Even Windows has resources, including icons, inside the exe file. Obviously a bit different (it's not in metadata, it's in the actual executable) but the idea that a single file named PerfectlyHarmlessPhoto.jpg.exe could have an icon of a jpeg file turns your computer in a botnet client is not a novel one.
Afaik in contemporary Mac OS, you have a directory with certain files in it. I'm not sure if anything prevents you from naming the directory PerfectlyHarmlessPhoto.jpg.app and giving it a jpeg icon. You would need to get the user to extract an archive first, which may be more or less difficult.
I think the Linux practice of having a separately identified file provide the icon is relatively rare. (I just checked Nautilus and ROX-Filer, and ROX-Filer shows .desktop icon files and allows you to execute them directly. Nautilus treats them like any other configuration file. I guess it would be relatively difficult to trick a Nautilus user into executing a script they thought was an image.)
The article claims that reading from the disk is extremely slow and so this results in a significant speed up. It is pretty quick to parse the images compared to reading the files off disk.
If the security considerations are relevant, you could presumably write the operating system not to render the icon of non-installed software tools.
I was referring specifically to the limited case of executables. As I mentioned, executables in Windows have a resource that is the icon. There's probably no real security issues in having a photo show up with a Word document icon.
Windows File Manager (which was used till Windows 3.11 and Windows NT 3.51) doesn't show generated thumbnails, although Windows Explorer does.
Afaik in contemporary Mac OS, you have a directory with certain files in it. I'm not sure if anything prevents you from naming the directory PerfectlyHarmlessPhoto.jpg.app and giving it a jpeg icon. You would need to get the user to extract an archive first, which may be more or less difficult.
I think the Linux practice of having a separately identified file provide the icon is relatively rare. (I just checked Nautilus and ROX-Filer, and ROX-Filer shows .desktop icon files and allows you to execute them directly. Nautilus treats them like any other configuration file. I guess it would be relatively difficult to trick a Nautilus user into executing a script they thought was an image.)
The article claims that reading from the disk is extremely slow and so this results in a significant speed up. It is pretty quick to parse the images compared to reading the files off disk.
If the security considerations are relevant, you could presumably write the operating system not to render the icon of non-installed software tools.