Dmg isn't scary. It's just a disk-image that mounts upon download. You have to manually start any executable on it.

And yes, there are users who click on executables carelessly, but those aren't scared by url-parts.

Safari’s DMG behaviour has been problematic in the past: https://www.cnet.com/news/mac-os-xsafari-dmg-vulnerability-r...

Uhh... It mounts after downloading? Aside from that I doubt (or don't want to believe) that's what's happening... Doesn't that sound inherently dangerous to you? We've seen files that could infect Windows machines just from having the file browser look directly at them.

Considering most people in the world use Windows, dmg is pretty much irrelevant. They can only be opened/unpacked on Macs, so even if it contains a evil payload you won't ever got to it on Windows or Linux.

Exe-files has much bigger impact and can be run through emulation on non-Windows systems.

I'd say exe is a much better choice.

My mental pronunciation mechanism cannot stop reading "dmg" as "damage"

Same for me. I guess that's what decades of playing with and reading about video games do to your brain ^^

You must be a Richard Herring fan.

As an OSX user, it is fairly amusing when some sketchy ad auto-downloads some "setup.exe" file.

As a Windows user, it's amusing when shady websites try to emulate macOS system dialogs, or Android ones.

But what if you do the same on Linux, with Wine installed? are you vulnerable the same way Windows users are ? I mean: Wine lets you just double-click exe file to run it.

No idea, however I doubt any Linux user with Wine installed would double click some random setup.exe that was auto downloaded.

You are dangerously underestimating stupid...

*Considering most people in the world use Android.

Good point. Doesn't invalidate mine though :)

Well, most people use both.

That can't be true can it?