Safety tips for handling email attachments and content downloaded from the Internet
Safety tips for opening applications
Always use caution when opening (such as by double-clicking) files that come from someone you do not know, or if you were not expecting them. This includes email attachments, instant messaging file transfers, and other files you may have downloaded from the Internet. Any time that you download from a source that has not previously earned your trust, you should take extra precautions. This is because a downloaded file might have a name or icon that makes it appear to be a document or media file (such as a PDF, MP3, or JPEG), when it is actually a malicious application. A malicious application disguised in this manner is known as a "Trojan."
The following topics can help you safely handle email attachments and files downloaded from the Internet.
Identifying applications disguised as documents
If you are unsure about a particular file, you can use the Finder to see if a file is really an application. After selecting a file, either on the desktop or in a Finder window, you can use the Get Info command (Command-I) to look at the file's "Kind". When using the Column view in the Finder, this information is automatically displayed for the selected file. If you are expecting a document, but the Kind is something other than the expected document type, then you should avoid opening that file. Do not double-click its icon or use the Finder's Open (Command-O) command on the file, or otherwise open it.
If you are unsure of what the Kind for a particular document type should be, you can compare it with documents you may already have that are of that type, or you may be able to open an application directly and create and save a new document of that type. Use Get Info to display the Kind of your existing documents, and compare this with the Kind of the document you received or downloaded
For example, the following Kind types are documents:
- Rich Text Format (RTF) document
- Plain text document
- JPEG image
- PDF document
- M4A file
- M4P file
- MP3 audio file
- Movie file
There are a number of Kind types that identify applications. Use caution if the email attachment or downloaded file has a Kind that includes the word "Application" or is otherwise suspicious. The following is a list of other application types that also require caution:
- Unix Executable File
- Jar Launcher Document
If you have installed third-party software, check the documentation to see if their files can contain macros, scripting languages, or executable code. If they do, then files of that Kind should also be handled with caution.
Mac OS X 10.4 Tiger includes download validation. Several Apple applications use this feature to provide additional checking for content obtained from a network. If you open an attachment in Mail, and it is actually an application rather than a document, Mac OS X's download validation will warn you about unsafe file types, and you should cancel if you have any doubts about the file. If you save an attachment or drag it to a folder, use the Finder to inspect it as described above. If you were expecting a document, but the Finder indicates you received an application, do not open that file. Instead, delete it immediately.
If you navigate to a downloadable file with Safari (for example, by clicking a download link), Mac OS X's download validation will warn you about unsafe file types, and you should cancel if you have any doubts about the file. If you download a file by Command-clicking or selecting Download Linked File from a contextual menu, it will not be inspected by Mac OS X's download validation and it will not be automatically opened. You should inspect the downloaded file using the Finder as described above. If you were expecting a document and Finder indicates that it is an application, do not open that file. Instead, delete it immediately.
Mac OS X 10.5 Leopard and later improves on download validation by providing file quarantine. Mac OS X 10.5 remembers which content you obtained from a network. The first time you open a potentially unsafe file in Finder, in Spotlight, or from the Dock, the file quarantine feature will warn you about unsafe file types. You should cancel if you have any doubts about the file.
Distinguishing legitimate and malicious applications
Where you got the file is the most important indicator. Only download and install applications from trusted sources, such as well-known application publishers, authorized resellers, or other well-known distributors. It is also advisable to use antivirus software to scan any files before installation. A selection of third-party products may be found at the Macintosh Products Guide.