I totally passed the quiz.
One of the first things I do the first time I log onto a windows box is turn off Hide Extensions for Known File Types (along with disabling those stupid custom menu's and taskbar common program grouping features)

Anyone who spends a lot of time on Windows should recognize the unambiguous icon of an executable file on that image.

Re: hiding file extensions, this was a pretty startling discovery for many people... in 1999. Didn't we get the idea when every e-mail virus and its uncle was arriving in our Inbox with a filename like bikinipictures.jpg.vbs?

I passed the test, too! What do I win?

"Anyone who spends a lot of time on Windows should recognize the unambiguous icon of an executable file on that image."

Only because BK made it easy. Windows shows the embedded icon of executable files that have one: real malware can trivially match the look of their fake extension.

Far more useful would be a way to turn off that bad "feature" using Active Directory / Group Policy. Anyone know where that particular setting hides, if it is available?

I dont know...is this an article from 1997?
Seriously, a properly configured anti-Virus, even one that is free, will prevent the user from being able to open a virus infected executable file.

Any decent email client will completely block executable files from downloading.

A user that turns off his/her anti-virus, or doesn't use one properly, who then proceeds to download an executable file from an unknown source and then just opens it...should not be using a computer and only has him/herself to blame. It is akin to having a stretch black limo pulling next to you and having the electric window crack open, and hearing a strange voice asking "hey kid, want some candy?".
Would you take it?
Why would you think the Internet is any safer???

I mean come on people!!

Except for the fact that AVs can't even come close to being up to date.

Ya the icon can be quite easily changed to match the text file. But if you are both smart in what your downloading and have a decent antivirus then you should never get a virus. I haven't had any viruses or malware in 8 years its really not that hard.

And if you think anti viruses aren't updated often enough then you are probably using either norton or mcafee. Check out AVG, Avast, or NOD32 they are the best scanners on the market.

The folks that have remarked that this is not a new phenomenon are right; in fact, CERT published an "Incident Note" on it back in 2000:

http://www.cert.org/incident_notes/IN-2000-07.html

What no one has mentioned so far is that unchecking the box for "Hide Extensions for Known File Types" does NOT entirely solve the problem. As the CERT note points out, there is a setting in the Windows Registry that prevents certain file types from *ever* being displayed. (An example is the '.LNK' filetype of program shortcuts.) The only method I know of that will display these filetypes is using the 'DIR' command from the Windows command prompt. This behaviour was present in Windows 95/98/ME/NT/2000, and (as I have just verified) is still there in Win XP. (If I can find a Vista machine to check, I'll look there, too.)

The CERT note explains how you can manually hack the Registry (with REGEDIT) to remove this mis-feature. I will quote a USENET post I made back in 2003 on this subject:

"IMO, having the behavior of the OS in opening a file depend on part of the name is a bad design choice. (I can't think of a non-Microsoft OS that does this.) But concealing the information from the user is just egregiously stupid."

I have just checked a machine with Windows Vista Home Premium, and I can confirm that the filetype-hiding behaviour I mentioned above (described more fully in the CERT note) is still present in Vista.

It's good to revisit these little things once in a while, and of course with Windows there seem to be quite a few "little things" that were explained, not fixed.

These people here that say "if you only used a good AV" scare me. They are the problem with Windows.

Use Linux and you wont have to worry about nasty executable files being hidden as .exe files... Problem solved! But seriously why is this news?!? Anyone who knows how to read news about an operating system knows enough to watch out for this seriously...

Get a Mac.

Chris wrote: Anyone who knows how to read news about an operating system knows enough to watch out for this seriously...

Therein lies the problem. There are legions of computer users out there that don't really understand what an operating system is, or what an extension is. They believe that as long as they have an AV in place and faithfully update it, they are safe.

Rich wrote, "IMO, having the behavior of the OS in opening a file depend on part of the name is a bad design choice. (I can't think of a non-Microsoft OS that does this.)"

All the precursors of DOS behaved that way. I encountered on VAX, on DECsystem-20, on the IBM 370 and 360. I guess you are too young, Rich, to know how natural this idea is. Before the days of metadata and alternate data streams, the only way to associate the filetype with the filename was to glue the 2 things together.

I agree that hiding the file type is silly and stupid. Every month I watch someone freeze before his screen because he can't figure out which of 3 or 4 icons with the same name is to be clicked on.

That's executable. Obviously. ILOVEYOU was actually weak on the same point. On OS X however it's possible to disguise both the intent and the icon. Then unless you query your shell first to ask what it intends to do with the file you're toast.

Solo Owl> Before the days of metadata and alternate data streams, the only way to associate the filetype with the filename was to glue the 2 things together.... I agree that hiding the file type is silly and stupid.

Maybe what's kind of stupid is the whole metaphor of double-clicking on icons.

The first thing I do when I get stuck using a Windows box is switch to the details view so I can see what the hell is going on. Yes, of course I disable hiding of file types as well, but I don't look at the types much; I look at the Type column in the details view. And I certainly don't pay attention to icons, unless they are image thumbnails.

If you go back to Xerox/PARC/Apple LISA days and think about it, well, what was the idea supposed to be? Okay, we have a metaphorical desktop and we can metaphorically move objects, symbolized by icons, around on it. Fine, but what is double-clicking on an icon supposed to be a metaphor for? Okay, we learn that it "opens" the object. But "opens" here is itself a metaphor, meaning "instructs an application to view the object".

This is where things break down, because, in the primitive semantics expressed by moving icons around and clicking on them, there is no way to specify what application you wish to use. In the world of interchangeable data, e.g. XML, we find ourselves having to specify more and more what application we wish to "open" an object with, and, often as not, I find I have to use right-click... Open With... to get the semantic I'm looking for. This is because the desktop metaphor really allows only one default action to be performed on an object, bound to the double-click action, and that's just not enough. One may resort to slightly more sophisticated semantics, and drop a file icon on an application icon, but what if I need to using a program to combine two files in a specific way? Who is the actor? Who is the patient? Who is the indirect object? The current weak visual models don't provide for any of the rich semantics of a linear command line.

As for where the metadata designating the single default action is stored--file type extension or internal file metadata--that's really a non-issue to me (I still have a CP/M box in my closet). It's just outdated residue of a simplistic, 30-year-old concept of files. What is the default action for an XML file, and how often will it be useful that I can double-click to get it?

On a real operating system, I don't use default actions and I don't use icons. I also don't waste much time jumping back and forth between mouse and keyboard. I use the keyboard to navigate, for the most part, and I type exactly what I want to do: "vi file.txt", "./program file.txt > file.xml", "xsltproc style.xsl file.xml".

The visual desktop model hasn't improved computing. It's simply led to a world where people who are too ignorant to use a computer as anything more than a word processor or slide projector are nonetheless still able to download and execute malware.

jeffm wrote:Therein lies the problem. There are legions of computer users out there that don't really understand what an operating system is, or what an extension is. They believe that as long as they have an AV in place and faithfully update it, they are safe.

I really don't use windows past using a few games it is what it is meant for. any other real computing I use *nix whether it be free bsd linux or mac osx. I think that Microsoft should really stop trying to lull users into a fear using WGA and innovate something then maybe people would actually use their computers for more than playing games and making viruses. Or maybe my suspicions are correct:Anti-virus makers make most viruses to sell anti-virus software.

In my recently updated Internet Explorer 7 and Windows Media Center edition, "Folder Options" is found on the Control Panel, rather than on the toolbar Tools menu.