Just One of The Reasons Windows is So Dangerous.

I was reminded recently of one of the obscure reasons that Windows can so often be a dangerous operating system in a world where the bad guys are so frequent.

The latest reminder came from a number of colleagues who received an email claiming to be from Royal Mail, regarding a lost or misdirected parcel. The email had an attachment which was zipped. Unzipping the file produced a file with the ‘extension’ to its name of .pdf.exe.

And in this simple fact lies the danger. Windows uses file extensions in a number of ways. For a start, it uses the file extension to choose what type of icon to use. But it also uses the file extension to choose what to do if the file is ‘opened’. In the case of the rogue email, Windows glibly uses the pdf file type icon. To most users this is a familiar file type and is often safe, and they may feel ready to click on the file. But at this point the system will use the second part of the extension to select what to do with the file, in this case running the rogue program.

Fortunately most users are already running an anti-virus program and the bad guys have been thwarted.

This time!


3 thoughts on “Just One of The Reasons Windows is So Dangerous.

    • Hi Eddie,
      Your point is valid, but it feels to me like it would undermine the usefulness of email if I needed to be able to validate the sender of every single email I receive before I open it. My work is largely email based (at least the initial contact is, subsequent contact is often face to face or by phone), and while the pool of users I need to be in touch with is finite, it is still large, and quite widely distributed.
      I would prefer to educate users to think briefly before they click a link. I was really just commenting on how Windows in particular makes this particular type of viral transmission easier than it would otherwise be…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s