Microsoft has been scrutinized for computer security for as long as they’ve been making software. Microsoft has dealt with countless reports of security vulnerabilities. When a vulnerability is reported, they work as quickly as possible to develop a patch. However Microsoft has discovered that in many cases, a supposed vulnerability turns out to be an issue with the user, something that no software patch can fix. That’s why over the years the Microsoft Security Response Center has come up with a list of 10 laws that when followed will reduce your odds of encountering computer security incidents.

Law #1) If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.

Too many people make their lives much harder by running programs on their machines that they have no clue who the author is. People tend to install programs when they receive it from someone they trust, but unfortunately it doesn’t matter unless you know the source (author) of the program. Installing a bad program can take away your ability to use your computer. During that time the program might reformat your hard drive or it might just send out embarrassing emails to your friends. Either way, a lot of headaches can be avoided by knowing your source.

Law #2) If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

The files that make up your operating system are the most trusted files on your computer, and they can do absolutely anything. They manage your accounts. They manage your passwords. They manage permissions. If someone takes control of these files, you can bet the first thing that will happen is you’ll be locked out of your computer, as your computer will have a new administrator. The best way to avoid this type of attack is to keep your system files well protected.

Law #3) If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

Most people associate computer security with remote attacks. Most people don’t think about their computer being stolen off their desk or server rack. Laptops are especially prone to theft. Once someone has the machine in their hands, it is obvious that person can do a lot with it. They can mirror your hard drive and hack your passwords. They can get all the sensitive data they want off the computer. They could even hold it for ransom. The only true prevention for laptop theft to ensure it is kept with you at all times. Keep the company server in a locked room.

Law #4) If you allow a bad guy to upload programs to your website, it’s not your website any more.

This law is basically Law #1 but in reverse. Law #1 involves you downloading something on your computer. This Law involves the bad guy uploading a harmful program and running it. This is more common on websites where users are permitted to upload files. It is recommended that you limit what your visitors can do. However careful you may be, if you are running a website on shared server and someone else’s website becomes compromised, the problem could spread to your website.

Law #5) Weak passwords trump strong security.

You would be surprised how many computers have no password setup. No password means anyone can log in as you, and as far as the computer is concerned, it is you. Whatever you can do, they can do. Make sure you have a strong password setup at all times. The strongest password should contain upper and lower case letters and numbers. And don’t write it on a sticky note and put it on the side of your monitor.

Law #6) A computer is only as secure as the administrator is trustworthy

Every computer has an administrator. If the administrator is untrustworthy, then the computer and its content are at risk. The administrator can do pretty much anything he wants, and even worse he can cover his tracks. If your administrator is untrustworthy, then you have absolutely no security. Before hiring an administrator, you should call references and find out their track record, even buy a background check. It is a good idea to enforce 2 person installation policies. Keep sensitive data on write only drives on 2 different computers with 2 different administrators. The more accountable your administrators are, the less likely problems will surface.

Law #7) Encrypted data is only as secure as the decryption key

Strongly encrypted data is great. Unless of course the decryption key is on the same machine. Most people enjoy the convince of storing encrypted files on the computer that encrypted it (with the key). No amount of encrypting can stop someone from opening those files if the key is on the same machine. Make sure you keep the two things separate at all times.

Law #8) An out of date virus scanner is only marginally better than no virus scanner at all

Virus scanners only work against a virus if it contains the virus’s signature. If you rarely update your virus software, you are exposing yourself to every virus created since your last update (that number grows fast). You should update your virus software as often as possible, no less than once per week. The last thing you need is a virus deleting your files or taking down an entire network.

Law #9) Absolute anonymity isn’t practical, in real life or on the Web

Just like in real life, keeping yourself 100% anonymous is not practical, or even possible. Sure, there are programs that can mask your IP by laundering 1’s and 0’s, but no level of IP masking is completely out of range for someone to figure out your true identity. You can disable cookies. You could visit only certain websites. But the best way to maintain a practical level of privacy on the internet is the same way you do in real life – through your behavior. Don’t visit un-trusted websites. Read privacy statements.

Law #10) Technology is not a panacea

We have seen amazing developments when it comes to technology and security. You would think that if we all worked hard enough, one day we could live in a risk-free world. Unfortunately that isn’t realistic. Perfect security requires perfection that can never exist. Most attacks involve the manipulation put in place by human intervention. As technology progresses and shifts, so will the bad guys. In the future the best way to prevent security issues is to keep current on the best practices that will ultimately change over time.

Please refer to this Microsoft Security Response Center article for more information.

If this is your first visit to www.crimcheck.com, please feel free to read about us and what we do!

Tags: computer, computer security, microsoft, program, security, virus