Tips for safe handling of e-mail attachments
Security tips for opening programs
Always be cautious when opening files (e.g., by double-clicking) that are from an unknown person or that you were not expecting. This includes email attachments, instant messaging file transfers, and other files you've downloaded from the Internet. Every time you load something from a source that has not earned your trust before, you should take extra precautions. This is because a loaded file might have a name or icon that makes it appear as a document or media file (for example, a PDF, MP3 or JPEG), when in fact it is a malicious program. A malicious program disguised in this way is called a "Trojan".
The following topics are intended to help you deal safely with e-mail attachments and files downloaded from the Internet.
Detect programs disguised as documents
If you are unsure about a particular file, you can use the Finder to determine if a file is not hiding a program. After selecting a file on the desktop or in a Finder window, you can use the Information command (Command-I) to view the "type" of file. In the Finder's column view, this information is automatically displayed for the selected file. If you are expecting a document, but "Kind" indicates something other than the expected document type, you should avoid opening the file. Do not double-click the file icon and do not apply the Finder's Open command (Command-O) to the file or open it in any other way.
If you are not sure of the type of a particular document type, you can compare it with existing documents of that type. Alternatively, you can open a program directly and create a new document of this type and save it. Use "Information" to view the type of existing documents and compare them with the type of the received or loaded document
These species are, for example, documents:
- Rich Text Format (RTF) document
- Plain text document
- JPEG image
- PDF-document
- M4A-file
- M4P-file
- MP3-audio file
- Movie file
There are a number of "kind" types that identify programs. Be careful if the email attachment or the loaded file has a "type" that contains the word "program" or otherwise seems suspicious. Below is a list of other program types that also require caution:
- Executable Unix file
- Script
- Terminal
- TerminalShellScript
- Jar Launcher-Document
If you have third-party software installed, check the documentation to see if their files may contain macros, scripting languages, or executable code. If so, then files of this type should also be handled with care.
Download Validation
Mac OS X 10.4 Tiger includes download validation. Several Apple applications use this feature to provide additional verification for content obtained from a network. If you open an attachment in Mail and it is an application instead of a document, Mac OS X's download validation warns you about unsafe file types. You should cancel if there is any doubt about the file. If you save an attachment or drag it to a folder, use the Finder to examine it as described above. If you were expecting a document, but the Finder indicates that you received a program, do not open the file. Instead, delete it immediately.
If you navigate to a downloadable file with Safari (e.g. by clicking a download link), Mac OS X's download validation warns you about unsafe file types. You should abort if there is any doubt about the file. If you load a file by clicking it while holding down the Command key or selecting "Load Linked File" in the context menu, Mac OS X's download validation will not check it and will not open it automatically. You should check the loaded file using the Finder as described above. If you were expecting a document, but the Finder indicates that it is an application, do not open the file. Instead, delete it immediately.
File quarantine
Mac OS X 10.5 Leopard and later improves download validation by providing a file quarantine. Mac OS X 10.5 remembers what content you have obtained over a network. When you open a potentially unsafe file for the first time in the Finder, Spotlight, or from the Dock, the file quarantine feature warns you about unsafe file types. If you have any doubts about the file, you should cancel.