computerwriter.com

Getting Windows to display file extensions could save you from virus attacks like "I Love You." New Virus Threat. Silly Season (virus hoaxes and other dumbness).

Toronto Star Fast Forward column for July 20, 2000

Copyright ©, Myles White, 2000. All rights reserved

Just when you thought you'd figured out how to avoid being caught by another "I Love You" worm, PC Magazine's Bill Machrone, writing in his column in the July 2000 edition, brings an alert of another threat. 

To understand how this one works, we first need to review one of what I consider to be the dumber things Microsoft did with the Windows 9x series of operating systems. By default, in an attempt to shield users from the icky underlying mechanics of the system, Windows hides the file extensions — the three or more letters that follow the "." (period) in a filename — of what it calls "known" file types. 

"Known" in this context means any application that has placed a reserve on certain extensions in the Windows Registry, allowing among other things, for you to click on a file's name to launch the application that created it. 

WordPerfect's default file extension is .WPD. Microsoft Word uses .DOC; Excel uses .XLS. And so it goes. 

Other generic file types, such as graphic and music files, have their own particular extensions (.GIF, .JPG, .MP3, and so on), but applications can claim those as their own so that, for example, clicking on a file with a .JPG extension automatically launches Adobe Photoshop or Microsoft PhotoDraw. 

Some people, starved for attention or just overwhelmingly curious, clicked on the "I Love You" Visual Basic (VB) Script file believing it to be an innocuous text file because they'd left the Windows default setting to hide known file types intact. Instead of seeing the file listed as Iloveyou.txt.vbs, they saw only Iloveyou.txt. Gotcha! 

Aside from never, ever opening unsolicited attachments to e-mail messages, one of the better security measures you can take is to reverse this default setting to hide file types by doing the following:

• Open the Windows Explorer file manager. 
• From the top menu line, select Tools, Folder Options. 
• In the Folder Options dialogue box, select the View tab. 
• At the top of the choices, under Files and Folders, look just below Hidden Files. The first box, labelled "Hide file extensions for known file types" will have a checkmark in it. 
• Click the box to remove the checkmark. 
• While you're here, you may as well also look up one line, under Hidden Files, and click on Show all files. This will come in handy later.

Okay, now that you've done this, most file types will display wherever you need or want to see a filename, and you'll get some clues about the nature of the next VBScript-based worm some drip sends your way.

But we're not done yet. 

There are some other files that may be in your system, or that may be sent to you, that don't display file extensions, even if you tell it to show all file extensions, and their default icons may lead you to believe they're also safe. 

This is a little complicated to explain, but here goes. Ever since Windows 3.x, Microsoft has provided a tool called Object Linking and Embedding (OLE, pronounced Olay). Its primary purpose is to allow you to embed the output of one application into another in a seamless way that allows you to keep the data in the embedded object "live" while also giving you the ability to edit the object without leaving the base application. 

Examples include embedding an Excel spreadsheet into a Word document, or a CorelDraw graphic into a spreadsheet. 

What some enterprising idiots have discovered is that they can embed executable programs as objects into document files so that when the document is opened, the program will run. Note that this isn't the same as using an application's automation language to create what have become known as "Macro" viruses. And to make matters worse, the file extensions for the results are set up in the Windows Registry under keys that say NeverShowExt. 

The files are for what are known as "Shell Scrap Objects" (or simply Scrap Objects) and, to provide a crude definition, they're created to allow you to transport a file containing an embedded object so that the object goes along for the ride. 

The two possible file types created this way will have the extensions .SHS and/or .SHB. You can read more about these, as well as detailed instructions on how to fix the security problem by editing the Windows Registry at www.pc-help.org/security/scrap.htm (and note that there is a dash (-) between "pc" and "help"). I'm not providing the details here on the assumption that anyone who is vulnerable, because they have e-mail and may get a nasty package that way, also has an Internet account and browser to look it up. If you don't this isn't a problem for you.

Silly Season

Based on a couple of bogus virus warnings and other hoaxes I've received recently, it's silly season again. I sympathize with novice Web/e-mail users who want to warn their friends about potential threats, but there is a whole class of hoax warnings that have been circulating on the Net for years with the sole purpose of making such good Samaritans look foolish. 

Before you pass along any warnings you get from other friends, look at some of the clues, such as a long, long, long list of people from whom the message has already been sent. If you're still not sure of the authenticity of a warning, then the next thing you do is to check some of the Web sites below:

Virus Hoaxes

• CIAC Internet Hoaxes: http://ciac.llni.gov/ciac/CIACHoaxes.html (Remember, Net.Names are case-sensitive)
• Computer Virus Myths: http://kumite.com/myths 
• F-Secure Hoax Warnings: www.datafellows.com/news/hoax 
• IBM "AlertFrame" Hoaxes: http://www.av.ibm.com/AlertFrame/alertframe.html 
• McAfee Virus Information Library, Virus Hoaxes: http://vil.mcafee.com/hoax.asp 
• Siller Research Virus Hoax News: http://www.stiller.com/hoaxes.htm 
• Symantec Anti-Virus Center (SARC): www.symantec.come/avcenter/hoax.html 

Real Virus Warnings

• AVP Virus Encyclopedia: www.avp.ch/avpve 
• F-Secure Virus Info Center: www.datafellows.com/virus-info 
• Network Associates Virus Library: http:/vil.nai.com/villib/alpha.asp
• Symantec Anti-Virus Center (SARC): www.symantec.come/avcenter/index.html 

Urban Legends and Chain Letters

Last, but not least, there are the hoaxes that fall into the Urban Legend category (Microsoft paying for sending e-mail messages via Outlook Express, an over-bright full moon causing blindness if you look at it without protection, and so on). These, too, have their own sites you check.

• AFU and Urban Legends Archive: www.urbanlegends.com 
• CIAC Internet Chain Letters: http://ciac.llni.gov/ciac/CIACChainLetters.html (Remember, case sensitivity rules)
• Urban Legends Reference Pages: www.snopes.com 

Back to top