Windows 10 free updates are still a thing, but the cost for users has been very high in recent months. And now users need to know about another fundamental vulnerability, one which Microsoft enables on all Windows 10 PCs by default.
In a new write-up, the ever-excellent BleepingComputer reveals that every Windows 10 computer is vulnerable to a serious (and widespread) system hack unless they change the default settings for viewing files.
03/01 Update: another Windows 10 update, another problem. Windows Latest reports that KB4535996, released on February 27 to fix Windows search and printing bugs, is causing a host of errors, ranging from a harmless failure to install, to serious system crashes and boot failures. The good news is the update is currently optional, so you can avoid it for now but it remains to be seen when/if Microsoft will push it to its massive Windows 10 user base. On the official KB4535996 page, Microsoft says it “is not currently aware of any issues with this update” so it is unclear if the company is unaware of the problems or choosing to ignore them in the hope the problems don’t become more widespread. If you have installed KB4535996 and run into problems, you can uninstall it with the following steps:
- In Windows Desktop Search type ‘update history’ then click ‘View your Update history’
- Select ‘Uninstall Updates’
- On the Installed Updates dialog window, find and select KB4524244, click the Uninstall button
“Microsoft hides file extensions in Windows by default even though it’s a security risk that is commonly abused by phishing emails and malware distributors to trick people into opening malicious files,” the site warns.
File extensions are the letters shown after a file name. BleepingComputer uses the example report.txt and “txt” is the file extension. You will be familiar with many common file extensions such as .doc (Word documents), .pdf (Adobe documents), .mov (QuickTime media files) and, perhaps most famously, .mp3 (music files). And yet it is likely you can’t name many modern types now because, yes, Microsoft now hides them by default to simplify the end user experience. And that’s dangerous.
As BleepingComputer explains: hackers will send malware files to users via spam, trick browser downloads and more and they often look like innocent files thanks to Windows 10 hiding their extension. Hackers do this by giving their malware an innocent name and the icon of a legitimate program, for example, malware could be called “Scan_002_01” and use the Adobe Reader icon (the Windows 10 zip file icon is popular too). But if you could see the file extension, it would reveal this is not a .pdf file but a .exe (executable) file which, when opened, will install malware on your computer which opens it up to multiple attacks, such as remote control of your system and ransomware.
How To Protect Yourself In Windows 10
To avoid being such an easy target, BleepingComputer points out that you need to change Windows 10 settings to enable the ability to view file extensions by default. Do the following:
- Windows 10 Start Menu > type ‘Folder Options’ > open ‘File Explorer Options’
- Click ‘View tab’ > Advanced settings > Uncheck “Hide extensions for known file types”
- Click ‘Apply’ > Click ‘Ok’
Yes, it’s a simple fix for a serious problem and advanced users are likely to do this as a matter of course. The problem is Windows 10 is now on over 900M devices so millions of users won’t have. Consequently, while I can understand Microsoft’s desire not to confuse its Windows 10 users with file extensions, in this instance I think dumbing things down does more harm than good.
It would be crazy if gas stations didn’t clearly label the types of fuel on their pumps. Microsoft needs to realise when it comes to Windows 10, users shouldn’t need to dive into settings just to see what they are about to run on their PCs.