How does Download Validation decide that a file is "safe"?
Several factors in the content that is being downloaded are examined: The file extension, MIME type, and even what's inside the file. Files such as pictures, movies, sounds, text files, PDF documents, disk images, or ZIP archives are usually considered safe. "Malware" may try to disguise itself as one of these safe types, but Mac OS X 10.4 checks for signs that indicate this.
Other types of files may or may not be safe. Applications, scripts, webarchives, and archives that contain applications or scripts, have the potential to cause harm to your system. Of course, not all such files are unsafe, but you should exercise caution when opening any such downloaded file.
Note that while Safari, iChat, and Mail offer this feature for increased security, no software can detect all potentially-dangerous file types.
If you have the Safari preference "Open 'safe' files after downloading" selected, and Safari considered that a downloaded file was safe:
- Safari will automatically open the file after it's downloaded.
- If the downloaded file is an archive (.zip file), Safari will decompress it.
- If the downloaded file is a disk image (.img file), Safari will mount the image volume.
If Download Validation cannot determine that a downloaded file is safe, it will be stored in your default download directory just as if the "Open 'safe' files after downloading" preference was disabled.
If Download Validation determines that a downloaded file is unsafe, you will be asked if you wish to download or cancel. If you download the file, it will be placed in your download location, as configured in Safari preferences. If you cancel, it will be saved as a web download in your download location, as configured by Safari preferences. It will be named the same as the original file with ".download" at the end of it. This can be moved to the Trash or inspected manually.
If you attempt to open a file that's attached to a Mail message, and Download Validation determines that a the file is safe:
- Mail will open the file.
- If the downloaded file is an archive (.zip file), Mail will decompress it.
- If the downloaded file is a disk image, Mail will mount (make available) the image volume. If the image contains a single file that is considered safe to open, it will be opened.
If Download Validation determines that the file is not a known safe type, you will be presented with one of the warnings listed above and the option to cancel or open.
If you cancel, the file will not be opened.
If you open a file that Download Validation finds unsafe, you could be opening a potentially dangerous application or other unsafe content. Opening an application attached to a message will run it. If you are not certain that opening the attachment is safe, cancel and save the file instead. Once saved, you can use the tips detailed here to learn more about the file before opening.
If you receive a file via iChat and Download Validation determines that the downloaded file is safe, the file will be placed in the location specified by iChat's "Save received files to" preference. (By default, the file will be saved to your desktop.)
If Download Validation cannot determine that a file is safe, you will be given the option to download or cancel. If you select cancel, the file will be deleted.
If you download the potentially-unsafe file, it will be placed in the location specified by iChat's "Save received files to" preference. (By default, the file will be saved to your desktop.)
After the download is completed, Finder opens a window that shows the downloaded file. You should find out more about the file before opening it, such as by inspecting it manually.