Slashdot Mirror
Why We Should Stop Hiding File-Name Extensions
An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users' ignorance about file-name extensions in order to wreak worldwide havoc, virus writers and hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less savvy users who will never do this. Additionally applications on even the latest versions of Apple's OSX operating system still require the user to 'opt in' to including a file-name extension during an initial save. In looking at some of the eccentricities of the modern user experience, this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
Yes, it's | sed s/\.[^\.]*$//
Ask me how the Heisenberg Principle may or may not have saved my life.
it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
Oh man, good one! You had me going until that line. Beautiful!
I just responded in another thread where actual programmers argued about whether or not it counts as "confusing" to split a delimited string without actually using the name "split" for the method that does the work.
And you want to try to get the average end user to understand the difference between ".XLS", ".XLSX", and ".XLSX.EXE"?
May as well swing for the fences, I suppose.
On Windows, extensions are meaningful to the operating system. It doesn't identify all files by magic numbers. Files are typed by their extensions. If the file is "fishhead.jpeg" then it is not a Win32 executable binary (barring flaws in the JPEG rendering system that lead to arbitrary execution).
You miss that it isn't like that in Windows either. A file named fishhead.jpeg can indeed be a a Win32 executable binary that gets executed by the OS as a binary if called without a named program to open it. That depends on what the end user and the programs he (spit) trusts have set the .jpeg extension to signify. It is only a recommendation. Windows provides defaults, but it is silly to presume that no program would ever be mean enough to change any of that on you.
You cannot trust the extensions any more than you can trust the "From:" address in an e-mail. Not in Windows either.
Looking at the name extension will tell you what the system will attempt to do with it by default. This can be very important to know.
I am using OSX right now. File extensions are not hidden.... But even where extensions are hidden, it is not at the same level of stupidity as hiding them on Windows. On Windows, the extension actually changes how the operating system interacts with the file
Just asking, never having used OSX, which I understand to be a Unix system, aren't filename extensions non-functional? ie they are merely part of a filename that happens to include a period near the end. In which case hiding the extension is hiding part of the filename - why TF would anyone do that? And why stop at hiding after the dot? They might as well hide everything after the first occurence of the letter "p" say, or after the first four characters, or the first eight (Oh wait! like FAT16).
It's a Finder preference. Press command comma. The first checkbox is "Show all filename extensions".
- Zav - Imagine a Beowulf cluster of insensitive clods...
Actually, the classic Mac OS just considered extensions as part of the file name, and used Type and Creator codes to associate a file with an application. When OS X came out, the Type and Creator codes were phased out, and now the extensions are used the same way as on Windows.
Ask me how the Heisenberg Principle may or may not have saved my life.
Except that MacOS X doesn't hide extensions when an attacker uses the double extension trick. So if you downloaded a file prettyimage.png.exe, even with "hide extensions turned on", MacOS X will display both extensions, while Windows (as far as I know) displays "prettyimage.png".
Just asking, never having used OSX, which I understand to be a Unix system, aren't filename extensions non-functional?
In Mac OS X you can associate an extension with an app. For instance, I have .pdf associate with Adobe Reader, so I can click on a PDF file, and it will pop open in Adobe Reader. These associations are under user control, so you can add, change or delete. But extensions don't change whether a file is executable like .exe, .com, or .bat do on Windows. You use chmod to do that, just like on any other Unix.
How would I know if it is a binary file vs. a script without looking into it.
type 'file /path/to/file'.
e.g:
/bin/bash
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=bla, stripped
user@host:~ $ file
or:
user@host:~ $ file a_script.rb
a_script.rb: a ruby1.9.1 script, ASCII text executable
Honestly, I think the original Mac OS did it better with four character file type and creators; meta-properties that the file can have.
This was a much superior solution in many ways. (If you're interested in a detailed exploration of why, read any of John Siracusa's in-depth OS X reviews on Ars Technica for his fierce and well developed defenses of the old method.)
Unfortunately, the downfall of this method came in sharing files across platforms. For much of the 1990s, Mac users would send files via FTP or e-mail which - lacking file extensions - were difficult for PC users to deal with when they received them. For example, my Word doc titled "Briefing" worked fine on my Mac but when I e-mailed it to a colleague using Windows, he would get a file that his PC didn't know what to do with. He would have to ask me what type of file it was (.doc? .pdf? .ppt?), and manually append the correct extension, yadda yadda.
Macs, as the minority in a nearly all-PC world (especially the business world) needed to create as few waves as possible and "get along" with the Windows standard. So, when designing OS X, Apple decided to deprecate file/creator types and go along with the inferior system that the rest of the desktop computing world was using.
"95% of all Slashdot