|
|
|
| However you may feel about Microsoft and Security, these laws go a long ways towards clarifying the issues and challenges in today's world.
Microsoft's Ten Immutable Laws of Security Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore Law #3: If a bad guy has unrestricted physical access to your computer, [or data] it's not your computer anymore Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more Law #5: Weak [or weakly protected] passwords trump strong security Law #6: A computer is only as secure as the administrator is trustworthy [and is aware of threats and countermeasures] Law #7: Encrypted data is only as secure as the decryption key Law #8: An out of date virus scanner is only marginally better than no virus scanner at all Law #9: Absolute anonymity isn't practical, in real life or on the Web Law #10: Technology is not a panacea |
