Link Exploits and the Search for a Better Explorer

To being with, I was saddened to learn that Vern Buerg passed away in December 2009. Old timers will remember the name as his program LIST was one of the best shareware utilities in the history of DOS. Fast forward to 2010 and there’s a real need for a Windows Explorer replacement, at least until Microsoft patches the .lnk file vulnerability. I decided to see if there was a newer version of LIST and this is when I discovered that Mr. Buerg had passed away and that a gentleman named Clark Woodworth has a beta of a LIST replacement that runs on 64 bit Windows 7 and is free. The beta, called ZBLIST, is available at http://www.bizer.com/zblist/, but be advised, as a beta there are still significant issues to work out. It is best to read the documentation so you know how to do things like change the drive and path, etc. The worst bugs I have encountered are when you type in an invalid command or navigate to a CD drive that is empty it generates a runtime error and quits.

I’ve gotten so used to clicking on things with a mouse it took a few moments to figure out why the directory wouldn’t change when I double clicked it. The enter key and the arrow keys really aren’t so bad! At a mere 112 KB and NO setup, ZBLIST is a refreshing blast from the past. Since ZBLIST does not display file ICONs it is safe to use to view a USB drive or network share that might have a malicious .lnk on it, and believe me there will be a lot more malicious .lnk files arriving very soon.

I’ll try to do a little research and see if I can find a suitable free Explorer replacement, but feel free to send suggestions, for free as well as paid Explorer replacements that do not show icons when you view the file system as well. Currently our blog doesn’t accept URLs in the comments, so be a bit creative about how you say where to find things :)

Randy Abrams
Director of Technical Education
ESET LLC

Author ESET Research, ESET

  • Rondon

    Hi there. Do you think Total Commander for Windows – with it’s EXE/LNK icon feature turned off (not the default)- will do as a temporary Explorer replacement?

  • Leo Davidson

    Directory Opus isn't free but has the option of turning off icons. (Settings -> Preferences, then type "display icons" into the filter at the bottom of the window to quickly find the options.)

    There are a couple of introductions to Opus on my site. (Don't be put off by the official site, which doesn't do the program justice at the moment, IMO.)

  • Leo Davidson

    PS: If you want something like LIST I'd think Far would be worth looking at.

  • Randy Abrams

    Total Commander with icon display turned off probably will work. Directory Opus with icon display turned off will probably work. FAR available at farmanager{dot}com seems to be ideal!

  • Charles Jeter

    @ Randy and Leo:
    Love Directory Opus – been using it for over eight years. Handles sophisticated FTP like a dream.

  • Al Kalian

    File Manager is a very good replacement for Explorer. It used to come bundled with all version of Microsoft's operating system, but go left out in the newer versions of the OS. It can be adapted to run with XP, Vista, and Windows 7.
    One guy figured out how to make it happen, and the instructions are clear, and easy to follow.
    —————————————————————————————————————————–
    Currently our blog doesn’t accept URLs in the comments, so be a bit creative about how you say where to find things  (??) Hope my fiddling fools the URL police…….
    —————————————————————————————————————————–
    The web site is here: h t t p ://people *dot* ee *dot* ethz *dot* ch/~davidsch/vistafm/  (replace the *dot* with a period)
    Once you get File Manager up and running do the following:
    Double click the C: icon on the third row. You should now have two windows.

    Select Menu Window/Tile Horizontally.
    Select Menu Tree/Indicate Expandable Branches
    Select Menu View/Partial Details and check all of them but MS-Dos file names. Leave it blank.
    Select Menu View/By File Type and check all of the boxes. Make sure the name field is *.*

     

    • David Harley

      Please note that Randy is no longer at ESET: I’m not currently looking at replacements for Windows Explorer and I haven’t tried out this approach or checked out the files referenced at http://people.ee.ethz.ch/~davidsch/vistafm/, so caveat lector (let the reader beware). I can’t guarantee it’ll work painlessly for everyone, and I can’t vouch for the safety or efficacy of files recommended for download.

      As for the URL police, it was decided at some point in the dim and distant past to discard URLs automatically because of the ever-rising rate of comment spam. Since comments are moderated anyway, that might seem overkill, but I suppose it reduces the risk of someone allowing a malicious or inappropriate link through by mistake.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

2 articles related to:
Hot Topic
23 Jul 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.