Why We Should Stop Hiding File-Name Extensions

An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users' ignorance about file-name extensions in order to wreak worldwide havoc, virus writers and hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less savvy users who will never do this. Additionally applications on even the latest versions of Apple's OSX operating system still require the user to 'opt in' to including a file-name extension during an initial save. In looking at some of the eccentricities of the modern user experience, this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.

Good operating systems Dont.

The crap ones like Windows and OSX, they hide it because they assume the user is a drooling moron.

And most of the time they are right.

Re:Good operating systems Dont.

[Gerald]

I can't get OS X to hide extensions on my machine. Is there a special flag you have to pass to ls?

Re:Good operating systems Dont.

[swimboy]

Yes, it's | sed s/\.[^\.]*$//

Re:Good operating systems Dont.

[ShanghaiBill]

The crap ones like Windows and OSX, they hide it

I am using OSX right now. File extensions are not hidden. There are some dialogs that optionally hide them, usually when only one extension is possible, such as .pdf in Adobe Reader, but in general, they are not hidden. But even where extensions are hidden, it is not at the same level of stupidity as hiding them on Windows. On Windows, the extension actually changes how the operating system interacts with the file, such as whether it is executable. So Microsoft uses the extension to convey very important information, and then hides that information from users.

Re:Good operating systems Dont.

[nukenerd]

I am using OSX right now. File extensions are not hidden.... But even where extensions are hidden, it is not at the same level of stupidity as hiding them on Windows. On Windows, the extension actually changes how the operating system interacts with the file

Just asking, never having used OSX, which I understand to be a Unix system, aren't filename extensions non-functional? ie they are merely part of a filename that happens to include a period near the end. In which case hiding the extension is hiding part of the filename - why TF would anyone do that? And why stop at hiding after the dot? They might as well hide everything after the first occurence of the letter "p" say, or after the first four characters, or the first eight (Oh wait! like FAT16).

Re:Good operating systems Dont.

[azav]

It's a Finder preference. Press command comma. The first checkbox is "Show all filename extensions".

Re:Good operating systems Dont.

[gnasher719]

Except that MacOS X doesn't hide extensions when an attacker uses the double extension trick. So if you downloaded a file prettyimage.png.exe, even with "hide extensions turned on", MacOS X will display both extensions, while Windows (as far as I know) displays "prettyimage.png".

Re:Good operating systems Dont.

[ShanghaiBill]

Just asking, never having used OSX, which I understand to be a Unix system, aren't filename extensions non-functional?

In Mac OS X you can associate an extension with an app. For instance, I have .pdf associate with Adobe Reader, so I can click on a PDF file, and it will pop open in Adobe Reader. These associations are under user control, so you can add, change or delete. But extensions don't change whether a file is executable like .exe, .com, or .bat do on Windows. You use chmod to do that, just like on any other Unix.

Re:Good operating systems Dont.

[BronsCon]

You also never actually know whether that image (or at least, the file you *think* is an image) is actually an image. Using the file extension hints to you that it is an image and tells the system to treat it as one, so you don't end up with a file that looks like an image, but actually formats your hard drive. If your file has the wrong extension, you change it in Finder or on the command line, just as you would change it in Explorer or on the command line in Windows. As an added bonus, there is no executable file extension; it's a permission that gets set, and the file extension still takes precedence. That is, if you set notanimage.jpg to be executable, then try an open it in Finder, it'll open it in your image viewer, ignoring the execute bit entirely; only when you remove the extension does it actually attempt to execute.

The way OSX does it is correct, IMO. And 4 years ago I never thought I'd be saying that.

Re:Good operating systems Dont.

[schnell]

Honestly, I think the original Mac OS did it better with four character file type and creators; meta-properties that the file can have.

This was a much superior solution in many ways. (If you're interested in a detailed exploration of why, read any of John Siracusa's in-depth OS X reviews on Ars Technica for his fierce and well developed defenses of the old method.)

Unfortunately, the downfall of this method came in sharing files across platforms. For much of the 1990s, Mac users would send files via FTP or e-mail which - lacking file extensions - were difficult for PC users to deal with when they received them. For example, my Word doc titled "Briefing" worked fine on my Mac but when I e-mailed it to a colleague using Windows, he would get a file that his PC didn't know what to do with. He would have to ask me what type of file it was (.doc? .pdf? .ppt?), and manually append the correct extension, yadda yadda.

