[PLUG] Microsoft's Ten Immutable Laws of Security

R Haack gluebert at comcast.net
Wed Feb 2 17:34:11 UTC 2005


Carla Schroder wrote:

>On Wednesday 02 February 2005 8:37 am, Ron Braithwaite wrote:
>  
>
>>This was on the SANS list this morning. As much as I hate to give any
>>credit to M$, these "laws" are pretty good. Of course, they weren't
>>quite complete, so the SANS editors made some changes to make them more
>>inclusive. Which goes to show that even when M$ does something right, it
>>is generally a day late and a dollar short.
>>
>>-Ron
>>
>>***
>>
>>Microsoft's Ten Immutable Laws of Security
>>
>>Please provide examples of real security incidents that illustrate any
>>of these laws.  Other examples of security breaches caused by sysadmins
>>errors are equally welcome. Email them to info at sans.org Subject: 10Laws
>>(Original source and more details:
>>
>>    
>>
>http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx}
>  
>
>>We've made a few changes [in brackets] to make them a little more
>>inclusive.
>>
>>Law #1: If a bad guy can persuade you to run his program on your
>>computer, it's not your computer anymore
>>
>>Law #2: If a bad guy can alter the operating system on your computer,
>>it's not your computer anymore
>>    
>>
>
>Wow, either the PLUG list has mellowed, or a big meteor hit Portland, or 
>you're all laughing too hard to post. So let me be the first to say the 
>blindingly obvious: "But the core, warp, woof, and fiber of the Windows 
>architecture is to allow, indeed, to welcome these very things." No 
>persuasion necessary, Windows always has the red carpet out for malware.
>
>How do they keep a straight face?
>
It's not easy but I do feel like my face is about to explode with 
laughter.  :-D

Robert



More information about the PLUG mailing list