Windows 7, the much-awaited replacement for Microsoft's ill-fated Vista operating system, still includes a legacy flaw that can put users at risk, says a security specialist.
Mikko Hypponen, research boss for computer security experts F-Secure says that an exploit from earlier Windows versions still exists in the release candidate for the next-generation Microsoft OS.
Hypponen wrote in his blog that the flaw, which existed in Windows NT, 2000, XP and Vista, allowed cyberbrooks to exploit a Windows Explorer issue to hide viruses and executable files from users.
The 'Hide extensions for known file types' feature, which could be used to disguise malware nasties, still exists in the new OS.
"Virus writers used this "feature" to make people mistake executables for stuff such as document files," he wrote.
"The trick was to rename VIRUS.EXE to VIRUS.TXT.EXE or VIRUS.JPG.EXE, and Windows would hide the .EXE part of the filename.
"Additionally, virus writers would change the icon inside the executable to look like the icon of a text file or an image, and everybody would be fooled."
Images on his blog, which was written when the near-final Windows 7 Release Candidate went public, show a 176k executable (.exe) file renamed 'horrible_malware_text'. Windows Explorer did not render the file as an exe, but as a plain text file.
The Release Candidate - which is in the final stages of testing and has not yet had a firm release date announced - is available for download from Microsoft's Windows 7 site.
This story originally appeared in the New Zealand Herald
Comments
Share your thoughts and debate the big issues
Please be respectful when making a comment and adhere to our Community Guidelines.
You can find our Community Guidelines in full here.
Please be respectful when making a comment and adhere to our Community Guidelines.
You can find our Community Guidelines in full here.
Follow comments
Vote
Report Comment
Subscribe to Independent Premium to debate the big issues
Want to discuss real-world problems, be involved in the most engaging discussions and hear from the journalists? Start your Independent Premium subscription today.
Already registered? Log inReport Comment
Delete Comment
About The Independent commenting
Independent Premium Comments can be posted by members of our membership scheme, Independent Premium. It allows our most engaged readers to debate the big issues, share their own experiences, discuss real-world solutions, and more. Our journalists will try to respond by joining the threads when they can to create a true meeting of independent Premium. The most insightful comments on all subjects will be published daily in dedicated articles. You can also choose to be emailed when someone replies to your comment.
The existing Open Comments threads will continue to exist for those who do not subscribe to Independent Premium. Due to the sheer scale of this comment community, we are not able to give each post the same level of attention, but we have preserved this area in the interests of open debate. Please continue to respect all commenters and create constructive debates.