With the Windows 7 release code out there and available for download right now, and free to use until 2010 for good measure, the last thing Microsoft will want to hear is bad news about potential security risks for users of the new flagship OS. But that's exactly what researchers over at security outfit F-Secure is delivering.
The Helsinki-based F-Secure reckons that a well known and long-lambasted problem that has existed in Windows NT, Windows 2000, Windows XP and Vista has not been fixed. That problem is Explorer hiding extensions for known file types. F-Secure claims that virus writers have long used this feature in order to trick people into thinking executables are simple document files and the like. Double naming virus.exe to virus.txt.exe would result in Windows hiding the .exe part and leaving the unsuspecting user seeing what looks like a .txt file instead of the actual executable, aided and abetted by the bad guys changing the icon inside the executable to seal the deal.
F-Secure tried the age old trick using Windows 7 and, oh dear, you can probably guess the rest.
"Bottom line: We still fail to see why Windows insists on hiding the last extension in the filename. It's just misleading" says F-Secure.
Microsoft has admitted messing up with Windows 7 security in the past, but the chances of it doing the same with this potential risk are pretty slim I would imagine. After all, it has had many years to correct the error and decided not to, so why change now?