0

With the Windows 7 release code out there and available for download right now, and free to use until 2010 for good measure, the last thing Microsoft will want to hear is bad news about potential security risks for users of the new flagship OS. But that's exactly what researchers over at security outfit F-Secure is delivering.

The Helsinki-based F-Secure reckons that a well known and long-lambasted problem that has existed in Windows NT, Windows 2000, Windows XP and Vista has not been fixed. That problem is Explorer hiding extensions for known file types. F-Secure claims that virus writers have long used this feature in order to trick people into thinking executables are simple document files and the like. Double naming virus.exe to virus.txt.exe would result in Windows hiding the .exe part and leaving the unsuspecting user seeing what looks like a .txt file instead of the actual executable, aided and abetted by the bad guys changing the icon inside the executable to seal the deal.

F-Secure tried the age old trick using Windows 7 and, oh dear, you can probably guess the rest.

"Bottom line: We still fail to see why Windows insists on hiding the last extension in the filename. It's just misleading" says F-Secure.

Microsoft has admitted messing up with Windows 7 security in the past, but the chances of it doing the same with this potential risk are pretty slim I would imagine. After all, it has had many years to correct the error and decided not to, so why change now?

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.