Quote:
Originally Posted by twowheels
Actually, relying on file extensions was always a bad idea and can be a security risk.
|
Especially with MS stupid idea of hiding the last part after the last dot (period). A file extension might be poor to decide which program to run, but it's not an inherent security risk. MS decisions like autorun, autoplay, hiding file extensions, the default services running (esp uPnP and Server and Remote Desktop), Macro on by default in MS Office, the way most versions of Outlook worked, the way dcom works, zero security of Win9x, treating archives as folders, USB HID silent installs, having to login in as administrator on Win NT 3.51, NT 4.0, Win2K, XP, Vista etc because an idiot wrote the win32 program and only tested on Win9x and skipped reading the bits on NT security.
The "not having file endings" on downloads but a script (for server) is nothing to do with security, less secure and about tracking.·