Masked Extension Control

Masked Extension Control


Versión 1.0.0

logo-mc-online

Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic number” (the first two bytes that define the real nature of a file better than its extension). This may entail serious security problems. Opening .rtf files that exploit vulnerabilities in Word may be avoided if such files are processed by WordPad, for example. Masked Extension Control (MEC) is our open-source response to solve this, since each file is opened with the appropriate program and consequently the risk of exploiting vulnerabilities due to masked extensions is minimized.

Masked Extension Control is a program that makes Windows rely on magic numbers, and not only on extensions, to choose the program that will be used to open a file. This is much safer for your system, since a lot of attacks begin by fooling extensions and trying that a vulnerable program opens or executes them instead of the one the file is really supposed to be opened with.

Prevent attacks based on fake extensions. Attackers usually change file extensions to make you trust the file, and this is dangerous. For example, some very popular attacks make .rtf files to be opened with Word, just by replacing the .rtf extension with .doc or .docx. This way, they build exploitable .rtf files that will take advantage of Word vulnerabilities or weaknesses to release their payload. However, if these .rtf files were opened by WordPad, the threat will disappear.

This program does not need to be resident on memory. It modifies the Windows registry to open .mht, .doc, .rtf and .docx files with the appropriate program, so trusting in magic numbers instead of extensions. If you want to stop using it, you just need to uninstall it.