The main issue I have with file extensions is basicly caused by Windows handling of them.
For example, if you have a file named dangerous.exe and rename it puddin.jpg then for all Windows knows it's a simple little jpeg file and will treat it as such.
change a name from puddin.jpg to puddin.jpg.exe and you have a nice social engineering attack on unsuspecting windows users.
Of course it's very simple to say "don't double click on exe files from unknown sources and have the OS show file extensions at all times", but what about com? or cmd? or...
Any of the following extensions will possibly allow executable code to be run on your system when you double click on them:
ade, adp, bas, bat, cpl, crt, dll, do*, hlp, hta, inf, ins, isp, jsp, js, jse, lnk, mdb, mde, msc, msi, msp, ,mst, pcd, pif, reg, scr, sct, shs, shb, url, vb, vbe, vbs, wsc, wsf, wsh...
And that's not even a full list of extensions, you personally, need to look out for.
Windows XP SP2 solved this problem to a certain extent by keeping track of files in relation to various security 'Zones' buy storing metadata about the places you obtained the files in NTFS's alternative data streams for the various files. (of course this complex feature has been the source of numerious advisories and patches since SP2 has been released like this
one)
Then there are work arounds even for that. Patches certainly help, (and are required irregardless of what OS your using). If your in a corporate enviroment and have a active directory system setup you can go thru the error prone and complex procceedure of systematicly setting pre-aproved execuatable software. You can use ACLs, but that is complex and error-prone itself.
Linux on the other hand has a executable bit in it's permissions model. If it's on, then the files is executable, if it's off, then it's not. Downloaded files are never set to execute, unless they are first extracted from a archive.. and that's never done automaticly either.
There are further UI improvements, also. Like how nautilus will identify mislabled files as such when you try to open them. Also it will not automaticly execute files with misleading names, even if they are set to be executable.
So you see if I take a shell script, and name it .jpg, it won't execute from my file manager even if it's set to be executable..
so Linux can and does pay attention time to time about the file extension. In order for the file to be run I either have to name it something nautilus likes or run it from a command line.
Windows does to mime detection to a certain extent. But only realy impliments it in Internet Explorer when your browsing.
Maybe for Longhorn this situation will improve. Something to look forward to with the next OS, I guess.
Of course for Linux it's not perfect either, but it's nice enough I use it. Also I get snazzy pre-view images for jpegs and such that are automaticly generated. Also I can get thumnails of audio for audio files and it will extract a frame or two from video files for their icons, too. Of course this depends all on what file manager your using, the newness of the distro, and other things like that.
For more information on mime types there is a set of standardized rules by the IANA that keep track of mime types and how to use contents (and yes occasionally file extensions) to determine as accurately as possible the actual file type.
You can find the standards
here
and here
Realy Microsoft knows all this. The file extension is a legacy thing left over from DOS days. They never changed it becuase it's what people are used to and MS works very hard to keep familar interfaces and concepts from OS to OS.
Facebook
Twitter