Slashdot Mirror
Windows 7 Users Warned Over Filename Security Risk
nandemoari writes "Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows.
The issue involves the way Windows Explorer displays filenames.
In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type.
The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe.'"
As the summary says, this is a "feature" from windows 98 onward. What the fuck does it have to do with windows 7? That they havent removed this stupid "feature" yet? Big surprise?
this is NOT news!
As a potential lottery winner, I totally support tax cuts for the wealthy
Here's my plea to Slashdotters - please stop talking about the average user unless you actually know something. Your nerd-based opinion on the stupidity of the rest of the human race is not a fact upon which security can be implemented.
From my point of view, there's nothing like a good Microsoft bashing, and this is nothing like a good Microsoft bashing. Can we get the editors to only publish Microsoft bashes that make a bit of sense?
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
and OS X has done it for ages...