Mar 27, 2007

[Security] What were you thinking, Microsoft?

By default, Windows does not display the extension names of common file types. This was OK until someone sleazy took advantage of that oversight and used that as a social engineering tool.

The I Love You virus (VBS_LOVELETTER) is such a simple worm, very small since it is only a script. Yet it had caused much damage, and put the Philippines in the malware map. All because it appeared as a text file and its name made a lot of people curious. All because Windows hid the extension name. All because Microsoft thought VBScript files were common.

Microsoft Vista was supposed to be a secure OS, but it seems Microsoft has not learned its lessons (or it is being stubborn). In its weblog, F-Secure laments the fact that Vista by default does not display the file extension names. I ask the same question that the post author posited: "What were they thinking?"

No comments:

Post a Comment