Originally Posted by druble
To be fair it is a little more then just people doing the smart thing or not. Lets say you are uploading some pictures to facebook. A new version of the uploader needs to be installed. Only the insanely paranoid person would not allow that installation to take place even if they got a message about code being unsigned. Why, because it is smart to trust a big company like facebook. Just like it is smart to trust a big company like Microsoft, or Google, or Apple. The problem is that hackers are able to get their trojans onto companies sites from time to time. It's not about doing the smart thing or not. It's about getting tricked. No one is safe from being tricked. Someone who believes they are above the average user so much so that they could never get a virus is usually the person whose computer has been a long time member of a bot net. I am an ISS major and I know mountains more then the average user and I know full and well that I can just as easily be tricked as the next person when you are dealing with trusted sources. Oh, and queue some loser who is going to complain about long sentances and no paragraphs. I did it on purpose just because it bothers you.
Point A- No, your example is broken. Why would Facebook, a website, need an admin password to install anything? And a secondary alert is that the signing you dismiss explicitly is saying the code would not have come from your fictitious Facebook. Why would Facebook have somebody else install something? If you are going to avoid two major red flags you chances of being tricked go up exponentially.
Point B - Yes trickery can happen to anyone, and I have been saying all along this is a social engineering attack because of that. Not something that can be effectively defended in code. So I suggest you read the flow of posts a bit better because as a CS professor I find your mountainous ISS major skills lacking in comprehension and analysis of the text before you.
Point C -Being snide about intentionally poor grammar isn't something I would be proud of. Just sayin'.