[Ilugc] Misleading article in Ziff-Davis eWeek
- From: siva@xxxxxxxxxxx (Sivasankar Chander)
- Date: Tue Nov 2 15:37:31 2004
That's besides the point. Social engineering works anywhere. If people get a
dialog box asking them to type in the root password to see 'My Document',
they would. Linux being or not being inherently secure is not a factor
here.
On any Unix-like operating system, you would not get a dialog box asking
for a root password to see any document, leave alone something called
'My Document'. That alone would be an indicator of something wrong,
like maybe he's sitting in somebody else's cubicle in front of a different
computer :-).
Ordinarily, the user need not even know the root password, and still be
able to use the system for normal day-to-day office activities. This is
the default situation in most Unix deployments in corporate settings.
Popping a dialog-box with such a question would not be of any use for
a Trojan, if the user simply didn't know the root password, or was smart
enough not to type it in at such a prompt.
The title of the article referred to *viruses*, but the entire article
only talks vaguely about social-engineering and phishing - both of which
have nothing to do with viruses.
-Siva
Other related posts:
