Disable Hidden File Extensions
One of the security options change you should perform to your Windows operating system is to disable hidden file extensions. By default, most Windows installations are configured to hide file extensions for known file types. This is not good, because the user is not informed as to what kind of file he/she is about to execute, apart from the icon associated with the file which does not tell much about any problems that may be with the file.
An attacker can choose to send the user an email containing a modified filename. For example a worm may be emailing you a file attached to your message, named 'LOVE-LETTER.TXT.vbs' . If hidden file extensions option is enabled, the .vbs extension will be hidden in this case, and if the user assumes that the file is a harmless text file and attempts to open it, what happens is that the worm is being executed instead and the computer is already infected. This kind of file extension based attack is a common type of attack for most email worms and it is wide spread today. The user is lured into opening the file by curiosity in most cases, and the file names are chosen carefully in order to attract users into clicking on them.
Although the operating system has a Windows Explorer option to turn off hiding file extensions for known file types, one of the things that is less known is that after unchecking this option, there are still some file extensions that will continue to remain hidden for the user, like for example the .LNK extensions which are commonly used for links but they also may be used by files with the ability to compromise a computer. There are also the Shell Scrap Objects files, which bear an extension of '.SHS', which are hidden y default and can be executed – they will be executed if the user clicks on them,and at that point the damage is already done. Therefore, we need to disable hidden file extensions even for these files. This is not so easy, since the only true option to disable hidden file extensions completely is through a registry change.
This change requires attention and experience in dealing with Windows registry, since such operations can result in damaging your computer's operating system, if done improperly. If you are an experienced user in dealing with the registry, you can turn off hidden file extensions for all known file types by searching the registry for all occurences of the 'NeverShowExt' value in the registry. To do this, you need to select Run from the start menu, then enter 'regedit' to launch the registry editor. From the Edit menu, select Find, then check only the 'Values' option to search only for this type of items in the registry. Then when an occurrence of the 'NeverShowExt' registry value is found, right click on it and select Delete to remove it completely. You will need to press F3 afterwards as to look for the next occurrence and repeat the last step of deleting the 'NeverShowExt' value from your registry, until all occurences are removed from your registry. Please note that a reboot will be required afterwards, for the changes to become active.
An attacker can choose to send the user an email containing a modified filename. For example a worm may be emailing you a file attached to your message, named 'LOVE-LETTER.TXT.vbs' . If hidden file extensions option is enabled, the .vbs extension will be hidden in this case, and if the user assumes that the file is a harmless text file and attempts to open it, what happens is that the worm is being executed instead and the computer is already infected. This kind of file extension based attack is a common type of attack for most email worms and it is wide spread today. The user is lured into opening the file by curiosity in most cases, and the file names are chosen carefully in order to attract users into clicking on them.
Although the operating system has a Windows Explorer option to turn off hiding file extensions for known file types, one of the things that is less known is that after unchecking this option, there are still some file extensions that will continue to remain hidden for the user, like for example the .LNK extensions which are commonly used for links but they also may be used by files with the ability to compromise a computer. There are also the Shell Scrap Objects files, which bear an extension of '.SHS', which are hidden y default and can be executed – they will be executed if the user clicks on them,and at that point the damage is already done. Therefore, we need to disable hidden file extensions even for these files. This is not so easy, since the only true option to disable hidden file extensions completely is through a registry change.
This change requires attention and experience in dealing with Windows registry, since such operations can result in damaging your computer's operating system, if done improperly. If you are an experienced user in dealing with the registry, you can turn off hidden file extensions for all known file types by searching the registry for all occurences of the 'NeverShowExt' value in the registry. To do this, you need to select Run from the start menu, then enter 'regedit' to launch the registry editor. From the Edit menu, select Find, then check only the 'Values' option to search only for this type of items in the registry. Then when an occurrence of the 'NeverShowExt' registry value is found, right click on it and select Delete to remove it completely. You will need to press F3 afterwards as to look for the next occurrence and repeat the last step of deleting the 'NeverShowExt' value from your registry, until all occurences are removed from your registry. Please note that a reboot will be required afterwards, for the changes to become active.
This information is provided without any warranties of any kind. Use it at your own risk. Terms and conditions