ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Windows 7 hidden file extensions

3 posters

Go down

Windows 7 hidden file extensions Empty Windows 7 hidden file extensions

Post by Hawkwind 4/7/2010, 22:14

I have just noticed this at Gladiator security forum.
http://gladiator-antivirus.com/forum/index.php?showtopic=88726

How much of a security risk is having file extensions hidden?
Hawkwind
Hawkwind
Member
Member

Posts : 29
Join date : 2010-04-24

Back to top Go down

Windows 7 hidden file extensions Empty Re: Windows 7 hidden file extensions

Post by ssj100 5/7/2010, 02:52

This isn't just on Windows 7, but also on Windows XP (and I presume on Vista also). Having hidden file extensions is a significant security risk, in my opinion, because it influences how you handle newly introduced files on your REAL system.

For example, a classic method of tricking the user into double clicking a file is to make it look like a benign powerpoint or a word file etc., when in fact it is a malicious executable:

1. Name the malicious executable as follows:
2. "ClickMe.doc"
3. Send the malicious executable via e-mail to an unsuspecting user
3. On a system which has file extensions hidden, the user will see it as "ClickMe.doc" and think it is a harmless file - they double click it and get owned (unless they have SRP in place haha - gotta love default-deny anti-execution)
4. On a system which doesn't have file extensions hidden, the user will see it as it truly is: "ClickMe.doc.exe"
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Windows 7 hidden file extensions Empty Re: Windows 7 hidden file extensions

Post by Hawkwind 5/7/2010, 16:39

Thanks for the explanation Smile
Hawkwind
Hawkwind
Member
Member

Posts : 29
Join date : 2010-04-24

Back to top Go down

Windows 7 hidden file extensions Empty Re: Windows 7 hidden file extensions

Post by Dude111 25/7/2010, 17:46

Hawkwind wrote:How much of a security risk is having file extensions hidden?
Not a risk @ all if your aware of things.....

For instance: If you got a file and the filename was Test.jpg AND YOU SAW THE ".JPG" IN THE FILENAME AND YOU HAVE JPG REGISTERED SO YOU SHOULDNT SEE IT,WOULDNT YOU BE SUSPICIOUS AND CHECK FILE PROPERTIES BEFORE DOUBLE CLICKING IT?

Im on 98se and have that option enabled Smile


I agree people that dont know anything might be tricked like this but if your tech-smart and aware of things,that stuff isnt a problem.......


Nice site here -- Good job ssj100!!!

Dude111
Member
Member

Posts : 25
Join date : 2010-07-25

Back to top Go down

Windows 7 hidden file extensions Empty Re: Windows 7 hidden file extensions

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum