Hiding an Extension

Windows of this era provide a feature that by default hides extensions of files. They choose to display the filename alone – minus the extension.
This “feature”, as per Microsoft, is supposed to “reduce clutter in folder windows”.

It cropped up first in XP and was added in all subsequent versions including Vista as well as the upcoming Windows 7.

Many of you who store a ton of files in a certain folder (especially on the Desktop) may even agree with the reason of “reduced clutter”.

See for yourself.

  1. Open “My Computer” in a new window.
  2. Click “Tools” in the Menu bar and select “Folder Options”
  3. This brings up the “Folder Options” dialog box. Select the “View” tab.
  4. In the “Advanced Settings” you’ll see a checkbox meant to “Hide extensions for known file types”. This, by default, is checked – meaning the extensions will be hidden.
  5. Right click it and choose “What is this?”

But wait. This “feature” that is meant to be “user-friendly”, opens a vast opportunity to those who are nefariously-inclined.

Since the extension is hidden, the true type of a file is no longer visible. This can be exploited very easily.

Here is a simple batch file I create.

Notice how I named the file? While windows will have you believe that it’s an innocuous text file about delicious and yummy recipes. The truth remains that it’s a batch file which can freely execute kernel level commands.

You would almost certainly want to know what delicious recipe the file contains, especially if it’s a forward from a friend.

You double-click the file to open it and before you know it, the file has done its job.

In this case, the file above simply shows you a listing of directories in your “program files” folder on execution.
The more malicious ones could relay your info over the network to some server waiting for such files to be executed.

To be honest, you could redeem yourself with an amount of restraint and a bit more observation.

If you haven’t noticed yet, windows did give you a fair warning with the file’s icon.

Look at it again if you haven’t already.

And honestly, how many of you (who agreed with Microsoft’s “reduces the clutter” reasoning) checked the icon before opening a file?

Hope you’ve realized the impact of that one small check box on the security of your data.

Would not you rather have the file extensions displayed (and make do with all the “clutter” it creates)?

View Comments

Share
Published by
Abhinav Kar
Tags: command prompt security virus windows windows xp

Recent Posts

  • Java

Java URL Encoder/Decoder Example

Java URL Encoder/Decoder Example - In this tutorial we will see how to URL encode/decode…

5 years ago
  • General

How to Show Multiple Examples in OpenAPI Spec

Show Multiple Examples in OpenAPI - OpenAPI (aka Swagger) Specifications has become a defecto standard…

5 years ago
  • General

How to Run Local WordPress using Docker

Local WordPress using Docker - Running a local WordPress development environment is crucial for testing…

5 years ago
  • Java

Create and Validate JWT Token in Java using JJWT

1. JWT Token Overview JSON Web Token (JWT) is an open standard defines a compact…

5 years ago
  • Spring Boot

Spring Boot GraphQL Subscription Realtime API

GraphQL Subscription provides a great way of building real-time API. In this tutorial we will…

5 years ago
  • Spring Boot

Spring Boot DynamoDB Integration Test using Testcontainers

1. Overview Spring Boot Webflux DynamoDB Integration tests - In this tutorial we will see…

5 years ago