Life on the Internet

The 10 Immutable Laws of Computer Security

Scott Culp’s “10 Immutable Laws of Security” from Microsoft c.2000, but still highly relevant today.

  1. Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
  2. Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
  3. Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
  4. Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more.
  5. Law #5: Weak passwords trump strong security.
  6. Law #6: A computer is only as secure as the administrator is trustworthy.
  7. Law #7: Encrypted data is only as secure as the decryption key.
  8. Law #8: An out of date virus scanner is only marginally better than no virus scanner at all.
  9. Law #9: Absolute anonymity isn’t practical, in real life or on the Web.
  10. Law #10: Technology is not a panacea.

Further reading: Revisiting the 10 Immutable Laws of Security

Standard

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s