Microsoft’s 10 Laws of Security [Quick Read]

Here’s an interesting, super quick and short read for all enthusiasts of technology, systems security and cyber security living in the simulation, about the ten laws of security by Microsoft, also known as The Ten Immutable Laws of Security.

Microsoft Logo

In case you did not read the post title, above is a banner image that has the same text as the title. This banner also serves as an image to link this post with in search engines; also an image that makes an otherwise boringly bland block of text — sexy AF (subjective).

Law #1:

If a person persuades you into running their program on your computer, it is not your computer anymore

Law #2:

If a person alters the operating system on your computer, it is not your computer anymore

Law #3:

If a person has unrestricted physical access to your computer, it is not your computer anymore

One of the most overlooked aspects of security in the field of technology is the aspect of physical access  physicality. Since we are so invested in the image of security breaches being more of a “virtual” factor with remote connections, and the typical black terminal window flooding with green 1s and 0s (or the recipe for Sushi), we forget that merely one physical access into the system by a person who knows what they’re doing has the ability to cause some serious damage such as injecting a payload via a portable drive, or stealing all saved login credentials, or bypassing the login screen by booting via a specially prepared drive, or even install a deadly keylogger that records keystrokes and auto-executes every time the system starts; all within just a few seconds of gaining physical access to a system.

Law #4:

If you allow a person to load active content/programs onto your website, it is not your website anymore

Law #5:

Weak passwords trump strong security

Law #6:

A system is only as secure as the administrator is trustworthy

Law #7:

Encrypted data is only as secure as its decryption key

Law #8:

An out-of-date virus scanner is only marginally better than no virus scanner at all

Law #9:

Absolute anonymity is not practical — in real life or on the Web

Law #10:

Technology is not the solution for all difficulties

1 comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.