Handling downloaded files
Saturday, June 28th, 2008Windows makes it difficult to distinguish between data files and applications, and the same actions that open files (such as double-clicking) are also used for launching applications. A music file and a malicious application can look identical on common Windows setups. If you download files, whether through the Web, e-mail, or a peer-to-peer application, you should learn how to distinguish file types.
One way to determine the types of files is to use the “Details” view, which includes a column showing an English description of the file type — “Application”, “Text document”, and so on. To use this view, select “Details” from the “View” menu in Windows Explorer.
Another way to determine the type of a file is to look at the file’s extension. This method requires memorizing dozens of three-letter sequences, and has some other drawbacks, so I don’t recommend it. See this page about file extensions if you’re interested in using this method, or if you want to know why I don’t recommend it.
If you download 20 video clips from 10 porn sites, you’re unfortunately expected to check the type of each one before double-clicking on it. Hopefully, future versions of Firefox will do this for you (bug 249951).
Note that you cannot rely on a file’s icon to determine whether it is a program or a data file, because a program can have any icon in Windows. An attacker might choose a common “video file” icon as the icon for the program disguised as a data file.
When in doubt, drag the file to the correct application — for example, run Winamp, then drag the supposed audio file to Winamp. Alternatively, right-click the file and select a specific action, such as “Edit in Wordpad” or “Play in Winamp”. Beware of the verb “Open”, which can refer both to opening a document and launching an application.
By the way, any software you use to handle data from the web should be kept up-to-date. For example, if you download MP3s and play them in Winamp, be sure to keep Winamp up-to-date.