Slash Dot has an article about how a package can bypass GateKeeper. I know what GateKeeper is but I'm having trouble understanding the practical implications. Please tell me where I'm confused.
For me to be affected by this, I first need to download the malware package. This implies that either the website I'm going to has been compromised or I'm going to random strange web sites.
For the case where the site has been compromised already, then all bets are off anyway.
In the case that I'm downloading random things from random sites, then I'm likely to be infected by something anyway so who cares if the package is clever about infecting me or not. I've already dropped my guard and am open to attack.
For me to be affected by this, I first need to download the malware package. This implies that either the website I'm going to has been compromised or I'm going to random strange web sites.
For the case where the site has been compromised already, then all bets are off anyway.
In the case that I'm downloading random things from random sites, then I'm likely to be infected by something anyway so who cares if the package is clever about infecting me or not. I've already dropped my guard and am open to attack.
