Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 7 Users Warned Over Filename Security Risk

Posted by timothy on from the death's-too-good-for-some-people dept.

nandemoari writes "Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows. The issue involves the way Windows Explorer displays filenames. In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type. The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe.'"

10 of 613 comments (clear)

  1. How can this be? by Burkin · · Score: 5, Funny

    How can this possibly be? I thought this was the most secure OS on the planet.

    1. Re:How can this be? by David+Gerard · · Score: 5, Funny

      Bah. Vista is far superior. Windows 7 is for Mac-wannabes who want to "do" things with their computer, not just admire its AWESOME MIGHT as your CPU fan starts lifting your house into the air.

      --
      http://rocknerd.co.uk
    2. Re:How can this be? by Qzukk · · Score: 3, Funny

      How can this be?

      It is the Kwisatz Haderach?

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    3. Re:How can this be? by commodore64_love · · Score: 5, Funny

      VISTA is a monument to everything that makes us the country we are!

      Fat, slow, and obsessed with superficialities like pretty shiny colors?

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  2. umask 224 by ArsonSmith · · Score: 5, Funny

    it shouldn't be made executable by the default umask though, so when you go to click on it it'll just try to associate an application with the .exe extension.

    --
    Paying taxes to buy civilization is like paying a hooker to buy love.
  3. Bah by MyLongNickName · · Score: 5, Funny

    This is a non-issue. With all of the vulnerabilities in applications that think they are a programming interface (like Acrobat), EXE's might actually be safer to open.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  4. Re:I never did like that feature by TheBig1 · · Score: 4, Funny

    I don't what else ... makes no sense at all.

    Ahh.... Irony at its best... ;-)

  5. Re:How can this be? sufixication by mrbene · · Score: 2, Funny

    Why are suffixes so enduring? How can this be?

    Because they always end up being the default. Because they have the final say / last word. Because they are enduring.

    OK, prolly could come up with more, but I don't think it's really worth it.

  6. semi ot: handy shortcut by NotQuiteReal · · Score: 2, Funny

    why do they keep burying the windows explorer

    You can always hit "Windows Key + E" to get Windows Explorer. Ironically, for reasons that are simply a quirk in my brain, I mentally say "Apple+E" every time I hit those keys...

    --
    This issue is a bit more complicated than you think.
  7. LOL Redundant info by Datamonstar · · Score: 2, Funny

    How is knowing what kind of file is going into your computer redundant?

    What kind of gas is that you're putting in your car? 92? 87? LEADED? It's redundant!

    What kind of batteries are you putting into that device? 9 volt? AA? It's redundant!

    There's no way a user would actually want to know want they're clicking on, right Microsoft?

    --
    The eternal struggle of good vs. evil begins within one's self.