Potential Danger of Having File Extensions Hidden
Question. Why is it potentially dangerous to have your file extensions hidden? For the sake of answering this question, I’ll provide an example. For this demonstration, I’ve purposely enabled hiding of file extensions on Windows Explorer, which is the default behavior after you install Windows XP.
I went to a folder full of executable programs. These are legitimate programs that are part of the MS Office suite. This is currently in icon view.
As you can see everything looks pretty normal, take note that all the files shown are executables, meaning they are programs that can be run and not just plain documents. Now i’ll rename one of the programs, MSTORE to MyFile.doc.
What you see now is a file with a different extension, BUT in reality we haven’t actually changed its REAL extension, you may see it as a file with a .doc extension but it can still be run as an executable. Let me disable the hide file extension option on Windows Explorer and see what we have.
As you can see MyFile.doc is in fact MyFile.doc.EXE which can execute if we open it. Now why is this potentially dangerous you may ask? Picture this scenario. A friend of yours brings a USB drive with malicious files in it and plugs it on your computer. You see a file named Paris Hilton Scandal.mpg and out of curiousity you open the file.
Since file extensions are hidden by default, you didn’t notice that Paris Hilton Scandal.mpg was actually Paris Hilton Scandal.mpg.exe, malicious program executed, deadly payload dropped on your computer. You just got screwed.
I’ve come across countless USB drives, shared network folders, portable hard disks, even compact disks containing files that are potentially harmful (.doc.exe, .mpg.exe). Some even mimic the icon of a folder so that you’ll be tricked to open it.
Bottom line, its dangerous and you don’t get any benefit from hiding file extensions other than for your desktop to look neat. Now that you understand its potential danger, I’ll show you how to disable this feature/behavior on my next post. ^_^
Previous post: Need a Password Management Program Try SurfSecret KeyPad
Next post: How to Disable Hidden File Extensions on Windows XP
{ 1 trackback }