Why to add .mde extension to WG block list

The filename shouldn't be in the list in the first place. Who says the user even knows how to get to the list and why should they have to even go to the trouble? It is important.

 

As I said before default settings are what most users use and many assume are the best settings. I do think the double extensions warning is a good idea, but not in the cases of the SAME extension such as test.vbs.vbs or test.exe.exe. That's just stupid programming in that case. The issue with file names I was discussing in my previous post was with files such as MSBlast.exe, southpark.exe, NOT double extensions.

 

1) read the helpfile
2) i intentionally gave stupid examples to try to make sure they work. You can use any double extension, take three, four different ones, pif.exe.doc.vbs whatever you like and whatever you like to have added in your always blocked extensions list. See what happens if you use one exgtension which was added to the blocked list, or double or another or allow VBS and have a VBS extension while you put something nasty inside the testfile.
Again, try and play with it.
Name it one of your other blocked file names with the southpark or whatever as a name and nothing in it or other code, try it for yourself and see how stupid the examples are.
I just gave you a very safe way to do some testing without having the actual nasty infections around.

 

Then turn if off by default for the SAME extension. I don't know if your just avoiding the issue or seriously don't comprehend. Worm Guard should not block the SAME repeat extensions such as test.vbs.vbs, test.exe.exe, test.com.com.com.com by default. If a file has the SAME repeat extension then it should NOT be blocked. There are files out there, which have multiple of the SAME executable extension, more legitimate than unlegitimate in fact.
1) They are NOT hiding their true extension
2) It is stupid programming

I'm NOT disagreeing with blocking .VBS, .VBE, .SHS, .SHB, .SHA, .HTA, .JSE by default.

Yes, and I've tried it. I even made sure by doing it on the TDS install file. A user has a right to rename a legitimate file such as the TDS install file to ANY file name they want to and should NOT have it blocked. As I've said before, ANY file legitimate or unlegitimate can be named almost ANYTHING. I use the default Worm Guard settings (which most users use), I renamed the TDS install file to 'south park.exe' and the TDS install file was blocked.

I think that speaks for itself in the effectiveness and accuracy of this feature.

 

Personally, I agree with your point about blocking repeat extensions being unnecessary but I know that the TDS folks have more knowledge of this than I and may know of reasons that are not apparent to me. However, I think you overstate the frequency with which this occurs. I have never seen a double extention of the same type in my 10 years of using computers and I go through a *lot* of programs!

In my opinion you are simply just fishing for flaws now. Of course if you have WG set to block a certain filename and you intentionally rename another executeable that you intend to use with that same filename then you are going to have issues. This doesn't point out any flaw in the respectiveprograms but rather in the way you choose to misuse them.

 

'wizardavc', seeing as your comments have degraded to childish insults we'll conclude that you've finished with contributions to this thread. If you don't like a part of Wormguard, don't use it - it's that simple.