Q&A: Windows 7 File Extension Hiding

We got plenty of good comments on the previous blog post about Windows 7, including feedback from people who are actually working in the Explorer development team at Microsoft.Many of the comments included questions on the topic, so here's a Q&A:Q: What is this all about?A: It's about Windows, by default, hiding file extensions such as .EXE. Virus writers exploit this by creating malicious files with double-extensions (PICTURE.JPG.EXE). Such a file would typically also use a misleading icon.Q: How long has Windows Explorer been hiding file extensions "For known file types"?A: Since Windows NT.Q: Why do they do it?A: We don't know.Q: Is this a real risk? If user already has such a file on his hard drive, it's too late, right?A: Not really. The file could have come from the Internet, from a file share or a removable drive and the user hasn't necessarily executed it yet.Q: But if the file came from the Internet, Explorer will warn you that it came from an "Untrusted Zone"!A: Only if you use Internet Explorer to browse the web and Outlook to download your e-mail attachments. There are plenty of other ways to download files from the net: 3rd party web and e-mail clients, BitTorrent and (continue reading...)