File extensions have been around for decades. Basically, they're the the part of the full filename at the end consisting of a period followed by one or more letters, usually three. Windows' file extensions came directly from Microsoft DOS, which had derived them from CP/M, which, according to the Wikipedia article, "Filename extension", had adopted them from Digital Equipment Corporation (DEC) operating systems.
Although they can be used for purely informational purposes, especially in UNIX and Linux, in Windows they're mainly used to identify the type of file and to inform Windows which application to run when that file's icon is double-clicked; eg, Word for a .DOC, Excel for a .XLS, Notepad for a .TXT. One of the things that can happen when you install new software on your computer is that it will change the associations of some of your file extensions so that it is now the application that will run.
To view and change which applications are associated with which extensions:
- Run Windows Explorer.
- In the menu bar, click on Tools, then Folder Options.
- In the dialog box that opens, click the File Types tab.
- Scroll down the list to the extension you're interested in, then click on it to see what application is associated with it. You can also edit the list from here.
In addition to those file associations, there is a set of special file extensions that tells Windows that this is an executable file. That means that when you double-click a file with one of these extensions, Windows will run it. These special extensions include, but are not restricted to: BAS, BAT, CMD, COM, EXE, JS, LNK, PIF, VB. In addition, several document files, especially those used by Microsoft Office, can have executable code embedded in them as macros.
Normally and customarily, the display of any filename would include its extension. Then somewhere around Windows 95, Microsoft introduced the option to hide a file's extension. Furthermore, Microsoft decided that this option to hide the extensions should be the default setting. The idea was apparently that the file type would be identified by the file's icon, though I remember the mass confusion that caused in a Java class where nobody knew which icon was for a .java file and which was for a .class file.
In order to view this option and change it, the procedure starts out like viewing the extension associations, but you click on a different tab:
- Run Windows Explorer.
- In the menu bar, click on Tools, then Folder Options.
- In the dialog box that opens, click the View tab.
- Scroll down the Advanced Settings list to about the 12th line, which should read "Hide extensions for known file types". According to my notes, in Windows 95/98 it read "Hide MSDOS file extensions that are registered".
- If the checkbox on that line is checked, then file extensions will be hidden. If it is not checked, then file extensions will be displayed.
- After having changed that option, put it into effect by clicking the Apply button, then clicking the Apply to All Folders button at the top of the dialog.
So why does this option present such a problem? Why should it matter whether or not the file extensions are hidden? Including the extensions of executable files.
... Wait a minute ...
The first of The Ten Immutable Laws of Security tells us: "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore".
Ironically, I just linked you to a Microsoft page. It's ironic, because this extension-hiding option that Microsoft has so bone-headedly decided to make the default setting is precisely the gaping security hole that hackers have for so many years exploited so successfully in order to fool you into running their malicious programs on your computer.
As described in that Wikipedia "Filename extension" article's section, Security issues:The default behavior of Windows Explorer, the Microsoft file browser, is for file extensions not to be shown. Malicious users have tried to spread computer viruses and computer worms by using file names formed like LOVE-LETTER-FOR-YOU.TXT.vbs. The hope is that this will appear as LOVE-LETTER-FOR-YOU.TXT, a harmless text file, without alerting the user to the fact that it is a harmful computer program, in this case written in VBScript.
That is why it's such a big deal. Google'ing on "Hide extensions for known file types" I get 82,300 hits, most of them warning against this security hole or people asking how to get their computer to start displaying file extensions again. We need to be able to see our files' extensions and the last thing we could possibly need would be for that vital information to be hidden from us -- unless we choose to be blinded, in which case we should be the ones making that choice, not the idiots at Microsoft.
I met a Microsoft OS developer on-line in a non-programming forum discussion where he was boasting about how great the soon-to-be-released Vista OS was going to be and we'd all want to rush out and buy it on the first day. So I asked him if it still made the same bone-headed mistake that Microsoft's been making for more than a decade of hiding file extensions by default. He said that it did and he actually tried to defend that choice. He said that most Windows users were too stupid to know how to use file extensions. Really, I'm not making this up. The only good point he made was that if file extensions are displayed in Windows Explorer, then when a user would rename a file there would be a chance of accidentally changing the extension, thus destroying that file's association with an application -- he then described a new feature of Vista in which the default highlighting of a filename to be changed will automatically exclude the extension.
When we got our first Windows 95 machine, it took me a while to discover this problem, mainly because I very rarely used Windows Explorer at first, prefering the DOS windows and the individual applications. One day, I received an email with an attached file, something like "camping.zip". I didn't recognize the sender, but since I was active in Scouting at the time I assumed that it might be legitimate. Fortunately for me, I almost never double-click files, but rather I start up the application and open the file from there. So I saved the attached file, opened WinZIP, and tried to open that "ZIP" file. I just got an error message that it failed because the file wasn't a valid archive file. Huh? So I CD'd my DOS window to that directory and did a DIR and saw that the file's name was "camping.zip.pif". It was an executable! If I had double-clicked on that attachment as most people would have, then my computer would have been infected. Fortunately for me, I'm an incorrigible curmudgeon who refuses to pretend that he's using a Mac.
Around the same time, I got a second file, "something.doc", which I approached the same way and discovered that it was actually "something.doc.pif". It was at that time that I noticed that none of the file extensions were showing up in Windows Explorer. So I either Yahoo'd (that was before Google) or posted the question in a forum and that is how I learned of that pernicious option and how to turn the damned thing off. I suspect, though, that most people had to learn about it the hard way, by getting their computer infected.
Thank you very much, Brother Bill. May we have another one please?
(homage to Kevin Bacon's first spoken line in the movies, the frat initiation paddling scene in "Animal House")
The solution is simple: turn that damned option off!
Though I encountered a further problem, one which I think is isolated to Windows 95. Every once in a while, that option would turn itself back on. I think that Microsoft had made Windows 95 more "helpful" by having it automatically return settings to where it thought they should be, not to where you wanted them. We encountered something similar when our command was required to use an Internet suite that had been designed for Windows 3.11. When we started getting Windows 95 machines, we found that we could still use that software if we replaced the 32-bit winsock DLL file with the old 16-bit DLL. But then every once in a while Windows 95 would notice the old DLL and "do us a favor" by replacing it with the 32-bit DLL, which caused our software to stop working. And for some reason it seemed to always decide to do this to the admiral's computer. Thank you very much, Brother Bill, ... .
So after you have changed that option, keep an eye open for Windows switching it back on. It's been a long time since I've seen Windows do that, but you know that the moment we turn our backs, ... .
This page offers graphic and detailed instructions that apply to different versions of Windows.
And I've found in my notes the following advice, though I forget the source:Unfortunately, Windows is a little more complicated than that. Even if "hide file extensions for known file types" is disabled, there are still several file types that do not reveal their extensions - .pif is one of them. Also, .lnk, .shs, and .url, among others.
To show these extensions, search in the registry for "NeverShowExt". Delete the value from whichever file types you want shown and reboot the system.
Edit your registry at your own risk. I disclaim any responsibility if you take this guy's advice.
Return to Top of Page
Return to My Programming Home Page
Share and enjoy!
First uploaded on 2007 October 10.
Updated 2011 July 18