Windows Tips: For Security Reasons, It Pays to Know Your File Extensions
Computer viruses sometimes masquerade as harmless e-mail attachments. The fastest way to spot the interlopers is by their file extension--the letters (usually three) following the final period in the file's name. This extension is an essential aspect of nearly every file on your computer; without it, Windows doesn't know whether to open the file in your word processor or another app, to launch it as a program, or to let other programs use it as a system resource. Knowing a file's extension can also help you customize your system and clean out the dross.
Unfortunately, Microsoft started hiding file extensions in Windows 95. To make sure your file extensions are visible, open Windows Explorer or any folder window and choose View, Folder Options or Tools, Folder Options (depending on your version). Click the View tab, make sure the option to 'Hide extensions for known file types' is unchecked (the exact wording will vary depending on your version of Windows; see FIGURE 1
The File Types tab in the Folder Options dialog box lists the extensions registered on your system ("registered" means that Windows knows what to do with that type of file; see FIGURE 2
If you're willing to edit the Registry, you can display most file extensions but hide a few of your choice. Or you can show the extensions of only the file types you select. Here are the file extensions you need to be aware of.
An eye on executables: An executable (.com or .exe) lists machine-language instructions that a computer can understand and execute. Don't launch executable files that you receive from an unknown source (such as via an unsolicited e-mail), since the sender could have a malicious purpose. Also, many worms propagate via e-mail address books, so you may know the purported sender of an infected file. Don't open any executable file until you have confirmed by phone or e-mail that the file is legit. By extension (pun intended), .bat (batch files) and .cmd (Windows 2000 batch files) include executable commands and may contain malicious code.
Other service-launching extensions: If you double-click a file whose extension is associated with a Windows service, that service will open and run, using the information in the file you double-clicked to tell the service what to do. Such extensions include .pif (a program information file that tells Windows how to run an old DOS app), .msi (a Windows installer database), .hta (an HTML application), and .scr (a screen saver).
Space savers: If you're tired of the screen savers on your system, save disk space by searching for all of your system's .scr files (enter *.scr as the file name you're searching for) and deleting the ones you don't want (see FIGURE 3
Control Panel icon elimination: Readers frequently ask how to remove icons from their Control Panel window. When the culprit is not one of Windows' own control panels but an uninvited intruder installed by some other program, it's useful to know that most Control Panel icons represent files with the .cpl extension. Enter *.cpl in the file-name field of Windows' search function to list the Control Panel applets on your system. Double-click each file until you find the one that you don't need. Move the unwanted file to another folder, or make a backup copy and delete the original. Note that in some cases multiple icons in the Control Panel window may represent a single .cpl file. For example, removing main.cpl will eliminate the Fonts, Keyboard, Mouse, and Printers icons.
System secrets: Some system file types don't run by themselves and don't open in an application; other programs on your PC use these files to get information about your settings, special programming functions, and other resources. You can customize your system by editing certain .ini, .inf, and other system files. For example, changing your sysoc.inf file gives you more control over uninstalling components of Windows 2000 and XP. Or edit your desktop.ini file to add wallpaper to XP's folder windows.
One common system file type is the dynamic link library, or .dll. Sometimes multiple applications will install one .dll file, potentially causing conflicts. To help advanced users and IS pros sort through .dll-related snafus, Microsoft has set up a searchable database that they can use to ferret out the purpose of any Microsoft .dll file.
Wascally Wegistwy files: Exported portions of the Windows Registry have the .reg extension. When you edit the Registry, these files serve as small, targeted backups of the portion you'll be working on. Click Start, Run, type regedit, press Enter, navigate the tree pane on the left (or use the Edit, Find feature), and click the section of the Registry you plan to edit. Choose Registry, Export Registry File, make sure that 'Selected branch' is highlighted, specify a name and a location to store it in, and click Save. The settings for that portion of the Registry will be saved as a file with the .reg extension. If you make a boo-boo, you can restore that portion of the Registry to its prior state by double-clicking the backup file and then following the on-screen prompts. You're not likely to encounter a problem with .reg files that you make yourself, but beware of unknown or unsolicited .reg files! If you merge a corrupt, outdated, or malicious .reg file, you can damage your Windows settings.