The 10 Immutable Laws of Security

By Jason Fitzpatrick on August 31st, 2011

If you’re looking for a basic primer to share with friends and family who are a bit unclear on their role in their own computer security, this guide from Microsoft can help clear things up.

The list is somewhat of a classic Microsoft offering but despite being a few years old it’s a really solid overview, especially for people who are unclear on basic computer security principles. Here’s the first law:

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore

It’s an unfortunate fact of computer science: when a computer program runs, it will do what it’s programmed to do, even if it’s programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the computer. It could monitor your keystrokes and send them to a website. It could open every document on the computer, and change the word “will” to “won’t” in all of them. It could send rude emails to all your friends. It could install a virus. It could create a “back door” that lets someone remotely control your computer. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive.

That’s why it’s important to never run, or even download, a program from an untrusted source—and by “source,” I mean the person who wrote it, not the person who gave it to you. There’s a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t—it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.

Hit up the link below for the full list (and don’t be afraid to send the link to a friend or relative that could use a little refresher).

The 10 Immutable Laws of Security [Microsoft TechNet via O’Reilly Radar]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 08/31/11
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!