Hi Wes,
The weirdest thing happened today. When I went to post a reply to you
today, Google Groups indicated that this thread had been deleted. I
started a new thread with the same name appended with "(2nd try)". A
post to that thread seemed to go OK. But when I came back after a
hiatus of a few hours, my new thread could not be found but this
thread had been resurrected. I guess someone's monitoring this
newsgroup and doing a good job, or it's a miracle.
Anyway, thanks for your explanation about the terms used in the
MS05-016 bulletin.
In light of your responses, I spent some time poking around the
Registry over the past two weeks, but I don't see what I can do about
the two questions I originally asked:
How does one:
-- block unknown file name extension types
-- only allow known valid file name extension types
as suggested in the bulletin?
Perhaps we have to insert a filter in Windows' file-open mechanism
that inspects the filename and:
1. If the filename matches the regular expression "\.\w+$", using the
matching sting for a search of HKCR\'s top-level entries. If the
search fails, have the Windows fail the open attempt.
2. It the filename has no file extension, have the Windows fail the
open attempt unless that filename appears on some sort of "white
list."
That sounds way beyond the ken of most of us programmers. So, I think
I'm way off the mark here.
Any additional suggestions would be most appreciated.
Best wishes,
Richard
[HKEY_CLASSES_ROOT\.]
@="NoExtFile"
NoExtFile is for files that have NO file extension. Like the HOSTS file,
for example.
INFO: Shell Extensions for File Names with No File Extensionhttp://support.microsoft.com/kb/236014
HKEY_CLASSES_ROOT\*
and
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
AlwaysShowExt if the Value Data is blank, files never show the extension.
Windows Explorer never shows the .lnk or .url extension regardless of the
shell-wide setting for known (registered) file types. If you look in the
registry under HKEY_CLASSES_ROOT\lnkfile or
HKEY_CLASSES_ROOT\InternetShortcut, you'll find NeverShowExt REG_SZ entries.
The command prompt does show .lnk and .url, etc. extensions.
Explorer doesn't show extensions for ConferenceLink (cnf), Directory,
DocShortcut (shb), piffile (pif), SHCmdFile (scf) or ShellScrap (shs) files
either.
HKEY_CLASSES_ROOT\Unknown
or
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown
<quote>
The content of HKEY_CLASSES_ROOT comes from two sources:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes and HKEY_CURRENT_USER\SOFTWARE\Classes.
If a subkey or entry appears in either location, it also appears in
HKEY_CLASSES_ROOT. If the values of entries in the two Classes subkeys
conflict, only the value in HKEY_CURRENT_USER\SOFTWARE\Classes appears in
HKEY_CLASSES_ROOT.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In