How-To Geek

The 10 Immutable Laws of Security

If you’re looking for a basic primer to share with friends and family who are a bit unclear on their role in their own computer security, this guide from Microsoft can help clear things up.

The list is somewhat of a classic Microsoft offering but despite being a few years old it’s a really solid overview, especially for people who are unclear on basic computer security principles. Here’s the first law:

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore

It’s an unfortunate fact of computer science: when a computer program runs, it will do what it’s programmed to do, even if it’s programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the computer. It could monitor your keystrokes and send them to a website. It could open every document on the computer, and change the word “will” to “won’t” in all of them. It could send rude emails to all your friends. It could install a virus. It could create a “back door” that lets someone remotely control your computer. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive.

That’s why it’s important to never run, or even download, a program from an untrusted source—and by “source,” I mean the person who wrote it, not the person who gave it to you. There’s a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t—it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.

Hit up the link below for the full list (and don’t be afraid to send the link to a friend or relative that could use a little refresher).

The 10 Immutable Laws of Security [Microsoft TechNet via O’Reilly Radar]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 08/31/11

Comments (8)

  1. Missa

    I know both, but this information get along with the above. In the world of hackers is computer code that provides access to the victim’s computer, cookies, Bud, you’re sitting in his office at work but the remote to your PC – it also allows hackers program to do it! Here, for example, you go online and ask strangers for programs or applications, but free, they say that this is a link you go through it and get something like you are giving the keys to access your PC: go to the link is accompanied by the transfer of information from the PC – as if watching over you and your ISP to sniff out something about you then, and here the same way. By the way YouTube showed me this information when I looking for information on Google how to protect my PC, just in my PC has been committed by the penetration of which reflected the Norton 360 antivirus. I was curious and found the terrible things in the videos, users can not even guess that in their system, someone is doing their work, even when there is strong anti-virus. Now I always use a removable hard drives and card readers, one of which is to install the OS In7.

    Use only legal software or free replacements expensive.

    I also cut down the supply voltage of the power strip when the PC is turned off.

    “How To Geek” Thank You ! Arigatou (^_^)!!!

  2. Bython

    @Missa: your anti virus won’t help if a black hat knows your system is weak, I recommend to use a very clever firewall. Or just use another OS(operating system) like Linux or Mac OS, I have a lot of experience with both of them and I’ve never got a virus (or other crap) on my PC again.

    Those laws are very weak on themselves because they don’t help you as much. It would be much better if they had good and helpful tips in their article then at the end a advertisement ;), like the first law, I know that you can’t trust anybody on the internet or in real life. Like your friends got a virus and they send you a infected mail with a fake image, I know for sure that 40% of the people would open the image, 20% will scan the image (maybe automatically), and 30% would scan it but approve it as trusted. So your anti virus has to be used with common sense and always ask your friends if they know that they sender you a email. Confirm everything if you suspect something! Use your common sense, and I know for sure you get a lot less viruses then before.

  3. PC

    This article is supplied by Microsoft ?! … Perhaps the world’s most unsecured software. Pass. I’ll go and find a company who doesn’t make buggy software, and expects large amounts of money for it. Wonder when Google will released their OS, or maybe I’ll just go back to Apple.

  4. C. E.

    @PC: Let’s not turn this into a nonsensical Apple vs. Microsoft argument. There is no such thing as an invulnerable OS; all have vulnerabilities available for exploit. It just so happens that often Windows has the most due to its market success.

    @Bython: I’ve never gotten a virus on a Windows PC. Does that by extension mean that Apple’s OS or Linux are virus-ridden cess pools? Often ending up with a virus or malware or whatever has less to do with the OS and a lot more to do with the user on the other end. If Apple’s OS or Linux were targeted regularly, I can imagine the linked article might be coming from a different source (or in Apple’s case, perhaps not at all, considering the way they swept that little malware issue a while ago under the table:

    tl;dr: The majority of responsibility ultimately falls on the end user, regardless of OS.

  5. Sesses

    Microsoft’s coding is as good as anybody else’s. The only reason you see so may viruses and attacks against them is because of their massive majority market share (80% last I heard?). Going to apple or something else will be safer for now, just hope that everyone else doesn’t have the same idea!
    Also just thought I would add, switching to Apple would most likely be more expensive (unless you hackintosh). They are famous for over charging for dated hardware, and of course restricting what you can use.

  6. Derpington

    @PC Google’s OS has been released, I’ve had a chromebook\cr-48 since Dec. when it was in beta.

  7. Grant

    @Sesses and C.E. There is a flaw in your logic.

    Linux is much more popular in the world of public facing web servers, especially when you only consider the 1 million busiest, and yet, they are compromised much more often. The black hats, given the choice between my mom’s laptop, and a nice, busy public web server, will choose the web server every time. It is not the install base. It is the trust of RPC and DDE, and the compatibility added for applications designed to run in a single user world, expecting full rights to the machine, executable being based on a file name rather than file system metadata, as well as other things.

  8. Mohamed Ashraf

    I read these before they are good but the third law is old anyway I also read another series of articles called the laws revisited I think it was also in technet.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!