Double Extension Spoof Protection?

Discussion in 'macOS' started by wrldwzrd89, Jun 5, 2005.

  1. wrldwzrd89 macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #1
    I just noticed that, in Mac OS X 10.4 "Tiger" at least, if you give a file a double extension, such as "file.c.txt", Mac OS X forbids you from hiding the extension. This looks to me like a protection mechanism against the so-called double extension spoof, where (for example) a user downloads something called file.txt.vbs, and, only seeing file.txt, opens it, causing the Visual Basic script to execute.
     
  2. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #2
    I had a file today called something.7z.txt and I hid the .txt extension (by mistake!)
     
  3. wrldwzrd89 thread starter macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #3
    I'm guessing it only forbids extension hiding if both extensions are recognized. If you didn't have a handler for .7z files on your system (which I doubt, since the only .7z decompressor I know of is Windows only), that would explain the behavior you saw.
     
  4. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #4
    You could be right there, I didn't have a .7z handler installed. There is a decompressor for it, but it's command-line.
     

Share This Page