How can I identify applications disguised as documents?
If you are unsure about a particular file, you can use the Finder to see if a file is really an application. After selecting a file, either on the desktop or in a Finder window, you can use the Get Info command (Command-I) to look at the file’s “Kind”. When using the Column view in the Finder, this information is automatically displayed for the selected file. If you are expecting a document, but the Kind is something other than the expected document type, then you should avoid opening that file. Do not double-click its icon or use the Finder’s Open (Command-O) command on the file, or otherwise open it.
If you are unsure of what the Kind for a particular document type should be, you can compare it with documents you may already have that are of that type, or you may be able to open an application directly and create and save a new document of that type. Use Get Info to display the Kind of your existing documents, and compare this with the Kind of the document you received or downloaded.
For example, the following Kind types are documents:
- Rich Text Format (RTF) document
- Plain text document
- JPEG image
- PDF document
- M4A file
- M4P file
- MP3 audio file
- Movie file
There are a number of Kind types that identify applications. Use caution if the email attachment or downloaded file has a Kind that includes the word “Application” or is otherwise suspicious. The following is a list of other application types that also require caution:
- Unix Executable File
- Script
- Terminal
- TerminalShellScript
- Jar Launcher Document
If you have installed third-party software, check the documentation to see if their files can contain macros, scripting languages, or executable code. If they do, then files of that Kind should also be handled with caution.