Earlier this week I allowed malicious software to run on my computer. It came as a well-disguised email attachment. It was abetted by my tablet email that did not show me the full address of the sender, which would have made me instantly suspicious.
The attachment claimed to be text compressed as a zip file. But the WinRAR program did not show the full, very long file name. Again, I’m sure another intended deception. Concealed by the long name was the file extension.
For those who don’t recall Windows 101, file names have two parts: the name and the extension. The latter identifies the type of file, e.g., .doc is MS Word, .wri is WordPad, and .txt is NotePad.
A file can be data or program—or both. This file I’m writing is text as data to be run with a word processor. Soon it will become an HTML file to be run with a browser. When you code, you’re writing data to be executed as a program.
The file extension tells Windows what programs to use for data files. It also tells Windows when the file is itself a program, i.e., an .exe or a .com. That’s not all. Windows also runs .bat and .pif files. And more.
I ran my anti-malware software and did a System Restore to the day before. Didn’t find any problem, but in that blink of an eye who knows. Then I found the offending email and destroyed it.
Here’s the thing. A dozen years ago, .js didn’t exist on my computer. What other, newer languages are being put on our machines to run software we don’t have the first clue about?
There are many ways to run programs in Windows. Double-clicking on icons is the most common. You can also use the Command Prompt. But what if you don’t know what a file is?
How do you know whether Windows wants to run a file as a program or open it as data? You don’t unless you know all the file extensions that cause execution—which may be fatal.
Windows not only let’s the file extension dictate the action, it helps in the deception. How? In Windows Explorer, the default hides the file extension. Often, we see little more than icons.
In Microsoft’s push to simplify Windows, they have made us more vulnerable. Every year we have to work harder to protect ourselves. And we pay for the privilege.