The whole problem I have with your stance, is you're assuming that if it wasn't a double extension people wouldn't run it anyway, and the reality just doesn't back up that perspective one iota. People still run shitware without double extensions, even on android. https://www.zdnet.com/article/sms-android-malware-roots-and-hijacks-your-device/ RE .exe represented as a PDF, it's entirely dependent on how the OS is setup, the default stance is to not show extensions for known file types so lusers don't get confused. This has the side effect of meaning that bad.pdf.exe is rendered by default as bad.pdf. For me it's something I change, but I don't consider my behavior to be representative of an average user. Should windows be more fussy about how it renders files, shit yeah. Would it change anything, nope. I wholeheartedly disagree that double extensions or even a locked app store are gonna really change much. People still send money to nigerian scammers, people still fall for telephone calls to hijack their details. Social engineering works because they know their market. Double extensions are such an insignificant part of the whole puzzle it's absolutely downright baffling to me why you're so focused on that particular thing.