[j_drake]

I'm going to apologize in advance for I know someone's toes will get stepped on.
Many years ago there was a joke going around about Mary Baker Eddy falling on the ice while skating and getting hurt and how she handled the situation (I forget the details its been 40+ years). When asked if she was upset or insulted by the joke she responded with "I'm not upset, it shows you have reached the mainstream consciousness when they start making jokes about you"
The same can be said for the Mac, especially OS X, it has gotten to the point where it is now in the consciousness of the "Dirty Tricks" folks. We need to take the good with the bad, even the ugly. I am of the mindset that Apple will do what is needed to protect its OS and the users of X, especially as they aim at more use by the corporate sector. At the same time we as users must be ever vigilant. Having worked in a mixed OS environment it is painfully clear that regardless of the level of security something will get through if you let your guard down for even a second. We need to stop pointing the finger at Apple and realize we need to take care of business for our own safety. After all even though cars have seat belts as standard equipment it is still up to the individual to actually Buckle Up. And we are always being reminded to Drive Defensively and watch out for the crazies on the road. It is not one bit different when it comes to using our computers, we must keep up our guard and never open anything if we do not know it comes from a safe source. Remember the automatic seat belt systems Detroit tried to foist on the car buying public, and the negative response from the same folks they were trying to protect. People object for many reasons but the main one was it should be their choice whether to buckle up or not, go figure, so do we really want Apple to set up X to be so restrictive as to take X down to the same level as Windows, a dry, joyless system?. And yes I realize that even our best intentions can sometimes slip a bit, but to expect Apple to be constantly watching our backs while we act the nave fool is unreasonable and arrogant.

'nuff said
john

[b_baggins]

Actually, this isn't entirely true.
The problem is that Launch Services makes the user-defined association the default, no matter the scenario. This is what allows the file spoofing.
The guys at Unsanity have a good write up of this in their blog and a couple of ways to fix it without losing the functionality.

[hgwells]

OM_user, what you are suggesting sounds perfectly reasonable to me. I hope some Apple people are reading it. In addition, Terminal itself is so critical that Apple may consider default oversight on it where multiple descriptions and warnings are given by default to users (understandable even by non-proficient computer users) before terminal begins opening for any reason (may be turned off or modified somewhere for those who actually work in Terminal on a regular basis).

[jdb8167]

In reply to:

---

The problem is that Launch Services makes the user-defined association the default, no matter the scenario. This is what allows the file spoofing.

---

That's a feature. It is a good thing. I want control over my computer to keep doing things the way I want. If I have cajole the OS into doing what I want every time I open a file, I'm going to get very frustrated.

In reply to:

---

The guys at Unsanity have a good write up of this in their blog and a couple of ways to fix it without losing the functionality.

---

A link would be nice. I tried to find this with google but had no luck. Google came up with only an old link about an Unsanity haxie for a much older Safari security vulnerability when I searched with: unsanity launch services site:unsanity.com

[bradleys]

In reply to:

---

OM_user, what you are suggesting sounds perfectly reasonable to me.

---

....and to me too.
Where there is a glaring disparity between the file extension, and the application that is about to open the file, why isnt it perfectly reasonable for the system to warn you, given that it clearly has this information at hand?
Other posters above have mentioned situations that "muddy the deeper waters" so to speak, but where filename.mov is about to be opened by Terminal, is definately in the shallow waters!
Basically what I am saying is that the system should as far as possible eliminate obvious and easily detectable discrepancies. I dont think I can imagine why a file with a ".mov" extension would EVER be justifiably opened by Terminal...It is always going to be either a spoof or malicious.