The First Flaw in Windows 7

tiago — Wed, 06 May 2009 20:14:31 +0000

Hold your horses, this isn't a flaw per se. There isn't a massive hole in Windows 7 that allows the execution of malicious code. Instead, there's a legacy feature that has been around ever since Windows 98 (maybe even 95, but that I do not know for sure) that is used by virus writers to fool users into executing their viruses.

The feature I am talking about is the ability to hide the extension for known file types. This comes enabled by default on XP and Vista and it was not addressed in Windows 7. Basically, as Adrian over at ZDNet reports, with this feature enabled, a file with 'double extension' can easily be fooled for its fake extention. For example, a file named Report.txt.exe will automatically have the '.exe' extension hidden, and to the eyes of the less computer-savvy it can easily be mistaken for an innocent Report.txt file. Moreso when the creator of the virus is careful enough to add an innocent notepad icon to the malevolent application.

To be perfectly honest, I agree with Adrian. This is a feature that I disable right after I install Windows. More often than not I find myself having to change the extension of a file, and it's impossible to do so with this feature enabled and without resorting to the command line.

This feature is dangerous and it has been the gateway for many viruses to spread. Adrian also suggests adding some sort of overlay to the icons of executable files that aren't digitally signed - this is an incredibly good idea. Maybe something glarey as the icons of running applications on the new Windows 7 start bar. If properly done, this could be flashey and would cause a good impression on end-users, both visually and safety-wise. Personally, I would remove the feature altogether and leave it off - and please, without the possibility of working around it on the registry - but that's just my two pennies worth of opinion.

Have a good one.

Windows 7 RC out – maybe

tiago — Sun, 19 Apr 2009 11:34:32 +0000

Alright ladies and gentlemen, the announcement is out: the first (and hopefully only) Release Candidate of the newest, mind blowing, operating system from the folks at Redmond is out. Or is it really? There's a Microsoft Partners' page announcing the event and I say that that's as reliable as it gets.

According to said page, the RC should be available right now for MSDN and TechNet subscribers but well... it ain't. The same page also announces that a global (and I guess, public) release will be done on May 5th which is actually pretty close in time.

My guess is that we just sit and wait, and that within the day, this RC will be made available on the MSDN downloads page. Or so I hope.

Finally, this release is more coherent with Ed Bott's speculative timeline over at ZDNet which places the Windows 7 RTM release on late August of 2009. At this point, we just wait and see - being a 7 Beta user, I am happy and borderline ecstatic to get a RC release so soon. Way to go, Microsoft!

Courtesy of Neowin.net

Tiago's Tech Blog » Release Candidate

The First Flaw in Windows 7

Windows 7 RC out – maybe