Topic: Windows 7 Retains Windows Explorer Security Risk

[georgecloner]

Windows 7 RC is now available, but Microsoft's new operating system could use a bit more tinkering to improve security.

Mikko H. Hypponen, chief research officer at F-Secure, points out that Windows 7 retains a feature in Windows Explorer, the operating system's file management application, that has allowed attackers to deceive Windows users since the Windows NT era.

Specifically, Windows Explorer provides a way to hide a file's extension. Virus writers use this feature to disguise executable files as something more innocuous, such as text files, Hypponen explains in a blog post.

By also changing the appearance of a malicious executable's icon, malware authors have a much easier time convincing users to run malicious software using social engineering techniques.

Such an oversight might be less noteworthy were Microsoft not pushing its End-to-End Trust vision to enhance computer security. Last year at the 2008 RSA Conference, Microsoft chief research and strategy officer Craig Mundie said that it was "important that we give people the tools to empower them to make good trust choices."

Having accurate information about the nature of the files on one's computer could be said to be equally important.

At the same time, Microsoft deserves some credit for hardening Windows 7 against another attack vector, the automatic execution of files stored on removable media. Last month, Microsoft said that it had changed Windows AutoPlay so that it would no longer automatically run applications on external devices other than CD/DVD players. This will help prevent the propagation of malware like the Conficker worm through USB thumb drives.

TECHWEB