News >> Browse Articles >> Microsoft
News >> Browse Articles >> OS
Report: Win 7 Retains NT-Vintage Explorer Fault
Featured Author:
DailyTech
DailyTech is a leading online magazine for a well-educated, tech audience. Its readers enjoy hard-hitting and up to the minute CE, PC, IT and information technology news. DailyTech’s fast-moving content also reaches out via news syndications, public portals, and forums.
Shane McGlaun / DailyTech
May 07, 2009
‘Issue allows nefarious users to change file extensions unknown to user.’ -
Computer users and IT administrators around the globe are waiting for Windows 7. Many companies have still not upgraded from Windows XP due to the backlash against Windows Vista and a myriad of bugs and issues the operating system had upon its release.
The next operating system from Microsoft, Windows 7, is expected to debut in October and the latest Windows 7 RC is available to download now. The demand for the latest RC was so high that the number of requests for the operating system crashed the servers at Microsoft.
One of the things expected from Windows 7 is improved security. Despite that expectation, Mikko H. Hypponen, chief research officer at F-Secure, says that Windows 7 still suffers from a security hole that has plagued Windows Explorer since the days of NT.
The security issue, according to Hypponen, is a flaw in the way that Windows Explorer allows users to hide file extensions. This flaw allows a malicious user to write a virus, worm, or hack and rename the .exe file to something more innocent sounding like a .txt file that the user is more likely to click on.
InformationWeek reports that this security issue might not be so newsworthy if it weren’t for the End-to-End Trust Vision that Microsoft is promoting to enhance computer security. One of the basic aspects of computer security is being able to correctly identify the type of files on a user’s computer. Microsoft’s Craig Mundie said at a conference in 2008, “[It is] important that we give people the tools to empower them to make good trust choices.”
Microsoft has made some important security improvements in Windows 7 reports InformationWeek. One of the big improvements is stopping an attack initiated by the automatic execution of applications on flash drives when the flash drive is connected to the PC. This was one of the methods that allowed the Conficker worm to propagate rapidly from flash drives.
© 2009, DailyTech
deanmyrick
6 months ago
38 comments
When will Windoze users learn?
digioz
6 months ago
112 comments
Maybe its because I am a programmer but why on earth would you want to HIDE your file extensions anyway! That's like saying I want a sandwitch but I don't want to know what's in it!
The safest and surest way to tell the different file types from one another is by looking at the file extension.
ccorliss
6 months ago
164 comments
This issue can be fixed very simply. As with previous version of Windows, you just need to remove the option to hide know file extension types. This is an option that Microsoft should automatically disable, but for whatever reason they do not.