Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why We Should Stop Hiding File-Name Extensions

Posted by timothy on from the text-rules dept.

An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users' ignorance about file-name extensions in order to wreak worldwide havoc, virus writers and hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less savvy users who will never do this. Additionally applications on even the latest versions of Apple's OSX operating system still require the user to 'opt in' to including a file-name extension during an initial save. In looking at some of the eccentricities of the modern user experience, this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.

3 of 564 comments (clear)

  1. Re:Good operating systems Dont. by swimboy · · Score: 5, Informative

    Yes, it's | sed s/\.[^\.]*$//

    --
    Ask me how the Heisenberg Principle may or may not have saved my life.
  2. Re:Missing the problem by a mile by Chris+Mattern · · Score: 5, Informative

    Looking at the name extension will tell you absolutely nothing.

    Looking at the name extension will tell you what the system will attempt to do with it by default. This can be very important to know.

  3. Re:Good operating systems Dont. by gnasher719 · · Score: 5, Informative

    Except that MacOS X doesn't hide extensions when an attacker uses the double extension trick. So if you downloaded a file prettyimage.png.exe, even with "hide extensions turned on", MacOS X will display both extensions, while Windows (as far as I know) displays "prettyimage.png".