Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Hypothetical design question

From: "Alun Jones" <alun () texis com>
Date: Sun, 01 Feb 2004 19:52:07 +0000
-----Original Message-----
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Michael S Hines
Sent: Friday, January 30, 2004 7:26 AM

The other part of this issue, of course, is that Outlook 
hides the true file
extension..


Being pedantic, while it is obviously Outlook that hides the extension, it
is an Explorer setting that you can make to disable this.  I have yet to see
an MVP that doesn't immediately disable file extension hiding when they
first install a Windows version - if only we could convince MS that it's the
stupidest idea ever. :-)

So, if any of you ever install someone else's Windows, here's the key - open
up Explorer (Win-E will do that), select Tools, Folder Options, the View
tab, and under "Advanced Settings", uncheck "Hide extensions for known file
types".

Never mind disabling username and password in http URLs, MS should focus on
this as one of the major causes of virus execution.  "Hey, it's a .gif file,
it can't have a virus in it... opening viral_load.gif.exe..."

Alun.
~~~~
[MS MVP - Windows SDK / Security]
-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | [EMAIL PROTECTED]
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Previous By Date Next
Previous By Thread Next

Current thread: