Windows 7 hidden file extensions
3 posters
Page 1 of 1
Windows 7 hidden file extensions
I have just noticed this at Gladiator security forum.
http://gladiator-antivirus.com/forum/index.php?showtopic=88726
How much of a security risk is having file extensions hidden?
http://gladiator-antivirus.com/forum/index.php?showtopic=88726
How much of a security risk is having file extensions hidden?
Hawkwind- Member
- Posts : 29
Join date : 2010-04-24
Re: Windows 7 hidden file extensions
This isn't just on Windows 7, but also on Windows XP (and I presume on Vista also). Having hidden file extensions is a significant security risk, in my opinion, because it influences how you handle newly introduced files on your REAL system.
For example, a classic method of tricking the user into double clicking a file is to make it look like a benign powerpoint or a word file etc., when in fact it is a malicious executable:
1. Name the malicious executable as follows:
2. "ClickMe.doc"
3. Send the malicious executable via e-mail to an unsuspecting user
3. On a system which has file extensions hidden, the user will see it as "ClickMe.doc" and think it is a harmless file - they double click it and get owned (unless they have SRP in place haha - gotta love default-deny anti-execution)
4. On a system which doesn't have file extensions hidden, the user will see it as it truly is: "ClickMe.doc.exe"
For example, a classic method of tricking the user into double clicking a file is to make it look like a benign powerpoint or a word file etc., when in fact it is a malicious executable:
1. Name the malicious executable as follows:
2. "ClickMe.doc"
3. Send the malicious executable via e-mail to an unsuspecting user
3. On a system which has file extensions hidden, the user will see it as "ClickMe.doc" and think it is a harmless file - they double click it and get owned (unless they have SRP in place haha - gotta love default-deny anti-execution)
4. On a system which doesn't have file extensions hidden, the user will see it as it truly is: "ClickMe.doc.exe"
Re: Windows 7 hidden file extensions
Thanks for the explanation
Hawkwind- Member
- Posts : 29
Join date : 2010-04-24
Re: Windows 7 hidden file extensions
Not a risk @ all if your aware of things.....Hawkwind wrote:How much of a security risk is having file extensions hidden?
For instance: If you got a file and the filename was Test.jpg AND YOU SAW THE ".JPG" IN THE FILENAME AND YOU HAVE JPG REGISTERED SO YOU SHOULDNT SEE IT,WOULDNT YOU BE SUSPICIOUS AND CHECK FILE PROPERTIES BEFORE DOUBLE CLICKING IT?
Im on 98se and have that option enabled
I agree people that dont know anything might be tricked like this but if your tech-smart and aware of things,that stuff isnt a problem.......
Nice site here -- Good job ssj100!!!
Dude111- Member
- Posts : 25
Join date : 2010-07-25
Similar topics
» hosts file
» Will Windows XP eventually become the most "secure" usable Windows OS?
» "How to disable the Autorun functionality in Windows" (Windows XP)
» PowerShell script to handle HOSTS file
» Reducing permissions on Firefox extensions
» Will Windows XP eventually become the most "secure" usable Windows OS?
» "How to disable the Autorun functionality in Windows" (Windows XP)
» PowerShell script to handle HOSTS file
» Reducing permissions on Firefox extensions
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum