Difference between revisions of "Mark of the Web"
(→Context) |
(→Context) |
||
| Line 5: | Line 5: | ||
Files from the Internet or similar sources could contain malware. Therefore, Microsoft came up with a security mechanism years ago where these files are marked with a Mark of the Web (MOTW) flag. Windows can display a security warning before opening and starting an executable file with a MotW flag set. | Files from the Internet or similar sources could contain malware. Therefore, Microsoft came up with a security mechanism years ago where these files are marked with a Mark of the Web (MOTW) flag. Windows can display a security warning before opening and starting an executable file with a MotW flag set. | ||
| + | ===Mac OS/x=== | ||
| + | Since Mac OS X Leopard, applications that download files from the web have had the ability to mark files as being 'quarantined' [1]. A file being quarantined just means that you haven't yet approved the file. In Snow Leopard, this feature was enhanced to protect users against known malware such as Mac Defender. OS X stores quarantine information in extended file attributes [2]. Specifically, these are the relevant extended attributes: | ||
| + | * com.apple.metadata. This isn't specific to quarantining files, but it does appear to be used for the other information included in the quarantine prompt. This attribute contains two key-value pairs: kMDItemDownloadedDate (a date/time) and kMDItemWhereFroms (which contains two URLs: the direct download URL, and the download page URL). The kMDItemWhereFroms attribute also shows its data in the Get Info window in the Finder. | ||
| + | * com.apple.quarantine. This attribute contains the application's name that downloaded the file, the current quarantine status, among other things (presumably). | ||
| + | |||
| + | You can view a list of all extended attributes on a file by using the xattr shell command. Grab a DMG you have laying around, open the Terminal, and execute xattr -l path/to/file.dmg. You'll see something like this containing the extended attributes used for quarantining, as well as a couple of others: | ||
| + | |||
| + | On the developer side of things, to enable file quarantine for files downloaded through your application, simply set LSFileQuarantineEnabled to true in your Info.plist. | ||
| + | # http://support.apple.com/kb/HT3662 | ||
| + | # http://en.wikipedia.org/wiki/Extended_file_attributes#Mac_OS_X | ||
==Problems== | ==Problems== | ||
Revision as of 14:24, 13 March 2023
Full Title
Context
Files from the Internet or similar sources could contain malware. Therefore, Microsoft came up with a security mechanism years ago where these files are marked with a Mark of the Web (MOTW) flag. Windows can display a security warning before opening and starting an executable file with a MotW flag set.
Mac OS/x
Since Mac OS X Leopard, applications that download files from the web have had the ability to mark files as being 'quarantined' [1]. A file being quarantined just means that you haven't yet approved the file. In Snow Leopard, this feature was enhanced to protect users against known malware such as Mac Defender. OS X stores quarantine information in extended file attributes [2]. Specifically, these are the relevant extended attributes:
- com.apple.metadata. This isn't specific to quarantining files, but it does appear to be used for the other information included in the quarantine prompt. This attribute contains two key-value pairs: kMDItemDownloadedDate (a date/time) and kMDItemWhereFroms (which contains two URLs: the direct download URL, and the download page URL). The kMDItemWhereFroms attribute also shows its data in the Get Info window in the Finder.
- com.apple.quarantine. This attribute contains the application's name that downloaded the file, the current quarantine status, among other things (presumably).
You can view a list of all extended attributes on a file by using the xattr shell command. Grab a DMG you have laying around, open the Terminal, and execute xattr -l path/to/file.dmg. You'll see something like this containing the extended attributes used for quarantining, as well as a couple of others:
On the developer side of things, to enable file quarantine for files downloaded through your application, simply set LSFileQuarantineEnabled to true in your Info.plist.
