Double Extension Spoof Protection?

[wrldwzrd89]

I just noticed that, in Mac OS X 10.4 "Tiger" at least, if you give a file a double extension, such as "file.c.txt", Mac OS X forbids you from hiding the extension. This looks to me like a protection mechanism against the so-called double extension spoof, where (for example) a user downloads something called file.txt.vbs, and, only seeing file.txt, opens it, causing the Visual Basic script to execute.

 

[Nermal]

I had a file today called something.7z.txt and I hid the .txt extension (by mistake!)

 

[wrldwzrd89]

I'm guessing it only forbids extension hiding if both extensions are recognized. If you didn't have a handler for .7z files on your system (which I doubt, since the only .7z decompressor I know of is Windows only), that would explain the behavior you saw.

 

[Nermal]

You could be right there, I didn't have a .7z handler installed. There is a decompressor for it, but it's command-line.