Windows of this era provide a feature that by default hides extensions of files. They choose to display the filename alone – minus the extension.
This “feature”, as per Microsoft, is supposed to “reduce clutter in folder windows”.
It cropped up first in XP and was added in all subsequent versions including Vista as well as the upcoming Windows 7.
Many of you who store a ton of files in a certain folder (especially on the Desktop) may even agree with the reason of “reduced clutter”.
See for yourself.
- Open “My Computer” in a new window.
- Click “Tools” in the Menu bar and select “Folder Options”
- This brings up the “Folder Options” dialog box. Select the “View” tab.
- In the “Advanced Settings” you’ll see a checkbox meant to “Hide extensions for known file types”. This, by default, is checked – meaning the extensions will be hidden.
- Right click it and choose “What is this?”
But wait. This “feature” that is meant to be “user-friendly”, opens a vast opportunity to those who are nefariously-inclined.
Since the extension is hidden, the true type of a file is no longer visible. This can be exploited very easily.
Here is a simple batch file I create.
Notice how I named the file? While windows will have you believe that it’s an innocuous text file about delicious and yummy recipes. The truth remains that it’s a batch file which can freely execute kernel level commands.
You would almost certainly want to know what delicious recipe the file contains, especially if it’s a forward from a friend.
You double-click the file to open it and before you know it, the file has done its job.
In this case, the file above simply shows you a listing of directories in your “program files” folder on execution.
The more malicious ones could relay your info over the network to some server waiting for such files to be executed.
To be honest, you could redeem yourself with an amount of restraint and a bit more observation.
If you haven’t noticed yet, windows did give you a fair warning with the file’s icon.
Look at it again if you haven’t already.
And honestly, how many of you (who agreed with Microsoft’s “reduces the clutter” reasoning) checked the icon before opening a file?
Hope you’ve realized the impact of that one small check box on the security of your data.
Would not you rather have the file extensions displayed (and make do with all the “clutter” it creates)?