Windows Explorer tries to help by hiding some information. Unfortunately, that opens a hole that hackers can use to fool you.
The vast majority of Windows default settings boil down to a matter of personal preference.
Over the years, as I’ve installed Windows over and over again on new machines, test machines, and more, I’ve slowly adapted to simply accepting the default settings rather than re-applying a large number of customizations every time.
There’s one setting that I and many other security-conscious folks feel that Microsoft simply got wrong. It’s a setting that you should probably change right away.
You don’t want Windows Explorer to “Hide extensions for known file types”.
This is WINDOWS Explorer
Important: I’m hearing from a lot of people who aren’t finding this setting in Internet Explorer.
That’s correct. It’s not in Internet Explorer.
The program this applies to is Windows Explorer.
Follow the instructions that follow to run Windows Explorer.
Changing the setting
Run Windows Explorer – Windows Key + E will do, or right-click the Windows 7 start orb and click Open Windows Explorer.
If the menu bar is not visible, press and release the ALT key on your keyboard to make it appear.
Click Tools and then Folder Options…:
Click the View tab.
Make sure that Hide extensions for known file types is NOT checked. By default, it is.
Why this is so important
An extension is the end-part of a filename, from the last period onward. For example, in picture.jpg, the extension is .jpg. For resume.doc, the extension is .doc.
File extensions tell Windows what to do with a file when you double-click it (among other things). For example, when you double-click picture.jpg, the file extension tells Windows that it should open up your image viewing program. For resume.doc, it would indicate that a document editing program be run.
At any point in time, Windows “knows about” many different file extensions, depending on the applications that you have installed.
“Hide extensions for known file types” causes Windows Explorer to hide – not display – the file extension portion of the filename.
For example, here’s example.doc with Hide extensions for known file types unchecked:
And in the default case, with it checked:
You can see that the .doc is not displayed. The Type column shows what type of file Windows thinks it is, but the actual extension is hidden from view.
Now, let’s use a more sinister example.
When a file with that name is shown using Windows default settings to hide the file extension, it looks like this:
What shows is “example.doc”, even though the filename is really “example.doc.exe”.
You might be tempted to think it’s a .doc file, even though it’s not. It’s a .exe file. The Type column shows the correct type – Application – but the display looks like it’s a .doc file.
The malicious scenario works like this:
- You receive an attachment or download a file named something.doc.exe.
- You view that file in Windows Explorer and see only something.doc.
- Seeing this, you believe that it’s a document and double-click the file to open it.
- Because the real filename is something.doc.exe, it’s an application and Windows treats it like a program and runs it.
- Then, the program installs malware on your machine.
The best way to prevent this? Don’t “Hide extensions for known file types”.
That way, the file is revealed for what it truly is.