Is Windows Hiding Your File Extensions?

By Andy Thomas
In this article, Andy Thomas argues that the practice of hiding filename extensions from Windows users is confusing and dangerous. He explains how to disable this feature and, by doing so, how it will help to protect you from certain kinds of security threats.

What are File Extensions?

In Windows, the last few characters after the dot in a filename denotes the file's extension. This designates what kind of file it is and how Windows should open it. If you don't usually see file extensions on your computer, this should come as no surprise, Windows may be hiding them from you — so read on...

File Extension

A File with an Extension as seen in Explorer

The filename "project_essay.doc", for example, has the extension .doc which is commonly used to denote Microsoft Word files. When you double click on it, Windows will know to run MS Word in order to open the file. Extensions typically use 3 characters, but not always.

A different extension, but a very important one, is .exe. This is short for executable, and means that the file is a program which contains instructions to be directly executed by your computer. If you try to open it in Explorer (i.e. by double clicking on it), Windows will actually run the coded instructions it contains. This is fine if it is a program file of a legitimate application on your computer, but if it's a file infected with a virus that you have just downloaded from the Internet, then this is definitely not what you want to happen (it means the virus code has had chance to run and its now busy infecting your computer).

Hidden Extensions

Microsoft has long considered file extensions too technical for most users and has decided that we don't need to know about them. That's why Windows, by default, will hide them from you.

This is condescending nonsense!

File extensions are important; they are an integral part of the filename, and we need to know about them. For example, we would know that the file named "fun_pic.jpg" will be opened by an image viewer program because of the widely used .jpg extension at the end. However, by default, Windows will display the file's name simply as "fun_pic", hiding the extension and denying you instant information about the file's type, or to be more precise, how Windows will try to handle it when the file is opened.

Hiding extensions like this is not only confusing, it's dangerous because it offers an opportunity for virus writers to trick people into thinking files represent harmless images or music, when actually they contain a virus or trojan binary.

Consider the cool music file you have just downloaded and saved to your hard-drive under the name "free_song.mp3". Clearly, from the extension, we can be quite certain that it's a harmless MP3 music file. Right?

Wrong. In reality, if Windows is hiding extensions from you, it could well be an executable file with a double extension at the end. The true filename could, in fact, be "free_song.mp3.exe", but you may never know until it's too late because Windows is hiding the .exe part of the filename. Furthermore, an executable file can show any icon image, so you cannot rely on the file's icon to know what kind of file it really is. Unless you look closely at the file, and view the file's properties, it's easy to be fooled.

To be fair, ever since the Windows XP Service Pack 2, Internet Explorer will give you a warning similar to that below if you try to download an executable file from the Internet. It will also warn you when you try to actually run the file.

Download Warning

Downloading Files Gives a Warning

However, it's all too easy to become insensitized to endless warning messages and blindly click through them (or turn them off). While an important security feature, these warning messages are no substitute to being able to see full filenames, including the file's true extension.

How to Make File Extensions Visible

The simple solution is to disable the hiding of extensions for all files. (I say "all files", because there are exceptions, but more about that below.)

In Windows 7 and Vista, perform the following steps:

  1. Run Explorer, i.e. open Computer (or any file folder window).
  2. Click on Organize from the menu.
  3. Choose Folder and Search Options.
  4. Select the View tab
  5. Under the Advanced settings, uncheck the "Hide file extensions for known file types", and click OK (see the screenshot).
Hide File Extensions Option

Uncheck the "Hide file extensions for known file types" Option

If you're using Windows XP or Windows 2000:

  1. Run Explorer, i.e. open Computer (or any file folder window).
  2. Select Folder Options from the Tools menu.
  3. Select the View tab.
  4. Under the Advanced settings, uncheck the "Hide file extensions for known file types".
  5. Click on the Apply to all folders or Like current folder button and OK to any confirmation message.

Precautions to Take When Downloading

You should be weary of files which have unexpected extensions. For example, if you think you're downloading a movie file, but the filename has an executable extension, such as .exe, this should ring alarm bells and you should cancel the download immediately.

Be particularly suspicious of any file with a double extension, such "free_song.mp3.exe". While there are cases where a double extension may be legitimate, it is more likely to be an attempt to conceal the true type of the file, especially if the real extension is executable.

Unfortunately, .exe is not the only executable extension in Windows. Here is a brief list of some common ones:

  • .bat DOS Batch File
  • .com DOS Command File
  • .exe Windows Executable File
  • .msi Microsoft Installer File
  • .pif Program Information File
  • .shs Scrap Object
  • .vb VBScript File

A more exhaustive list is available from here.

This doesn't mean all files ending with one of these is harmful. If you find a software application you want to download and install, you should expect its setup file to have an .exe or .msi extension because it must be executable in order for it to be installed. However, it goes without saying that you should not download files from sites you do not trust.

A Few Exceptions

Even if you set Windows not to hide file extensions, it will still hide certain ones from you. Such an example is .lnk which is used to denote a shut-cut, or link. If these were to be shown, then all the short-cuts on your desktop will be seen to end with .lnk — a not very aesthetically pleasing result. Hiding this particular extension is arguably acceptable.

However, other extensions which will remain hidden, even if you follow the instructions above, include .pif and .shs, which are executable extensions. This means that the innocent looking file "Hilarious Must See.JPG" may actually turn out to be "Hilarious Must See.JPG.pif" — an executable, and not an image file at all!

The .pif and .shs extensions are, unsurprisingly, popular choices for viruses and it would make sense not to hide these. The process is a little more involved, but you can force Windows to show these extensions by editing the Windows registry.

NeverShowExt in RegEdit

Using RegEdit to Remove "NeverShowExt" for Certain File Types

You should edit the Windows registry directly using the RegEdit application. Follow the instructions below, but take care, as it's possible to corrupt the registry if you get it wrong.

  1. Click on the Windows Start button and click Run
  2. Type "regedit" in the run box and hit Return
  3. Open the HKEY_CLASSES_ROOT sub-tree (called a key), and for each of the keys below, find and delete the "NeverShowExt" registry value — see the screenshot above. Note, the .shs entry may only be present if you have Microsoft Office installed.
  • DOS Shortcut (.pif)
  • [HKEY_CLASSES_ROOT\piffile]
  • Shell Scrap Object (.shs)
  • [HKEY_CLASSES_ROOT\ShellScrap]

Finally, you need to Restart Windows for the changes to take effect.

Copyright © Andy Thomas

Share/Bookmark

For more articles by the same author, visit the Big Angry Blog.
Subscribe: Blog Feed (Atom).