaming from the Terminal a PDF from "toto.pdf" to "toto.doc.pdf" resulted in the same visual behaviour as the one observed for the application. Its an interesting solution to the problem, since basically if the file has multiple extensions they are all shown.

    The issue described in the post has already caused me issues in the past on Windows XP, on a developer's machine, where extensions were not shown by default. Imagine an Apache conf folder that contains:
        http.conf
        http.conf.bak
    The first one appears as 'http' and the second one as 'httpd.conf'. I didn't hit me straight away that the wrong file was being edited.

    Does anyone know how Linux handles this in the various GUI file managers?

  • by Datamonstar ( 845886 ) on Thursday May 07, 2009 @05:06PM (#27868087)
    How is knowing what kind of file is going into your computer redundant?

    What kind of gas is that you're putting in your car? 92? 87? LEADED? It's redundant!

    What kind of batteries are you putting into that device? 9 volt? AA? It's redundant!

    There's no way a user would actually want to know want they're clicking on, right Microsoft?
  • Reminds me of... (Score:3, Informative)

    by Temujin_12 ( 832986 ) on Thursday May 07, 2009 @05:11PM (#27868179)

    ...another Windows bug I ran into the other day with how the IE engine deals with URLs.

    Given the following URL (with the server properly responding with mime-type of octet-stream and an otherwise proper response):
    http://www.somedomain.com/url/path/to/file.exe?query=string [somedomain.com]
     
    ... IE decides that since it doesn't know what a ".exe?query=string" extension is, so it strips the "extension off" and tries to connect to:
    http://www.somedomain.com/url/path/to/file [somedomain.com]
     
    ... which (in my case) doesn't exist.

    This is another example of why injecting proprietary meaning, which often contradicts with more fundamental established protocols, into processes/protocols is problematic.

  • PIF files (Score:5, Informative)

    by Repton ( 60818 ) on Thursday May 07, 2009 @05:51PM (#27869017) Homepage

    F-Secure points out [f-secure.com] that .PIF files will have their extension hidden even if you change the display option.

    Q: Will that make all file extensions visible?
    A: Well, no. There are executable extensions that will STILL be hidden even if you turn the option off.

    Q: What?
    A: For example PIF. This file type was meant to be a shortcut to old MS-DOS programs. Problem is, you can rename any modern Windows Executable to .PIF and it will happily run when double-clicked.

    Q: How do you I make PIF files visible then?
    A: Via a registry key called "NeverShowExt". We'd link you to an article in the Microsoft Knowledgebase... except we couldn't find any. But here's a Web page on the topic [geocities.com], from GeoCities, made by some hobbyist a couple of years ago. Maybe it's the best source of information on the topic.

  • Sigh... (Score:4, Insightful)

    This has got to be one of the dumber anti-Windows trolls presented as news I've seen in a while. An evil hacker could also put a post-it note on an idiot's computer telling them to type "FORMAT C:" at a command prompt. People too dumb to recognize icons or use AV software just shouldn't be using computers.

    That all said, I've always thought that extension hiding default was one of the more annoying things I have to kill every time I install Windoze. Seems like Redmond just keeps dumbing down the interface, forcing me to work harder at getting the details I need.

Genius is ten percent inspiration and fifty percent capital gains.

Working...