0

Is it possible for a download to specify it's own icon (as a file in the GUI)? So for example, if I download a file called foo.dmg can I make it show up (in the download bar or in the explorer) as a video. I'm asking for Mac but Windows would be a bonus.

Reason this is security related: I (and I'm sure others) rely on the logo to trust that the right app will be used to open the file as a proxy to checking the extension.

Jad S
  • 393
  • 4
  • 7
  • I don’t think there would be a reliable way to do that just from a browser download. The only case I can think of for something similar is the volume icon for a mounted DMG on macOS, but that is applied once the DMG is open. There is metadata on files and folders that affects icon display in Finder, but this could be abused just as easily as it could be used. – nbering Dec 03 '18 at 23:21

2 Answers2

2

A icon / logo is not a security control and applications can specify any icon they wish attached to an exe and ini files on a desktop for windows.

McMatty
  • 3,192
  • 1
  • 7
  • 16
1

Yes. Many file formats can embed thumbnail icons, and the system may use these icons when displaying the file. For some file types, the OS knows how to generate an icon for, but some more complex file formats the icons may be embedded into the file and the system will use that embedded icon. It's possible for the icon to not match the file content.

In particular, it is possible for an .exe file to attach arbitrary icon image. This is a common technique for trojans .exe file to have an icon that looks like a less dangerous document (e.g. a Word document, video).

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93