By Billy Gates way of thinking, that would be too confusing to the average granny computer user. Better to infect than educate grandma.

@@Shermanbay fr ? Bruh well rip credit card info for the x grandmas not having file extensions

@@Shermanbay yeah because a couple more letters a the end of a file name will blow your nana's mind

Lol

@@TollyH i agree

Yup. social engineering is a big part. A victim falls always due to some sort of manipulation, it's not the victim's fault if it was tricked to do that.

Not all computer users are elderly or the mentally disabled.

Stress is a bit one, even the most tech savvy of us can potentially do something stupid when stressed out. Most computer users are even worst off as they don't understand things the way we do. Most people think like a technician, they follow instructions and don't ask or care how anything works (different priorities). Others think like an Engineer always questioning why things are the way they are, always skeptical. (To be fair/clear when I say they think like technicians I'm talking about the average technician in my experience that really doesn't understand jack squat). Even if you don't have an Engineering mindset you can still protect yourself by educating yourself on what to look out for which is why videos like this one are so important and even if you do have an Engineering mindset there could be things you would normally overlook because you've done similar stuff enough times that you've stopped thinking about it.

Yep I agree Actually if a person doesn't even know what a virus is or how it works, nor how a virus could worm your way to your PC. Then it's a pretty easy way to get infected. And it doesn't matter if you're smart or not it's gonna get you So cyber security knowledge is key too(although nowadays this is 'common sense')

It's just easy to not trust anyone. That's why it's just stupid to fall for stuff like this

You technically can show them for shortcuts but you have to do it via the registry

@@ThioJoe very odd behavior. this is why I use Linux xd. in any case it's good to keep this in mind if I ever get a windows gaming box or something

@@ThioJoe how??

@@hostgrady Could also be done on Linux. .tar files can store symlinks and file modes. Only thing that helps is if your shell prompts if you want to execute a file or open it.

@@bernardonegri5416 what are you referring to?

yeah, not exactly relevant but i HATE this about windows. there's no such thing as a "Firefox HTML Document" or "VLC Media File" (that one is especially bad because it registers about 900 extensions by default that are rarely actually media files, probably most notably .bin). part of that is due to windows not having magic-based file type detection like XDG desktop environments have. and I can't believe they haven't removed "hide file extensions" or at the very least turned it off by default at this point due to how much it easily it can be used to mask malware

@Watcher ok but how do you actually enable that "*NIX" thingy

Sherman, what are ye on about? The type column uses the extension to get the description of the file type. It's not misleading because it tells you exactly what the extension *would normally open with*. The extension itself is misleading, if the file is of another type than what you see it's ended in. And even if that is the case, so what? If the file is an actual malicious exe but ending in .pdf, no big deal. No pdf reader will interpret it and just spit out an error. If the file is apparently an innocent pdf but ends in .exe, the type column will still list it as "Application" because that's the extension. Does the file's icon confuse you? You can maliciously give apps any icon, even the one of a pdf file. And THAT is the reason why you should always enable file extensions, and no reason why you have to disable the type column. It's not the OS' job to check if "this is a good association or even a valid one". There are thousands of file types, and it doesn't fall on Windows to know and verify their headers... That would ruin drive lifespans if you think about it. Also, keep your OS and virus definitions updated.

@Watcher NOT relying on the file extension to select the program is more dangerous. Imagine clicking on "photo.jpg" but it's actually an executable.

@@ailivac also .ts files, which I'd assume are 99% of the time TypeScript source files and not videos

Just like .omg 😱

same way scammers have used ".scr" as "screenshot" instead of screensaver (renamed exe)

I'm sure whoever came up with the .IMG format just thought they were being clever calling a disk image an IMG. If memory serves IMGs were generally used for floppy disk though I think they can be used for other disk formats as well (pretty sure I've seen them used by some PS1 emulators back in the day).

@@grn1 yeah but ps1 img files are disk images, they're just the games files on the file but yeah true

Okay yeah, but you have to be pretty dum dum to see the icon and realize it doesn't look like any thumbnail or image icon you have ever seen before. And if someone is indeed that unknowledgeable about computers, then they can be exploited in any number of ways anyway.

No, that's false. Linux does require file extensions for most user space programs to work. For example, clang and gcc need specific extensions for files that you want to compile. The difference is that the kernel knows the file by reading its contents, not the extension, but that doesn't mean extensions are unnecessary.

There's still an element of trust even with extensions visible. In that the file is what the extension says it is. That's why antivirus and malware scanners look over the file thoroughly. Trust but verify as the saying goes.

@@brodriguez11000 Incorrect. The extension says nothing about the file's contents. It's just magic that Windows trusts for some reason. There was that one file distributed as a meme that was a .png but also a .mp3 in one.

This seems like it would be an easy fix for Microsoft: *Warning* The shortcut you tried to open will execute a Windows command, which is often used by malware to bypass Windows' security and harm your system. Are you sure you want to open this shortcut? □ Don't show again for this file [Yes] [No]

@@Pasu4 Your design is actually pretty bad. You should not have "Yes" shown by default on such a screen. Do it like SmartScreen where you have to click extra to see the "Run Anyway" button. So it takes two more clicks instead of one to execute.

You mean that ROOT has power? Go figure.

