No one is pointing fingers or bickering. I'm responding to your question. The only technical requirement that was satisfied is that the user had "Open "safe" files after downloading" selected. An app installer is not unsafe. Whether the app to be installed is safe or not is another matter, but the installer cannot harm your system or your user files, simply by launching. If you don't want apps... installers or otherwise... to launch after downloading, simply deselect that box.
Wait, the "Open Safe files" bit was for the zip archive, which runs it through Archive Utility. What then auto-executes an installer ? You're suggesting Safari somehow knows that the zip archive contains an installer and that it is indeed an installer and then executes it.
Do you have any proof of this ? I've been trying to get my hands on the zip archive itself to inspect it but no luck, as Google is now swamped with "news" about this thing that just rehashes what you just said.
Basically, the details you provide here are nothing I already don't know about the current situation,
I am asking for more here. Not just "deselect" that box, but rather what else can be auto-executes and what else is considered "safe".
I don't use Safari, I'm not at risk, but I'd still like to know the details of this.
That's why I say you purposefully ignore my point. My point is let's dissect and understand this thing, not glance over it like the current news outlet, heck even Intego's description does. That's why I don't like Intego, they just spread FUD without ever explaining anything and mark everything as a "virus" (their Virus X-barrier says VIRUS FOUND! when it finds malware that isn't a virus...).
1. First, the file would need to be considered "safe" to be allowed to auto-download and auto-open, AND the browser would need to be set to allow this.
2. Then, like the case with the installer above, it would need to seek the user's permission to be installed. This again, required the complicity of the user, who would still need the administrator's password.
How can anything be considered safe in this scenario ? We have a compressed archive and an executable file. Both are rather unsafe. Especially the executable file. I don't care that it is an installer, no executable file is safe. What if the "installer" had some payload code on launch, before privilege escalation ?
This is what I'm interested in knowing, how is this thing packaged so that it gets auto-executed. You aren't answering my question either. I'm technical enough I think that I already understood what you and the Studios guy are "trying to explain to me", but you both fail to understand the underlying question :
Why is this thing auto-executing ? I know it's because Safari considers it safe since the user checked the safe box, that's in the article. I want to know why is an executable file being launched after a zip file was uncompressed and how does Safari know this is "safe" ?
Both of you are only repeating the same stuff that's in the media. I want the details, not the media overview. I want the archive itself if possible. Let's find it, dissect it, understand it. If Apple needs to modify some defaults, let's ask for that.