Let us imagine the following
scenario. You are accountable for the administration of
an e-commerce site where credit card's numbers of your clients
are stored. A facility that would improve some aspects
of the team productivity is discovered in Internet by one
of your development team members. With complete honesty
and willing to serve his company, he decides to install
it for the whole team to use it. Now, suppose this facility
was developed by a gang involved in stealing credit card's
numbers. They made it available for everyone with the purpose
of inducing developers of e-commerce
sites to install it innocently. This facility not only
provides the feature it announces, but also scans databases
in search of credit card's numbers, using permissions of
the developers executing it. After doing so, it sends those
numbers by e-mail (something that any developer may do)
to an anonymous account of some free hosting service like
Hotmail or Yahoo, avoiding in a simple but crushing way,
the OS's access control, the database and the firewall.
This
kind of software attack is known as Trojan horse. In the
past example, the Trojan horse carried out an attack against
confidentiality of your information. Scientific Society
working in Computer Security, after years of researching,
has determined that none of the commercial operating system
and other base software provides effective protection against
confidentiality attacks conducted by Trojan horses. Their
functioning is virtually undetectable and it is impossible
to tell it apart from the one of a similar and harmless
program.