If a malware-infected file is viewed with Quick Look, is that deemed any safer than opening it in, say, the file's default app?
(This is not asking whether viruses exist on Macs; this is assuming that the more general category of malware does in fact pose a threat.)
Thanks for any insights
MacBook, OS X Yosemite (10.10.2)
Given the present known malware situation for OS X, it really does not matter, but then again such advice in the hindsight of some future successful QuickLook-exploiting attack would seem naive. Therefore, the best approach for anyone concerned about a QuickLook exploit would be to use a view that does not invoke any previews, so yes, using List view would be the better approach in this case.
While as of yet, QuickLook is not being exploited, do keep in mind that Apple's previewing technologies have had their security concerns. One of which was a recent hole in Spotlight's handling of e-mails in search results, where spam messages found in Spotlight would load images, bypassing explicit settings by users to not have remote images be loaded. Though not specifically malware, such loading of images allowed for tracking of some activity by the remote servers that served them. Spotlight's oversight of the security settings was the security hole in this case.
To answer your question, when you use QuickLook, you are opening the file. The QuickLook service uses a plugin that gives it the capability of reading at least part of the targeted file, and then creates a snapshot that is displayed. If there was malware in a file that was somehow triggered when opened, then this could potentially run it. Granted since it uses limited plugins for handling files, QuickLook will likely open a file differently than in its main handling program. Therefore, malware intended to take advantage of a program like Word when a .doc file is opened, may not work as intended when previewed with QuickLook. This argument does observe the difficulties involved for creating such malware; however, given the possibility of it, then this would be the consideration.
Linc — thanks. I’m not overly concerned with the present instances (a phishing email and a Word macro virus), since I’m obeying the normal cautions; but am seeking good (not perfect) advice for general practice.
I see Topher also responded, and will follow up in a reply there.
QuickLook is supposed to be sandboxed. Merely previewing a file can't cause anything to happen except that the contents of the file are displayed in a window. But that doesn't mean there couldn't be an unknown bug that would allow a third-party QuickLook plugin to break out of the sandbox.
Topher — thanks.
That specificity would seem to reduce the concern.
Would a similar issue apply to using Finder’s Column View when opening a malware checker’s ‘quarantine’ folder to select the file and move it to Trash, since Column View presents an image of a file when selected?
Or is the file explored ‘under-the-hood’ so that a similar risk (if any) is present even in List view?
The Finder uses QuickLook to generate previews, so the same concerns would apply here. However, this again makes vast assumptions about the ability for malware to be embedded in files in a way that would break through a plethora of security and isolation routines in OS X. This is not to say such malware is impossible, but it so far has never seen the light of day, and given the limitations imposed on it by OS X, would take a great deal of thought and ingenuity to implement. However, never say never. 🙂
Thanks for confirming Finder uses Quick Look for Previews.
Re my other question on this 'never say never' path: IIUC, it would seem the 'best' advice would be to open a quarantine folder in List View rather than in Column View or Icon View. Make sense?
If you're asking a theoretical question, the answer is that nobody knows for sure. In practice, there is no known malware that would be triggered merely by trying to open it in QuickLook.
Viewing malware-infected file with Quick Look
