Software // Operating Systems
News
5/5/2009
05:26 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Windows 7 Retains Windows Explorer Security Risk

A feature in Windows Explorer, the operating system's file management application, enables virus writers to disguise executable files, security researcher says.




Windows 7 screen shot
(click for larger image and for full photo gallery)

Windows 7 RC is now available, but Microsoft's new operating system could use a bit more tinkering to improve security.

Mikko H. Hypponen, chief research officer at F-Secure, points out that Windows 7 retains a feature in Windows Explorer, the operating system's file management application, that has allowed attackers to deceive Windows users since the Windows NT era.

Specifically, Windows Explorer provides a way to hide a file's extension. Virus writers use this feature to disguise executable files as something more innocuous, such as text files, Hypponen explains in a blog post.

By also changing the appearance of a malicious executable's icon, malware authors have a much easier time convincing users to run malicious software using social engineering techniques.

Such an oversight might be less noteworthy were Microsoft not pushing its End-to-End Trust vision to enhance computer security. Last year at the 2008 RSA Conference, Microsoft chief research and strategy officer Craig Mundie said that it was "important that we give people the tools to empower them to make good trust choices."

Having accurate information about the nature of the files on one's computer could be said to be equally important.

At the same time, Microsoft deserves some credit for hardening Windows 7 against another attack vector, the automatic execution of files stored on removable media. Last month, Microsoft said that it had changed Windows AutoPlay so that it would no longer automatically run applications on external devices other than CD/DVD players. This will help prevent the propagation of malware like the Conficker worm through USB thumb drives.


InformationWeek Analytics has published an independent analysis on the current state of security. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.