@@Lovuschka I agree, but Windows has basically the same options (Run / Cancel) when you try to run a .exe from the internet. But of course this wouldn't be a problem in the first place if SmartScreen caught programs opened from cmd / Powershell by automated scripts / files from the internet.

Welp that's fatal

So it's grandma's fault, not Microsoft's, when she falls for this? When it is MSFT who is leaving the door open?

@@Sam_Saraguy Are you kidding the Young whipper snappers who think they know what's going on are most likely to fall for this trick cause they think they're too smart.

Just click the links

@@Reth_Hard Let me guess when you was a little kid you would always get into the Van's for candy. 😂🤣😂🤣

companies*

Yeah. a very good way is that ANY file that has come from internet shows a warning specially if it is a link or it wants to execute any program or command line program... that's why anyone should never use admin account as main account.

That will break so much javascript. Mostly the pointers used in ads and older websites. The way the newer HTML is written it is parsed in a different way but the older ones will be broken if you do that.

Better idea why the hell does windows auto mount disk images when double clicking them? Especially from an archive.

But they already do that for files downloaded from the web

@@kim-hendrikmerk4163 it doesn't? You need WinCDEmu for that?

Linux best 👍

even .docx files

@@Sol4rOnYt Especially .docx files, since they can run code through VBA macros, but many other file types do as well.

.txt

Aka the Mac philosophy, but those take it to 120%.

It already does, i bought a new computer, i installed windows 10 and when i logged in with my Microsoft account the show file extensions option along with many other settings were synced up from my old laptop to my new computer

Yeah

It would make sense to never, ever hide information such as file extensions. But they live in this fantasy world where hiding things makes them "simpler" and somehow that is more important than actual functionality.

Why would I need administrator access to mount an iso? The image doesn't necessarily do anything that would need higher privileges.

I have set User Account Control Center (UAC) to highest level - Notify always when apps try to make changes on my comp..and when i make changes to my computer...too. It is good to set for those who visit unfamiliar untrusted sites , install new apps a lot. If it set to level 4 .. when you double click .iso it will ask show pop up dialog box with security warning.

@@dconnectzone Seems like a good idea, but appears complicated, because you have to set some number of flags (up to 10?) under group policy. The function of each of those flags is not all that clear, at least to me, so I have no idea how to set an effective but not crippling group policy on my Win 10 machine. Or I would do it. I've used group policy to block Win 10 feature updates for 90 days, and this seems much more critical.

The security model for both Unix-like and Windows is "allow it unless it interferes with other users". Administrator access is meant so a user is able to do things that affect other users, it is not meant as a "you want to be careful around this", even if users think that. What do you mean "do nasty things"? Again, without Administrator access, you can do anything as long as it does not affect other users. Also, the reason Linux won't mount ISOs as a normal user is purely technical, because the Linux devs don't think they can protect themselves against a malicious disk image.

@@Sam_Saraguy I'm on window 11 by the way and if you type UAC in taskbar search it will bring UAC dialog box and yea it has 4 level the highest. Windows provides so many tools to be better protect but these tools are complex and not ideal for us like user. Windows 11 does have a bit higher security in mind.

Nah, this will be annoying and it won't help people, .lnk is more sus, than exe, +if you would click a random lnk, you would 99% click an exe

No, .lnk instead of the extension of what it runs. You'd get more confusion about "why is this exe not actually an executable" from more tech-savvy users.

A tricky filename is a good one. Beware.

@@arairon Maybe .Ink.exe Exe is the actual extension that it'll lead to and Ink is just an fyi

@@polygontower It cannot be in the file name/extension, that would be annoying and misleading

@@repachino did this video not make a case for that?

@@repachino Always showing file extensions means malicious files are easier to identify just by looking at actual extension and not just truncated file name. E.g., you have a malicious file a.doc.exe. Without this option it looks like a.doc file which for inexperienced person may mean a Word file, but it's actually an executable, as evidenced by otherwise hidden .exe part.

2600: The Hacker Quarterly started in 1984 covers how creative black and white hackers are.

It should be very easy for scammers to set up their own email domain.

If you are getting someone to click a link, you can get the file to do anything, it doesnt open office at all. You can install a virus or root kit, malware, a key press sniffer, a mass delete of files or anything a program could do.

Yeah, it seems like they should have learned at this point. Probably the new generation didn't learn the basic things that older tech people know. Either way, Microsoft should have plugged these holes by now. I can't believe we are still dealing with the problems that plagued windows back in the early 2000s.

that's actually useful, but sometimes windows will reset these tings with a windows version upgrade or patch fix. you can make it a reg file and run it weekly so it wont get reset.

The problem is you may not know it is a shortcut if you don't look too closely at the icon, especially since it could 'fake' a harmless file extension like txt.

@@Pasu4 and if your able to change the icon of such a shortcut

@@daneo617 Well there is a little arrow in the corner of every shortcut I don't think you can get rid of, so one could see that as a kind of 'safe guard'. Problem is if it displays the icon very small, the user might not notice the arrow or even look at the icon in time. I usually look at the file extension to figure out what kind of file it is.

@@Pasu4 I use them a lot Shortcuts but to the average person your probably right it's just getting too easy for these scammers 🤷🏻‍♂️