Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Monday, September 10, 2007

Don't Change My File Type Associations

Every file on your computer has a designated type. Some types contain programming code that performs an “executable” action, while most contain data used by an assigned program. For anyone using a Windows computer the file type has traditionally been designed by a three character extension separated by a Dot character. Microsoft Windows now hides this extension but that’s a topic for another post.

Examples of file types that contain programming code executed by Windows are .EXE, .CMD, DLL’s. Common examples that contain data include .TXT, .MP3, .JPG, .DOC and many others that can be registered in Windows. There are also executable “scripts” but they’re essentially data for a program that runs their commands. Examples include .VBS, .REG, .WSH

In the old days ( 2–3 years ago ) we preached the dangers of never clicking or opening any executable file type and considered data types as safe to open. Sadly, this is no longer true. Malware authors have found vulnerabilities that have allowed them to embed program code within a data file and trick Windows into running it.

What you’ll want to know about any file type is their “Associated” program. This is the program Windows runs when you click or open the file. Windows will run the associated program and tell it to open your file. Which program Windows chooses is actually designated in multiple places but there is an option screen that allows users to make changes.

The following can be found under the Windows Explorer(Windows key + E) Tools menu when you select “Folder Options….”

File Type dialog

This dialog allows you to change which program will open for any particular file type, but for most people this screen will never be used.

Vista users won’t find this feature under Folder options. Instead click on the Vista Start Orb, and select “Default Programs”.

Select the 2nd option to update your file types.

In most cases, file type associations will be changed by a newly installed program that you add to your system. Many an unwanted program or Spyware will modify file type associates to hide themselves or to allow them to run unexpectedly.

For a long time, malware authors used .VBS(Visual Basic Script), .REG(Registry script) and even .SCR(Screen Saver) file types to introduce infections. This was so common that most Email programs will block these files types just like they block EXE’s. Some security programs may even re-assign these types to safe programs like “Notepad” without letting you know. This can be annoying but might be a reasonable approach for novice high risk users.

Many legitimate programs may change a file type association so it becomes the program of choice. Well behaved programs will offer you an option when you run their setup programs.

One of the lesser known unique features of WinPatrol is File Type Protection monitoring. If a malicious program tries to hijack a system critical file type associations, you’ll be alerted and can prevent the change. This can also be useful if some normal program tries to change your favorite Media Player or Photo viewer without letting you know. If you don’t want to be alerted, you can also just check the option “Lock File Types” and WinPatrol will always protect the file types you’ve chosen to remain the same.

Options tabLock File Type





Share on Facebook


11 Comments:

Blogger Unknown said...

Excellent article. Do you find it funny or strange that most, and I mean most, users have no idea of what your article is about.
They just turn it on and surf.
Course it keeps me in business.
Again, great article,
Scotty is so great. My favorite program for keeping a eye out for nasties.

10:29 PM  
Anonymous Anonymous said...

This not so much a comment as it is a question. My email attachments are being opened with Notepad. How do I stop this?

PS: I use MSN Premium for emails and Zone Alarm for virus protection.

8:10 AM  
Blogger bobfox321 said...

I went and tested a couple of free web site check programs to advise you if they are safe. They appeared to slow my computer down and I eliminated both. There appears to be the same slow down. I suspect that some of my file types were changed. Is there a way to change all the default file types back to assure that they are all in default mode? This was all before I turned to Scotty to protect my PC. Thank you and Scotty.

12:29 PM  
Blogger Unknown said...

Anonymous, I suspect ZA has modified file types as its way to protect you. If you know which file types it's changing, you can use the File Type dialog in this article to change it back to its original program. It may also be an option in your Email program. Either way, you'll want to check the help files for options in both ZA and MSN Premium. I'm sure there are plenty.

Bob, I'm afraid, I don't know of any program which will change your file types to the Windows defaults. In many cases, the defaults will change as you install new programs.

This might be a case where you'll get really familiar with the File Types dialog so you can change the important ones back. After that you can lock them with Scotty.
I can't think of any reason why a file type re-association would slow down your system but I'm sure it's certainly possible.

I didn't expect this article to generate as much feedback as it did so I'm already consdering a part 2 and adding additional filetype features to WinPatrol.

Bill

6:36 PM  
Anonymous Anonymous said...

douchrti was right, those of us with no clue will clog up and continue to surf. How about he posts a file types primer for us?

11:48 PM  
Blogger jpritch said...

I have no idea who Scotty is.

I downloaded a DVD burner from Ashampoo.com, but it came with an extension of .ewf (ashampoo_burningstudio710_sm.1.2D0D17.efw) I'm unable to launch or open the file. Any ideas?
James

10:25 PM  
Anonymous Anonymous said...

As soon as MS started doing this in XP, I knew it was just going to make newer users even LESS aware of things they need to know. I feel learning associated file types is a key to staying safe in this dangerous online world, and I've even had heated arguments with MS - MVP's over this change. Some of the MVP's actually think that was a GOOD idea by MS, but I beg to differ...very strongly.
Users need to learn as much as they can about how Windows does things and a big part of that is just what file type is, or should be, associated to what program. I spent so much time explaining to users on my online Tech Help sites, how to get the file types to show and why they should be like that, I finally made a rather lengthy explanation script that I could just copy into posts.
I've been against this from Day 1 and still am disgusted it's still hidden in Vista by default. Ms is on a big security kick and then they handcuff newer users by not allowing them to learn file types by seeing and using them everyday.
Not good...

Dave C>

4:58 AM  
Anonymous Anonymous said...

I take issue with Dave C's comment that "users need to learn as much as they can about how Windows does things and a big part of that is just what file type is, or should be,...". Most people are specialists in whatever their profession may be. I am a registered nurse experienced in the care and maintenance of patients with artificial hearts, ventricular assist devices as a bridge to transplant, and with the drugs that are frequently used in association with people in this patient group. I would no more expect you to be able to step into my shoes and take over care of an unstable post-op heart-lung patient who is having multiple cardiac dysrhythmias as well as needing hemodynamic support with 16 different drugs than I should be expected to understand the complexities involved in our computer age. You are right; I did not obtain enough info from the the article you refer to although I got the general idea that certain files ending could be altered and have viruses attached to them. I did not understand the options and how I would determine which one(s) would be appropriate for my PC. Please do not denigrate those of us who are not "technogeeks"; we want to learn from you but learning must begin in a language that is common to both of us.

6:59 PM  
Blogger Unknown said...

Dad,

The best way to learn more is just go to Google and type in "ewf file type". You'll see a few good possible explanations.

Bill

7:49 PM  
Anonymous Anonymous said...

Hi..to all this is bit urgent...
before reading this article,my file type has changed (i think all dll files hav chaned int exe files) n i cannt even change themes n suffering badly.....i wud like to know how i can change them to its original type....

11:35 AM  
Blogger jpritch said...

I found that EWF file extension was added by my antivirus program which apparently thought that the original extension of EXE contained a virus. When I changed the extension back to EXE the program ran with out difficulty. Since then I have found that WMV files may be changed to MIM and there may be another which I have now forgotten that may be substituted for ZIP
James

12:05 AM  

Post a Comment

<< Home