Macs, as the minority in a nearly all-PC world (especially the business world) needed to create as few waves as possible and "get along" with the Windows standard. So, when designing OS X, Apple decided to deprecate file/creator types and go along with the inferior system that the rest of the desktop computing world was using.

Yes, I agree

[GargamelSpaceman]

The first thing I do on windows is change the settings to show tilename extensions. Much of the confusion I see in others can be directly traced to the fact that they don't know what their files are.

Stop being afraid to make someone learn something useful to use a computer.

That being said, don't make people learn useless things. Design a powerful set of useful things to learn each of which is valuable and worth learning and remembering and then reward people for learning them by maintaining their usefulness

Making things overly simple robs users of the power to make things simple for themselves, and ends upt complicating their interaction with the computer.

Re:Yes, I agree

"The first thing I do on windows is change the settings to show filename extension"

Hear hear! Hide the extensions is one of the stupidest things Microsoft has ever done and it is a huge disservice to the end user.

The condescending My Docs, My Music, et al should also go.

Re:Yes, I agree

[QilessQi]

This. I've seeing users create directories where they save the same file in different formats for different purposes, and the only thing different is the extension. If you can't see the extension, it looks like you've got multiple files named "foo" where only the icons differ.

Re:Yes, I agree

[gstoddart]

I just went through setting up a new Windows 8.1 machine.

And the sheer quantity of places where Microsoft has more or less gone out of their way to hide basic stuff about your computer, and make it as difficult to find as possible -- well, that is kind of mind boggling (and very frustrating).

And when they do make it available to you, they couch it in a "well, everything hereafter is your fault".

Essentially, in my opinion, Microsoft has tried to dumb down the system so far that when you try to do anything it is almost useless, and if you need to see more information it just throws up its hands and says "fuck it, not my problem".

So, maybe instead of trying to write a crappy, useless system for the users who will be scared to know they're looking at a text file or an exe ... Microsoft should try to write something which isn't crap, isn't still predicated on using that crap autorun to ensure every possible source of malware is ran without being prompted, and from the get go tells users "this is a computer, we're not hiding this from you".

It boggles my mind even at work on a Windows server, when my account is an admin and I'm doing admin tasks how Microsoft goes out of their way to hide the actual functionality. And when they don't their "helpful" error messages are garbage ... like "something bad happened, contact your administrator". Tell you what, I'm the fucking administrator, why don't you tell me an actual error message instead of assuming I'm a child?

It seems like the more Microsoft tries to dumb things down for their users, the worse they actually make their software. Because it actively tries to be sure you can't see what you know, and simply can't (or won't) tell you what happened when it should.

Microsoft is way too focused on pointless eye candy (like the Metro interface on my desktop I had to remove), and dumbing down the user experience ... and seems to utterly fail to make it possible for someone who actually has some idea of what they're doing to find what they need.

The more "helpful" they try to be, the less helpful and usable they actually are.

Re:Yes, I agree

[oodaloop]

It's a terrible name though. Typical conversation at work:

Me: Hey, did you save that in My Places?
Them: No, I logged you out. I saved it on my profile.
Me: I know. Did you save it to your My Places, or somewhere else?
Them: Oh yeah, I saved it on my desktop.

Re: Yes, I agree

[gstoddart]

Hell hath no fury like a nerd set in his ways.

There's set in my ways, and then there's confronted with a modern piece of shit that some marketing wanker thinks is helpful.

And, I'm sorry to say it, but almost all of the crap I had to figure out how to remove was garbage, intended to give a tablet like interface, using a UI which is mostly about eye candy.

It serves no purpose, and provides no value to me.

It's crap. But it's pretty.

My problem with Microsoft is they seem to have forgotten that many of us still actually use computers to do our fucking work.

Metro was a steaming pile of crap which wasn't useful for that.

The OS itself seems good. The user interface has been designed by morons.

Re:Yes, I agree

The condescending My Docs, My Music, et al should also go.

