Windows 7 hidden file extensions

View previous topic View next topic Go down

Windows 7 hidden file extensions

Post by Hawkwind on 4/7/2010, 22:14

I have just noticed this at Gladiator security forum.
http://gladiator-antivirus.com/forum/index.php?showtopic=88726

How much of a security risk is having file extensions hidden?
avatar
Hawkwind
Member
Member

Posts : 29
Join date : 2010-04-24

View user profile

Back to top Go down

Re: Windows 7 hidden file extensions

Post by ssj100 on 5/7/2010, 02:52

This isn't just on Windows 7, but also on Windows XP (and I presume on Vista also). Having hidden file extensions is a significant security risk, in my opinion, because it influences how you handle newly introduced files on your REAL system.

For example, a classic method of tricking the user into double clicking a file is to make it look like a benign powerpoint or a word file etc., when in fact it is a malicious executable:

1. Name the malicious executable as follows:
2. "ClickMe.doc"
3. Send the malicious executable via e-mail to an unsuspecting user
3. On a system which has file extensions hidden, the user will see it as "ClickMe.doc" and think it is a harmless file - they double click it and get owned (unless they have SRP in place haha - gotta love default-deny anti-execution)
4. On a system which doesn't have file extensions hidden, the user will see it as it truly is: "ClickMe.doc.exe"

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Windows 7 hidden file extensions

Post by Hawkwind on 5/7/2010, 16:39

Thanks for the explanation Smile
avatar
Hawkwind
Member
Member

Posts : 29
Join date : 2010-04-24

View user profile

Back to top Go down

Re: Windows 7 hidden file extensions

Post by Dude111 on 25/7/2010, 17:46

Hawkwind wrote:How much of a security risk is having file extensions hidden?
Not a risk @ all if your aware of things.....

For instance: If you got a file and the filename was Test.jpg AND YOU SAW THE ".JPG" IN THE FILENAME AND YOU HAVE JPG REGISTERED SO YOU SHOULDNT SEE IT,WOULDNT YOU BE SUSPICIOUS AND CHECK FILE PROPERTIES BEFORE DOUBLE CLICKING IT?

Im on 98se and have that option enabled Smile


I agree people that dont know anything might be tricked like this but if your tech-smart and aware of things,that stuff isnt a problem.......


Nice site here -- Good job ssj100!!!

Dude111
Member
Member

Posts : 25
Join date : 2010-07-25

View user profile

Back to top Go down

Re: Windows 7 hidden file extensions

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum