meyerweb.com

Skip to: site navigation/presentation
Skip to: Thoughts From Eric

Selectively Disabling Downloaded-File Warnings in Leopard

One of the things that I’ve found mind-bendingly annoying about Leopard (besides its complete refusal to allow classic window management) is the “this file was downloaded from the internet, are you sure you want to open it?” dialog box.  Yes, damn it: I just downloaded the file with the express intent of opening it.  Stop bothering me.  Keep it up and I might mistake you for PC.

What’s even worse is that the dialog requires mouse input to get past.  It would be just within the limits of acceptability if the dialog buttons responded to keyboard input; if I could hit command-O or something to invoke “Open”, then I’d probably keep the safeguard in place, because I could just charge past it with a quick twitch of the fingers.  Since I can’t, I want it gone.  And of course there’s no “don’t ask me again” checkbox to tick.

After a plea on Twitter, I got pointers to a couple of ways to disable this annoyance (as well as a ton of “oh God, I hate that too; let me know if you find an answer!” replies).  The first way is done as a Folder Action.  For a variety of reasons, I’m not that thrilled by folder actions, so I gave it a pass.  The other approach is to write your own preference file.  Ah, much better!  (Why is this better?  I don’t know.  It just intuitively feel like the better approach to me.)

Now, one way is to just disable the warning for all public.item files—which is to say, every type of file.  I was tempted, but it turns out there’s a finer grain that can be applied:  listing specific file types to be ignored.  Better still!  That way I can switch this off for the file types that I download all the time, like HTML files, and keep the safeguard in place for file types I almost never download, like executable scripts.

Doing this means you need a list of OS X’s Uniform Type Identifiers, so I dug around to find that listing, which appears to have moved in the not-too-distant past.  Here’s the preference file I’ve put together with that listing as a guide.  This file lists all of the file types I don’t want to be nagged about.


<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
   "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>LSRiskCategoryNeutral</key>
    <dict>
      <key>LSRiskCategoryContentTypes</key>
      <array>
        <string>public.text</string>
        <string>public.plain-text</string>
        <string>public.xml</string>
        <string>public.archive</string>
        <string>public.image</string>
        <string>public.audiovisual-content</string>
        <string>public.font</string>
      </array>
    </dict>
  </dict>
</plist>

I led with public.text because it encompasses not just regular text files, but HTML files as well; public.xml appears to cover XHTML, though I’m not 100% sure where those files fall.  public.audiovisual-content covers all audio and video files, as you might guess.  There are probably a few other types I’ll add over time, as I encounter enough resistance on certain types of files that I don’t need to be safeguarded.  I’ll probably never add public.script or public.executable to the list; personally, I prefer to be warned about that sort of stuff.

To make the magic happen, save the above file (or your own variation) as ~/Library/Preferences/com.apple.DownloadAssessment.plist.  Then log out of and back into your account.  Finito.

So if you’d like to get your Mac to be less of a nag about opening downloaded files, there’s how.  As the links above show, I’m standing on the shoulders of giants here, so my thanks to those who paved the way.  I hope that you will be able to benefit from both their work and my small additions thereto.

Update [13 Mar 09]: Potentially very bad news, folks.  I just tried this on my 10.5.6 machine and it failed utterly.  As did the Folder Action approach.  Older versions of Leopard apparently didn’t have this problem.  Anyone else seeing the same kind of thing on their machines?  If either way is still working for you under 10.5.6, can you tell us which one it is in the comments?  Thanks.

Update [18 Mar 09]: Great news, folks.  Ben Millett kindly sent me a copy of his working-under-10.5.6 file and I tried it out, and it worked!  The difference seems to be that the version I was using was encoded as “Unicode™ (UTF-8, no BOM)” whereas the encoding of the file Ben sent me is “Western (Mac OS Roman)” (both according to BBEdit).  So if your copy doesn’t work, check the file encoding.  Next I’m going to experiment with adding file extensions, and will report back if I meet with success.

27 Responses»

    • #1
    • Comment
    • Fri 13 Mar 2009
    • 0905
    Bob Monsour wrote in to say...

    Many thanks for your sleuthing (and those whose shoulders you stood upon)!

    • #2
    • Comment
    • Fri 13 Mar 2009
    • 0936
    Daryn St. Pierre wrote in to say...

    This is great. I saw (and replied to) your Tweet yesterday and implemented the original plist file that wasn’t as specific. This is a lot better though. Your research is appreciated and so is the fact that you shared it with the world. Weee!

    • #3
    • Comment
    • Fri 13 Mar 2009
    • 0938
    Todd Austin wrote in to say...

    Thanks for digging deeper on this, Eric. I’ve been using the public.item version of this. Nice to see a more specific way of accomplishing this.

    • #4
    • Comment
    • Fri 13 Mar 2009
    • 0944
    Matt Sayler wrote in to say...

    “What”s even worse is that the dialog requires mouse input to get past.”

    Um, no?

    You do have Full Keyboard Access turned on, don’t you?

    • #5
    • Comment
    • Fri 13 Mar 2009
    • 0946
    mgseeley wrote in to say...

    Thanks for posting this. When I attempted to save my plist file to ~/library/Preferences I was told it already existed. I knew I hadn’t created it before. The existing file contained one entry:

    <string>amz</string>

    So, the Amazon MP3 Downloader takes care of this problem for its own filetype during installation. Would you consider it risky for installers to add exceptions to this plist?

    • #6
    • Comment
    • Fri 13 Mar 2009
    • 0953
    Eric Meyer wrote in to say...

    Hard to say, Matt, because the instructions you linked don’t apply to Leopard in the slightest, so far as I can tell. For example, there’s no “Keyboard” preference pane, and under the “Keyboard & Mouse” preference pane, there’s no “Full Keyboard Access” tab, nor anything even remotely like it. Under “Universal Access”, I found a reference to Full Keyboard Access under the “Mouse & Trackpad” tab (where else?), but it implies that all it will let me do is tab between windows and dialogs.

    That’s not what I want. I’m able to use my keyboard to activate the buttons in many applications (command-O for “Open” being a common one). The Finder has generally not been one of them, which is wider point of annoyance, but one I was able to overlook until the downloaded-file warnings showed up.

    • #7
    • Comment
    • Fri 13 Mar 2009
    • 0957
    Eric Meyer wrote in to say...

    Would you consider it risky for installers to add exceptions to this plist?

    I would, actually, especially if they do it without asking the user for approval. Nevertheless, I completely understand why Amazon would do this. If they didn’t, then any time you bought downloadable MP3s from Amazon, you’d get a warning. And who would users blame? Amazon. (Not to mention the potential loss of trust—“wait, what is Amazon sending me that my computer is upset about it?”.)

    • #8
    • Pingback
    • Fri 13 Mar 2009
    • 1056
    Received from Annoying notices in Leopard fix « b&k m online

    […] In Mac OS 10.5 (Leopard), whenever you download a file and then attempt to open it, you are asked if you really want to open the file, because it originated from the Internet and could possibly harm your computer. Eric Meyer asked the twitterverse for suggestions on how to remove the warning and found that a new preference file will fix the issue (via). Now, one way is to just disable the warning for all public.item files—which is to say, every type of file. I was tempted, but it turns out there”s a finer grain that can be applied: listing specific file types to be ignored. Better still! That way I can switch this off for the file types that I download all the time, like HTML files, and keep the safeguard in place for file types I almost never download, like executable scripts.↵ […]

    • #9
    • Comment
    • Fri 13 Mar 2009
    • 1128
    Paul wrote in to say...

    Eric,

    Full keyboard access set to “all controls” will let you tab between buttons in a dialog box and use spacebar to activate them, not just “tab between windows and dialogs”. It’s very handy for dialog boxes where the typical cmd shortcuts don’t work. That’s not to say it’s a better solution for this specific problem than the one you provided, but it does obviate the need for the mouse in any dialog.

    • #10
    • Comment
    • Fri 13 Mar 2009
    • 1427
    Lachlan Hunt wrote in to say...

    Eric, to turn on full keyboard access in leopard, go to Keyboard & Mouse preference pane, select the Keyboard Shortcuts tab, and at the bottom there’s a set of radio buttons to enable full keyboard access.

    • #11
    • Comment
    • Fri 13 Mar 2009
    • 1441
    Matt wrote in to say...

    You’re right, the KB article has inaccurate instructions (for Leopard). But Paul is talking about what I was meant. When this is enabled, I hit tab and then space to clear the verification dialog.

    • #12
    • Comment
    • Fri 13 Mar 2009
    • 1547
    Eric Meyer wrote in to say...

    So I turned it on, and that means I can get past the dialog with two tabs and a spacebar. Of course, if I twitch wrong and do one or three tabs, I’m screwed. Allowing command-O (or even just plain O) for “Open” would be much, much better from a UX standpoint.

    But overall, I’d rather just not ever get the dialog box in the first place, at least for the file types I’m willing to let through. Now, if only I could figure out how to register .csv and .tsv as public.text UTIs…

    • #13
    • Comment
    • Fri 13 Mar 2009
    • 1730
    Eric Meyer wrote in to say...

    If you’re following the comment via RSS, please see the update on the post: this isn’t working in 10.5.6. Not any of it, actually; at least not for me. Anyone seeing different results?

    • #14
    • Comment
    • Sat 14 Mar 2009
    • 1135
    Ben M wrote in to say...

    I’m using 10.5.6 and it’s working for me. PHP files that I downloaded are opening, as are html & amz (I added that to the list). I don’t recall getting the message box for images or movies so I can’t verify that.

    • #15
    • Comment
    • Thu 19 Mar 2009
    • 0247
    Philippe wrote in to say...

    Ref, you update dd 18 Mar 09.
    Puzzled. The default for a plist file (any XML) is utf-8 last I checked, and your sample doesn’t specify any xml prolog (meaning: assuming default).
    I tested here, 10.5.6, with a plist file created with Property List Editor.app (part of the developers tools) and it worked just fine.

    • #16
    • Comment
    • Thu 19 Mar 2009
    • 0707
    Eric Meyer wrote in to say...

    I’m confused too, Philippe. All I know is the copy I had wasn’t working. When I dropped in Ben’s, it did work, and the only difference I can see is the encoding. (The version I had on my hard drive had the XML prolog.)

    I’ll try opening both in property List Editor (if I have it installed) and see if there’s any indicated difference, then save both and compare them to the originals and see what happens there.

    • #17
    • Comment
    • Thu 19 Mar 2009
    • 1330
    Nick Rinylo wrote in to say...

    Same here Ben M. 10.5.6 and works 100% for me.

    • #18
    • Comment
    • Mon 23 Mar 2009
    • 1128
    Eric Naujock wrote in to say...

    Not that it matters now but the issue your bothered by was created to address a very specific vulnerability. The Issue related to what one would call a drive by download. In the past you could create a malicious file and provide a link to it that would be downloaded and executed automatically bypassing the user controls.

    As a result prior to this you could lose control of your computer. That annoying box gives you the user the last bit of control to prevent bad things from happening prior to bad things happening.

    I am not saying that the box is the best solution for you but remember that since most users tend to run as admin and click without thinking that was the best defense that could be done easily. After all I expect you do like it that Apple tries very hard to keep your system secure from not so nice people.

    As for the solution I am glad you found an answer. I just hope your doing defensive browsing and not running as admin.

    • #19
    • Comment
    • Thu 26 Mar 2009
    • 1602
    Daniel Bely wrote in to say...

    Thanks for the tip.
    However, after several warning-free days I’ve downloaded a .wmv file with Firefox and received this annoying warning message again. I went to ADC site and checked this document:
    http://developer.apple.com/documentation/Carbon/Conceptual/understanding_utis/utilist/UTIlist.html#//apple_ref/doc/uid/TP40001319-CH205-CHDIJFGJ

    This page tells us that WMV conforms to public.movie -> public.audiovisual-​content -> public.content & public data -> public item. This means your tip should work but it doesn’t for some unknown reason.

    Any ideas?

    Have you tried downloading .wmv files?

    • #20
    • Pingback
    • Mon 30 Mar 2009
    • 0706
    Received from Disable downloaded-file warnings in Leopard - machine quotidien

    […] Selectively Disabling Downloaded-File Warnings in Leopard […]

    • #21
    • Pingback
    • Mon 30 Mar 2009
    • 1347
    Received from How to disable that annoying downloaded file warning in Leopard « SBP’s Random Walk

    […] How to disable that annoying downloaded file warning in Leopard From Eric Meyer: […]

    • #22
    • Comment
    • Mon 24 Aug 2009
    • 0655
    ton wrote in to say...

    I tried it but does not work. I am using 10.5.8.

    I would like very much to have a solution like this. Do you have any idea what the problem might be?

    • #23
    • Comment
    • Fri 25 Sep 2009
    • 0726
    Craig wrote in to say...

    Anybody have any luck with this for NZB files and snow leopard?

    • #24
    • Comment
    • Sat 17 Oct 2009
    • 1621
    andsens wrote in to say...

    Craig:
    > Anybody have any luck with this for NZB files and snow leopard?

    Nope, torrent files work just fine, but SL keeps bugging me with warnings about opening nzb files, even though I added both text/xml as Mime safe type and nzb as safe extension.

    • #25
    • Comment
    • Sun 8 Nov 2009
    • 1814
    larryy wrote in to say...

    I figured it out, I think. Lots more explanation and a couple of additional steps I took that I *think* are unnecessary can be found here, but bottom line, I think you just need to open this .plist file in TextWrangler or BBEdit, do a Save As, use the Options button to set the encoding to UTF-8 instead of UTF-8, no BOM, and save right over the original version of the file. And reboot (or log out and in, not sure which is necessary; both are sufficient).

    This is probably mostly an issue for people who have used Amazon downloads, which creates this .plist file, but makes it a UTF-8, no BOM file for whatever reason. I’ll bet that even people who have their browser set to process safe files aren’t getting auto-launch of Amazon’s download app in later versions of Leopard and in Snow Leopard, and this “no BOM” file encoding is why.

    • #26
    • Comment
    • Wed 24 Feb 2010
    • 2116
    Tim wrote in to say...

    I’m trying to whitelist .flv movies.. and can’t find any reference to them! I’ve added:
    public.movie
    public.mpeg4
    to your list (thanks!), but flv is not mentioned at the apple dev site (now found at: http://developer.apple.com/mac/library/documentation/Miscellaneous/Reference/UTIRef/Articles/System-DeclaredUniformTypeIdentifiers.html#//apple_ref/doc/uid/TP40009259-SW1 )

    Thanks again! Tim

    • #27
    • Comment
    • Sun 31 Oct 2010
    • 1026
    Francois wrote in to say...

    Hi Eric, hi everyone,
    Late, but catching up.
    Great stuff, except that I cannot unravel my problem when tying to deal with .docx or .pptx, etc.
    Even if these files are “reliable”, I can’t open them automatically.
    You know how to deal with?? :-)
    Many thanks by advance!
    Francois

Leave a Comment

Line and paragraph breaks automatic, e-mail address required but never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



Remember to encode character entities if you're posting markup examples! Management reserves the right to edit or remove any comment—especially those that are abusive, irrelevant to the topic at hand, or made by anonymous posters—although honestly, most edits are a matter of fixing mangled markup. Thus the note about encoding your entities. If you're satisfied with what you've written, then go ahead...


March 2009
SMTWTFS
February April
1234567
891011121314
15161718192021
22232425262728
293031  

Sidestep

Feeds

Extras