Question

In an operating system, whenever the user is about to install new software, a pop-up screen appears displaying details and asks the user to approve installation or to abort. Many programs are signed by a software vendor, with a certi cate for that vendor from a trusted CA; in this case, the pop-up screen displays the (certi ed) name of the vendor and the (signed) name of the program. Other software programs are not signed, or the software vendor is not certi ed; in these programs, the pop-up screen displays the names given by the program for itself and the vendor, but with a clear statement that this was not validated.

1 Explain how an attacker can exploit human vulnerability/oversight to get malicious programs installed.

2.An organization wishes to prevent the installation of malware, so it publishes to its employees a list of permitted software vendors so that employees would verify their names before installing. Does this improve the situation? If yes how, else if not why not?

Answer 1

1. In this case, the attacker can make the name of the application to be very generic that we use a lot and we trust a lot.
In this case, we will not see the validity of the certificate and will simply install the certificate. Thus in this way, he can oversight and let the user install the software and hence he will get the malicious software installed.

2. This can improve the situation a little, but it is very tedious task for an employee to go and check in the list each time, he installs any certificate. Thus it would be better to install a anti-virus or software that can check and track for the malicious software and let the user know before installation.

Friend, That was a nice question to answer
If you have any doubts in understanding do let me know in the comment section. I will be happy to help you further.
Please like it if you think effort deserves like.
Thanks