May 07 2009

Overblown security panic about file extensions

Published by at 20:53 under Information

Some of you may have encountered a few recent articles bloviating about how Microsoft has failed to plug a security hole in Windows 7 and that — horrors! — the vulnerability has been around since Windows NT hit the streets back in the 90’s.

Short version: It’s bugle oil. They’re talking about the way Windows handles the display of something called file extensions. This was always a fairly minor issue and, for the past several years, has been a non-issue.

Read on for details, if you wish…

A file name has two parts: the name of the file and its extension. Think of an extension as the part of the name that identifies the file’s type. For example, suppose you create a Word document named “Newsletter”. The actual name of the file on disk is “Newsletter.doc” (or maybe “Newsletter.docx” if you’re using Word 2007). The “.doc” (or “.docx”) part is the file’s extension. It tells Windows that the file is a Word document and that it should be opened with Microsoft Word and not some other program.

Unless you tell it not to, Windows hides the extensions for all recognized file types. So, if you look in your documents folder, you will see your Word document listed as “Newsletter”, not “Newsletter.doc”. Windows is trying to be “helpful,” here. The idea is that, if you saved your document as “Newsletter”, it is less confusing if it simply shows up as “Newsletter” on disk.

Problem is, scammers sometimes take advantage of this extension-hiding feature to make infected email attachments look harmless — sort of. For instance, they might create an infected email attachment named “bargains.txt.exe”. The “.exe” part means that it is a program but, if Windows is hiding extensions, the name will appear as “bargains.txt”. Some folks might open the attachment, thinking it is a harmless text file.

First off, the double extension trick was never that effective and, for that reason, is hardly used anymore.

Also, Windows effectively plugged that hole several years ago. Beginning with Windows XP Service Pack 2, attempting to launch any program downloaded from an external source triggers a warning that looks something like this:

Open File - Security Warning

Getting a warning like that when you thought you were opening a text file is a pretty strong clue that something is amiss.

Finally, if you have any sort of reasonably competent, up to date antivirus program running, it will probably zap the offending file before you even get a chance to look at it. A good antivirus program isn’t guaranteed to catch everything, but a miss is pretty rare unless you encounter a very recent (as in a few hours old), cleverly written piece of malware.

So, you can shoot yourself in the foot by opening an infected email attachment, but you have to work at it. Whether or not you are hidingĀ  file extensions has very little impact on your risk level.

All that being said, I still prefer to be able to see complete file names, including extensions. It’s one of the first tweaks I make to Windows when I’m setting up a new system. If you wish to disable extension hiding, there’s an article in the WhertRA web log that tells you how to do it.

No responses yet

Trackback URI | Comments RSS

Leave a Reply