Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Vista Takes Another Bizarre Approach to Pseudo Security

Richard Rasker wrote:

...
In *nix, things are far better: the system determines the nature of a file
by inspecting its headers, which are somewhat less easy to change, while
the extension serves the primary purpose of informing the user. An example:

$ ls *.rpm
testdisk-6.6-1.i386.rpm
$ file testdisk-6.6-1.i386.rpm
testdisk-6.6-1.i386.rpm: RPM v3 bin i386 testdisk-6.6-1
$ mv testdisk-6.6-1.i386.rpm justaname.txt
$ file justaname.txt
justaname.txt: RPM v3 bin i386 testdisk-6.6-1

Nope, Linux isn't fooled by the complete change in name. And although
Linux users can be fooled just as easily as in Windows, there are no
extensions (e.g. exe pif com bat scr) which cause files to be executed
automatically when clicked - and there's no mechanism which hides an
(for the user) essential part of a file name, enabling attacks such as
NakedGirl.jpg.scr, which still arrive in mailbox on an almost daily basis.
...
What bothers me the most about this latest display of Microsoft's
incompetence, is that someone over there (or more likely several someones)
thought about this, and decided that it would be a good idea.

Actually, the reasoning behind the choices are fine...until vfat:

When a file was 8.3, the .3 gave the type of file and using that as what to do with a file was vaguely sensible[1]

Then when pointy-clicky came along, the icon told you what kind of file it was, and having the .exe or .txt bit on the file name looked a bit bad, so why not hide it...again vaguely sensible[1]

Then came along vfat that allowed the extension separator (a dot) to be used as a character in a file name - it took away the special meaning of the dot: bad move, effectively the file name now has /no/ extension.

MS is now in a bind as it requires an extension to tell it what to do with a file, but has also removed the extension - it bodges a solution by saying that the last dot is the extension separator.

But seeing as the icon tells you what the file is, we'll hide this last dot-extension from view.

This is actualy vaguely sensible[1] as any preceeding dots will be displayed. Thus "NakedGirl.jpg.scr" will appear as "NakedGirl.jpg". Now, if Windwos hides extensions (as per default), why would this file appear to have an extension? Unless there is yet another one that's been hidden.

Unfortunately, the very people who won't ask such questions (ie seeing <blah>.jpg will assume <blah> is a .jpg file even if no other file has an extension showing) are exactly the people who don't realise that Windwos hides extensions by default, nor to what extend Windows trusts extensions (or how much they trust Windwos to get a file type right and do the right thing with it - they're the ones who see NakedGirl.jpg and then moan that Windwos doesn't work and display the NakedGirl JPeg file that it ought, even though Windwos /did/ do what was "right" for what it thought was a .scr file).

[1]sensible as in hiding unnecessary extra data; however, as the action of hiding extensions is not put up in big letters, people forget that that's the mechanism Windwos uses to identify a file type and that there is a hidden extension - even if they can see one.

...

Other examples of course are the old Outlook "begin" nonsense, and this
Zune "protection measure", where a DRM system was in place to prevent
unauthorized sharing of music files - by just checking the file name
extension. How stupid do they think the rest of the world is? Just as
stupid as themselves, I gather.

I don't know what you mean about the Outlook "begin" nonsense. I mean, to begin with, there's a simple solution to this minor annoyance... ^_^


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index