WHY?! This actually teaches / encourages people to store their documents / pictures / music in *one spot*, which makes things much more simple to back up. Granted, not every user actually uses these folders for their intended purposes (I recall backing up a ~120GB "My Documents" folder becuase the user threw *all* files, picutres / music / videos / documents into it, with *no* sub-folders to sort everything, for example)...

The reason to not use that structure is because it is a bad structure.
First of all the "My" prefix is terrible. Yes, I know that they just want the user to feel at home, but in a work related environment "My" doesn't make sense. (And the categories are aimed at a home user anyway.)

When it comes to the categories they are not laid out in a way home users or company users want to work with them.
I have never encountered someone that wants to split up their vacation data into photographs and videos. Typically they want them grouped together.

It's not clear if the music folder is for own composed music or purchased music. Typically you do not want to mix them and purchased music you generally want to share within the family anyway.

The documents folder is badly named or another folder for projects is needed. If you write a report you want to keep supplementary data together with the document you are writing. This includes pictures.

Sure, you can just make your own structure in the My Documents folder. Unfortunately a lot of programs thinks that that folder is their playground and stores user specific settings or data there.

Microsoft has yet to come up with a good solution. The ones they have provided so far is extremely inadequate.

Re: Yes, I agree

[i.r.id10t]

No angst here about it - I make beer money every so often just by backing up a users actual data files they care about, browser profiles, mail client storage, wipe windows and reinstall, all updates, etc. and then put their data back. If you wanted to dedicate yourself to running a business with yourself and maybe a couple of part time PFY employees, you could make a very good living fixing these issues that are the result of what you consider poor design, and the stupid decisions users have made.

Are you nuts?

[Anne+Thwacks]

The malware writers will never agree to i!

Better idea

[BCGlorfindel]

Instead of insisting that modern OS design carry forward an old and archaic standard set of digits describing the type of file, show users visual information about the file type/associations in way that is meaningful to them. If it is an executable file, don't make users parse that .exe is short for that, and in many cases .com and .bat can kinda work the same way. Give users a visual identifier that lets them know clicking this file will lead to this action. A web icon for anything that'll attempt to open itself from a browser, a document icon for something that will open in a document viewer, and so on.

Insisting on showing people a 3 character code that 99% of them are entirely ignorant of solves nothing.

Re:Missing the problem by a mile

[Luthair]

This seems irrelevant. If you have a jpeg with a TXT extension, Windows at least will treat the file as a text file not an image.

And why is hiding shit the default in Win server?

[swb]

That always baffles me.

I'm kind-of-sort-of willing to concede to the demands by that fuckstick hipster who works in marketing who thinks that aesthetically filename extensions make the product too technical for other fuckstick hipsters who are also wound up about appearances. I don't agree, but I'm tired of arguing about it, at least when it comes to the consumer desktop OS.

But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box? What shithead, or group of shitheads, made that decision and WHY? As far as I'm concerned this is a deeper, more profound and transcendental stupidity than making Win Server use the Win8 start menu.

I find it particularly ironic given the Microsoft push to capture mindshare from CLI propellerheads with PowerShell Everything.

Re:File extensions?

[Qzukk]

The filetype is now contained in the icon

The icon of an executable is set by the executable. Enjoy your porn.jpg.exe with a thumbnail icon.

Good luck with that.

[pla]

it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.

Oh man, good one! You had me going until that line. Beautiful!

I just responded in another thread where actual programmers argued about whether or not it counts as "confusing" to split a delimited string without actually using the name "split" for the method that does the work.

And you want to try to get the average end user to understand the difference between ".XLS", ".XLSX", and ".XLSX.EXE"?

May as well swing for the fences, I suppose.

Stop talking down to the user

[Karmashock]

The tendency to treat the user like a moron is common on all the widely adopted consumer operating systems and it really does need to stop.

It just leaves otherwise intelligent people utterly baffled when simple things happen because they're kept in a fantasy land by their GUI.

Re:Missing the problem by a mile

[arth1]

On Windows, extensions are meaningful to the operating system. It doesn't identify all files by magic numbers. Files are typed by their extensions. If the file is "fishhead.jpeg" then it is not a Win32 executable binary (barring flaws in the JPEG rendering system that lead to arbitrary execution).

