In the end, an operating system is just a series of ones and zeroes that, when interpreted by the processor; cause the computer to do certain things. Change the ones and zeroes, and it will do something different. Where are the ones and zeroes stored? Why, on the computer, right along with everything else! They’re just files, and if other people who use the computer are permitted to change those files, it’s “game over”.
To understand why, consider that operating system files are among the trusted ones on the computer, and they generally run with system –level privileges. That is, they can do absolutely anything. Among other things, they’re trusted to manage user accounts, handle password changes, and enforce the rules governing who can do what on the computer. If a bad guy can change them, the now-untrustworthy files will do his bidding, and there’s no limit to what he can do. He can steal passwords, make himself an administrator on the computer, or add entirely new functions to the operating system. To prevent this type of attack, make sure that the system files (and the registry, for that matter) are well protected. (The security checklists on the Microsoft Security Website will help you do this).
Friday 12 October 2012
Law 1: if A Bad Guy Can Persuade You To Run His Program On Your Computer, It’s Not Your Computer Anymore.
It’s an unfortunate fact of computer science: when a computer program runs, it will do what it’s programmed to do, even if it’s programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the computer. It could monitor your keystrokes and send them to a website. It could open every document on the computer, and change the word “will” to “won’t” in all of them. It could send rude emails to all your friends. It could install a virus. It could create a “back door” that lets someone remotely control your computer. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive.
That’s why it’s important to never run, or even download, a program from an untrusted source-and by “source,” I mean the person who wrote it, not the person who gave it to you. There’s nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t-it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.
That’s why it’s important to never run, or even download, a program from an untrusted source-and by “source,” I mean the person who wrote it, not the person who gave it to you. There’s nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t-it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.
10 Immutable Laws of Security
Here the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. (See “A Tour of the Microsoft Security Response Center”). In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don’t result from product flaws. Over the years, we’ve developed a list of issues like these, that we call the 10 Immutable Laws of Security
Don’t hold your breath waiting for a patch that will protect you from the issues we’ll discuss below. It isn’t possible for Microsoft-or any software vendor-to “fix” them, because they result from the way computer work. But don’t abandon all hope yet-sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems. (Find out more on this link Abiolaomoba.blogspot.com).
Don’t hold your breath waiting for a patch that will protect you from the issues we’ll discuss below. It isn’t possible for Microsoft-or any software vendor-to “fix” them, because they result from the way computer work. But don’t abandon all hope yet-sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems. (Find out more on this link Abiolaomoba.blogspot.com).
10 Immutable Laws of Security
Here the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. (See “A Tour of the Microsoft Security Response Center”). In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don’t result from product flaws. Over the years, we’ve developed a list of issues like these, that we call the 10 Immutable Laws of Security
Don’t hold your breath waiting for a patch that will protect you from the issues we’ll discuss below. It isn’t possible for Microsoft-or any software vendor-to “fix” them, because they result from the way computer work. But don’t abandon all hope yet-sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems. (Find out more on this link Abiolaomoba.blogspot.com).
Don’t hold your breath waiting for a patch that will protect you from the issues we’ll discuss below. It isn’t possible for Microsoft-or any software vendor-to “fix” them, because they result from the way computer work. But don’t abandon all hope yet-sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems. (Find out more on this link Abiolaomoba.blogspot.com).
Subscribe to:
Posts (Atom)