 |  |  |  |  |  |  |  |
Windows 7 putting users at risk
With the Windows 7 release code out there and available for download right now, and free to use until 2010 for good measure, the last thing Microsoft will want to hear is bad news about potential security risks for users of the new flagship OS. But that's exactly what researchers over at security outfit F-Secure is delivering.
The Helsinki-based F-Secure reckons that a well known and long-lambasted problem that has existed in Windows NT, Windows 2000, Windows XP and Vista has not been fixed. That problem is Explorer hiding extensions for known file types. F-Secure claims that virus writers have long used this feature in order to trick people into thinking executables are simple document files and the like. Double naming virus.exe to virus.txt.exe would result in Windows hiding the .exe part and leaving the unsuspecting user seeing what looks like a .txt file instead of the actual executable, aided and abetted by the bad guys changing the icon inside the executable to seal the deal.
F-Secure tried the age old trick using Windows 7 and, oh dear, you can probably guess the rest.
"Bottom line: We still fail to see why Windows insists on hiding the last extension in the filename. It's just misleading" says F-Secure.
Microsoft has admitted messing up with Windows 7 security in the past, but the chances of it doing the same with this potential risk are pretty slim I would imagine. After all, it has had many years to correct the error and decided not to, so why change now?
The Helsinki-based F-Secure reckons that a well known and long-lambasted problem that has existed in Windows NT, Windows 2000, Windows XP and Vista has not been fixed. That problem is Explorer hiding extensions for known file types. F-Secure claims that virus writers have long used this feature in order to trick people into thinking executables are simple document files and the like. Double naming virus.exe to virus.txt.exe would result in Windows hiding the .exe part and leaving the unsuspecting user seeing what looks like a .txt file instead of the actual executable, aided and abetted by the bad guys changing the icon inside the executable to seal the deal.
F-Secure tried the age old trick using Windows 7 and, oh dear, you can probably guess the rest.
"Bottom line: We still fail to see why Windows insists on hiding the last extension in the filename. It's just misleading" says F-Secure.
Microsoft has admitted messing up with Windows 7 security in the past, but the chances of it doing the same with this potential risk are pretty slim I would imagine. After all, it has had many years to correct the error and decided not to, so why change now?
Similar Threads
- Windows XP Local Users Security Help!!! (Windows NT / 2000 / XP)
- News Story: Microsoft admits Word users are at risk from critical Jet vulnerability (Network Security)
- Putting a windows media player in my web (HTML and CSS)
- PUTTING C++ TO USE!!! (GUIs & MS Windows) (C++)
- Putting skins for my windows project (C#)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Windows Software Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
advertising age amd android apple avatar ballmer bluegene botnet browser business cellphone china chips copyright crime data database development dos economy email encryption energy enterprise europe facebook firefox games gaming google government hacking hardware ibm ibm.news intel intelibm internet iphone ipod itunes law linux mac malware marketing medicine memory microsoft mobile mozilla music news nintendo novell office openoffice opensource os pc phishing piracy porn privacy ps3 recession redhat report research russia search security sex socialnetworking software spam sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web wii windows windows7 working x86 xbox xp yahoo youtube
