It’s amazing how easy it’s to lock oneself out from doing anything usable in Microsoft Windows. This particular operating system should be more careful of protecting its handling of executeable files. In Unix-like systems this is done by setting the appropriate execute permission bit and by assigning appropriate ownership to the file.

In Microsoft Windows, handling of executable files is based almost entirely on the name of the file and more specific by the last suffix. The registry hive HKEY_CLASSES_ROOT describes what action to take for a multitude of file suffixes, include .exe. Shouldn’t executable files, at the very least .exe and .dll files, be exempted from configurable handling and instead be handled exclusive by kernel services? At the same time the Windows Explorer setting “Hide extensions for known file types” should be removed in its entirety.

This is the price we pay by continual use of legacy systems, and by running ordinary user accounts at a high level of privileges, when we would be better off with a modern and more secure design and a more conservative level of privileges for our day-to-day activities. Why isn’t the Administrator account activated and password protected in a fresh install of Windows 7?

Lately I’ve seen a couple of cases where malware altered settings in the registry for the handling of .exe files on some of our student’s computers. The most sensible thing would be to boot in safe mode, backup the important stuff, export installed licenses, Autodesk (student) products springs to mind, reinstall the OS and other software, and carefully restore the important stuff. Sadly, my IT department doesn’t have the resources to conduct such services on behalf of our students. There are legal, licensing, and other technical issues at play.

You may successfully remove the malware, but the wrong settings in the registry might prevail. If you’re lucky you might be able to launch an elevated command prompt window from the Start menu. Run regedit from that environment and simply delete the HKEY_CLASSES_ROOT\.exe subtree. Usually this subtree will be recreated with the correct contents the next time Windows boots, unless some undetected malware still exist in the system. Carefully examine the various Run subtrees scattered across the registry and the Startup folders for the system and for each user.

(As a special exception I’ll allow comments on this post.)