By Gregg Keizer
May 6, 2009
Windows 7 Release Candidate (RC) continues a long-running Microsoft
practice that puts users at risk, a security researcher said today.
The new operating system's Windows Explorer file manager still misleads
users about the true extension of a file, said Patrik Runald, chief
research advisor at Helsinki-based F-Secure Corp. Rather than reveal the
full extension for a filename, Windows Explorer hides the extension for
known file types, giving hackers a way to disguise malware by using
those file types' extensions and icons.
Windows Explorer, for example, will show the .txt icon and display
"attack.txt" as the filename for a Trojan horse that's actually been
named "attack.txt.exe" by the hacker. The practice goes back to at least
Windows NT, and has been criticized in the still-popular Windows XP and
the newer Windows Vista.
"People typically look at the icon to know what the file is," said
Runald. "If it looks like a Word doc or a PDF file, there's an implicit
trust in it, and users are more likely to click on those files, even if
they are actually an executable."
LayerOne 2009, Information Security for the discerning professional.
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California
Visit http://layerone.info for more information