Anic264b wrote:
Alley_Cat wrote:
Safari has a Preference to Open "safe" files after downloading - I'd advise you to disable that in the General pane of Safari whether you use it or not, as last year malware tried to run an installer via this mechanism BUT required user intervention to install it.
Does Safari really considers an application a "safe file"? If yes, that's a mistake!
If no, then I really prefer these safe files to open automatically, as I dislike to go to the Finder to search the file in my "huge" download folder just to open it myself. Now, of course, if Safari considers an application a "safe file", it matters to think more…
Applications that are launched will always give you a warning that they are new and were downloaded from the internet, so you get a chance to cancel, but in the malware example that was mentioned it was an installer package (.pkg) that was being launched automatically. You still needed to approve the installation and in the first versions, enter your admin password, but the password requirement went away with later versions. Some people blindly do such things, which is why you should always ask yourself if this is something you expected to happen and feel confident in agreeing to. If you downloaded from a trusted source, you should be fine, but if you just stumbled across a site that offeres to "help", beware.
There are now JavaScripts that can be embedded in email, web pages, even PDF files that are considered "safe" by Safari but could contain code that would be harmful to your computer.