You miss that it isn't like that in Windows either. A file named fishhead.jpeg can indeed be a a Win32 executable binary that gets executed by the OS as a binary if called without a named program to open it. That depends on what the end user and the programs he (spit) trusts have set the .jpeg extension to signify. It is only a recommendation. Windows provides defaults, but it is silly to presume that no program would ever be mean enough to change any of that on you.
You cannot trust the extensions any more than you can trust the "From:" address in an e-mail. Not in Windows either.

Re:Missing the problem by a mile

[Chris+Mattern]

Looking at the name extension will tell you absolutely nothing.

Looking at the name extension will tell you what the system will attempt to do with it by default. This can be very important to know.

Re:Yes, I agree, but no shortage of stupid GUI

[gewalker]

No shortage of stupid user interface choices. Some of the ones I've hated the most.

* Hiding menu options, aka personalized menus
* Wholesale rearranging and renaming of user interfaces between versions, esp. for infrequently used options
* Super secret hidden files.
* Windows 8

If I create the image...

[spywhere]

When I did Windows XP images for clients, I always set the Default User profile to display extensions.
I did this without asking, without any discussion beforehand, and only had to defend the decision once near the end of the design project... my defense was, "This is the right way to do it, so that's what we're doing." End of discussion.

When people aren't used to seeing extensions

[Spacelem]

Whenever I see a Windows desktop with file extensions disabled, I always try to explain to the person that they should be switched back on, and most people are quite happy to do so (they only had them off because that was the default).

However I was quite dismayed when I looked at my mother's laptop (which I had installed Linux Mint on for her), and she had no file extensions either. It turned out that she thought they looked untidy, and had gone through and manually removed the extensions from every single file in her home directory!

Fortunately the file and mmv commands made short work of fixing this, but I was surprised to say the least.

Re:And why is hiding shit the default in Win serve

[PPH]

doing UUCP support with someone who has to have Unix characters (like bang and pipe)

Odd. I found most receptionists understood what I meant by bang and pipe perfectly well.

"Hiding Things"

[Sir_Eptishous]

I hear the faint and cryptic laughter of Steve Jobs echoing in the distance...

Hiding Things?
Well of course, because modern UI design is all about obfuscating control over your device and interface.
Microsoft and the rest(this includes Linux desktops) don't want a "cluttered" user experience. UI designers seem to forget that people to need to modify and control their device and interface.

UI designers are too quick to "googlify" interfaces to such a degree that vast uncounted eons of time are wasted simply trying to modify simple things because UI designers have mandated a "spartan" and oh so Sprockets-like look and feel.
Users are tricked into thinking they shouldn't see the nuts and bolts.
Users are treated like idiots, and then become idiots.

Re:Even worse - extensions == "chmod +x" ?!?

[jellomizer]

The extension vs file system property is a trade off case. If I see a .EXE file I expect it to be a binary file. if I see a file which a 755 mod to it. How would I know if it is a binary file vs. a script without looking into it. Renaming a .bat file to a .exe will prevent it from running. A file that is chmod 755 will try to run. So the file extension is actually a good way to know what type of file it is.

Why trust users to do it?

[hawguy]

Why trust users to know what file extensions are "safe" and which are not? Surely the same computer that shows "ImportantFile.doc" to the user when it's really "ImportantFile.doc.exe" can be smart enough to pop up a message when someone clicks on it: "Hey, this filename *looks* like a document, but it's really an executable so instead of opening a document, I'm going to run it. It's probably a terrible idea to run it, so I'm not going to do it, you'll have to rename it to something less ambiguous if you really want to run it. But you should't do that. Really. I'm not kidding."

Re:Even worse - extensions == "chmod +x" ?!?

[AntiSol]

How would I know if it is a binary file vs. a script without looking into it.

type 'file /path/to/file'.

e.g:

user@host:~ $ file /bin/bash
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=bla, stripped

or:

user@host:~ $ file a_script.rb
a_script.rb: a ruby1.9.1 script, ASCII text executable

Re:Even worse - extensions == "chmod +x" ?!?

[BasilBrush]

So the file extension is actually a good way to know what type of file it is.

No, it's brain dead. The filename is a name. The filetype should be another piece of metadata. (and not just an executable flag either - a complete file type.)

If the file type needs to be seen by the user, then that's a UI design issue, not a reason to have brain dead mixed purpose metadata fields.