Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'The Culprit' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
The Culprit
Authored by: hamarkus on Feb 22, '06 10:08:26AM

I agree with you, BOMArchiveHelper.app automatically opening files is the problem (there might be some useful cases but BOM should never be allowed to open a file which wants to be opened by Terminal.app).

If you have Stuffit installed you can also use RCD (both via extension and MIME type) to open .zip and any other compressed formats with it, with that you can still uncompress them in the Finder.
However, the next 'virus' might simply override this setting (as the sample Secunia.mov file does) and ask the OS to be openend by BOM, although Safari and Mail might prevent this.

I still do not understand by which mechanism the 'Open with' app in the 'Get Info' window is set. It is not the filename extension nor the Creator/Type nor the MIME type.



[ Reply to This | # ]
The Culprit
Authored by: bomolub on Feb 22, '06 01:58:29PM

It's done with a resource of type 'usro' in the resource fork.

http://mjtsai.com/blog/2004/01/27/bruce_horn_interview



[ Reply to This | # ]
The Culprit
Authored by: hamarkus on Feb 22, '06 05:09:26PM

Thanks for the info. So Apple 'simply' has to stop considering files which have ‘icns' and ‘usro' resources pointing to Terminal.app as 'safe' files.

Interestingly, the resource fork of secunia.mov contained the complete path to Terminal.app. Do the ‘icns' and ‘usro' resources always contain the complete path?



[ Reply to This | # ]