Safety tips for handling e-mail attachments and content downloaded from the Internet
December 29, 2008 Computer Safety Tip
Safety tips for opening applications
Always be careful when opening files that come from unknown persons i.e. e-mail attachments,
instant messaging file transfers and other files you may have downloaded from the Internet. This is because a downloaded file might have a name or icon that makes it appear to be a document or media file, when it’s actually a malicious application. A malicious application camouflaged in this manner is known as a”Trojan”.
Identifying applications disguised as documents
If you are uncertain about a particular file, use the Finder to see if a file is really an application. After selecting a file, either on the desktop or in a Finder window, you can use the Get Info command (Command -I) to look at the file’s “Kind”. When using the Column view in the Finder, this information is automatically displayed for the selected file.
If you are uncertain of what the Kind for a particular document type should be, you can compare it with documents you may already have that are that type, or open an applicaton directly and create and save a new document of that type. Use Get Info to display the Kind of your existing documents, and compare this with the Kind of the document you received or downloaded.
For example, the following Kind types are documents:
• Rich Text Format (RTF) document
• Plain Text document
• JPEG image
• PDF document
• M4A file
• M4P file
• MP3 audio file
• Movie file
There are a number of Kind types that identify applications. Be careful if the e-mail attachment or downloaded file has a Kind that includes the word “Application” or is otherwise sceptical.
The following is a list of other application types that also require caution:
• Unix Executable File
• Script
• Terminal Shell Script
• Jar Launcher Document
If you have installed third-party software, verify the documentation to see if their files can contain macros, scripting languages, or executable code. If they do, then that Kind should be handled with caution.
Download validation
Mac OS X 10.4 Tiger includes download validation. If you open an attachment in Mail, and it’s an application rather than a document, Mac OS X’s download validation will warn you about unsafe file types. If you save an attachment or drag it to a folder, use the Finder to inspect it as described above. If you were expecting a document, but the Finder shows you received an application, do not open that file, delete immediately.
Let’s just say you navigate to a downloadable file with Safari e.g. by clicking a download link, Mac OS X’s download validation will warn you about unsafe file types, you ought to cancel if you have doubts about the file. If you download a file by Command-clicking or selecting Download Linked File from an appropriate menu, it will not be inspected by Mac OS X’s download validation and it will not be automatically opened. The downloaded file should be inspected using the Finder. If you were expecting a document and Finder indicates that it is an application, do not open that file. Delete it immediately.
File quarantine
Mac OS X 10.5 recalls which content you obtained from a network. The first time you open a potentially unsafe file in Finder, in Spotlight, or from the Dock, the file quarantine feature will caution you about unsafe file types. If you have any doubts about the file you should cancel.
Distinguishing legitimate and malicious applications
Only download and install applications from dependent sources, i.e. well-known application publishers, authorized resellers, or other well-known distributors. All files should be scanned before installation using an antivirus software. A selection of third-party products may be found at the Macintosh Products Guide.
