Don’t hide those file extensions!

Lately I’ve ghostwritten several pieces on Internet security and how to protect yourself against malicious files. One point comes up over and over: Don’t hide file extensions! If you get a file called Evilware.pdf.exe, then Microsoft thinks you should see it as Evilware.pdf. The default setting on Windows conceals file extensions from you; you have to change a setting to view files by their actual names.

What’s this supposed to accomplish, besides making you think executable files are just documents? I keep seeing vague statements that this somehow “simplifies” things for users. If they see a file called “Document.pdf,” Microsoft’s marketing department thinks people will say, “What’s that .pdf at the end of the name? This is too bewildering and technical for me! I give up on this computer!”

They also seem to think that when people run a .exe file, not knowing it is one because the extension is hidden, and it turns out to be ransomware that encrypts all the files on the computer, that’s a reasonable price to pay for making file names look simpler. It’s always marketing departments that are to blame for this kind of stupidity; I’m sure the engineers know better.

This policy bears a big chunk of responsibility for the ease with which malware spreads on the Internet. If people saw that the attachment in their mail was an executable file, at least some of them would realize opening it is a bad idea. But malware is called “viruses,” as if it were something that a computer just caught rather than being launched by a user error. Originally, a virus was a kind of malware that inserted itself into a file, and from there could replicate itself into other files, just as biological viruses insert themselves into cells and replicate to other cells. True computer viruses are rare today, but the term has spread (virally?) to all kinds of malware and offers a convenient abdication of responsibility.

Macintosh Finder PreferencesOS X also hides file extensions by default, on the principle of imitating whatever Microsoft does. I’d almost forgotten that, since I’d once turned that misfeature off or refused to allow it and it hasn’t bothered me since. In the Finder preferences, make sure that “Show all filename extensions” is checked.

Comments are closed.