Thus spake John C. Welch <[EMAIL PROTECTED]>, circa 4/15/2004 12:11 AM:
>> This type of file is possible because Apple still supports the old-style
>> file type/creator under OS X. I would hope that Apple would move quickly to
>> just stop them from running unless they have the .app extension.
> That's not a fix either. All a malware writer has to do is bury the bad code
> in the bundle, and you're still screwed. Windows established that relying on
> the extension is a bad idea.
True, but the main problem with Windows extensions (and OS X) is that they
can be hidden, enabling the social engineering part of the trojans.
My point was that the social engineering aspect of this "exploit" relies on
the fact that this appears to be an MP3 file, but the OS treats it like an
app. If the Finder =enforced= one or the other, it wouldn't work. It would
either look like an app and behave like an app, or look like a file and
behave like a file. If people knew the supposed MP3 was an application, they
would (hopefully) be far less likely to double click it.
Ideally, the OS would protect the user from certain "suspicious" activities
like file deletion and program replication, but just doing away with the
APPL file type overriding the OS X .xxxx extension would be a pretty good
start.
peter
--
To unsubscribe:
<mailto:[EMAIL PROTECTED]>
archives:
<http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/>
old-archive:
<http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
