Windows uses what is known as “file extensions” (the letters after the ‘.’ in the filename) to determine how to handle the file. For example, “.exe” files are executable programs, “.doc” are documents (typically MS-Word), and “.qbw” are QuickBooks data files.

Out of the box, Windows defaults to hiding the file extension in folder listings, instead relying on the file’s icon to convey the file type to the user. The “bad guys” have taken advantage of this, by making you think the file is of one type, when it’s really an executable program designed to infect your system.

Icon with extensions hiddenIs this “report” a document you can view,
or a trojan designed to infect your system?

Fortunately, it’s an easy fix.

Display any folder in Windows (for example, click the “start” button and then select “My documents”, or “Documents”, depending on your Windows version), select “Tools” and then “Folder options” from the menu. A dialog box will appear, with several tabs at the top. Select the “View” tab.

From the list of “advanced settings”, make sure that “hide extensions for known file types” is unchecked.

Now, why is this important? Consider the recent flood of spam I’ve been getting lately, which consists of an e-mail supposedly telling me that the “updated report” is attached. By default, the file will look something like this:

It looks pretty much like a document of some sort, called “report”. Double-click it to “look at the report” and instead, you will run a program which try to infect your system. (Hopefully, it won’t succeed, as you should have all your protections in place. But, why chance it?)

However, with that item unchecked, it will look like this:

Note the “.exe” at the end of the name.  That tells you that it’s a Windows executable, and you shouldn’t click it unless you know it’s legit.

To make things worse, the “bad guys” sometimes give the filename what looks like two extensions. For example, they may call the file “naked_lady.jpg.exe”, knowing that it will appear as “naked_lady.jpg” if extensions are hidden, making it appear even more like a picture instead of an executable.

2 Comments

  1. Tweets that mention RunOnFriday.com Blog » Blog Archive » Don’t hide file extensions -- Topsy.com says:

    […] This post was mentioned on Twitter by TariAkpodiete, Steve Costello. Steve Costello said: RT @askleo Don’t hide file extensions in Windows http://ps0.us/17g (Agree – important for security.) #usergroup […]

  2. RunOnFriday.com Blog » Blog Archive » Spammers are nothing it not persistent says:

    […] supposedly a PDF containing further information.  It was, of course, a Windows executable (with “.pdf.exe” at the end of the filename), which AVG says is “VirusFakeAlert”. […]

Leave a Reply

You must be logged in to post a comment.