Blog

Lessons From The Past: 10 Immutable Laws Of Security (Version 2.0)

Working From Home
Cybersecurity

Lessons From The Past: 10 Immutable Laws Of Security (Version 2.0)

We looked at the 10 Immutable Laws of Security before. Then Microsoft security researcher Scott Culp posted a list of principles to keep in mind when considering computer security. Whether you are a novice user or an advanced user, it is sound advice to continue to use. In 2011 Microsoft decided to update the laws. As technology and the threat landscape keep evolving, so must our thinking and mental models. Below is the updated list. The differences with the old laws are bolded.

10 Immutable Laws Of Security (Version 2.0)

  1. If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
  2. If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
  3. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
  4. If you allow a bad guy to run active content in your website, it’s not your website any more.
  5. Weak passwords trump strong security.
  6. A computer is only as secure as the administrator is trustworthy.
  7. Encrypted data is only as secure as the decryption key.
  8. An out-of-date antimalware scanner is only marginally better than no virus scanner at all.
  9. Absolute anonymity isn’t practically achievable, online or offline.
  10. Technology is not a panacea.

The old list of laws can be found here: https://www.modernsamurai.info/laws-of-security/

User Agreement

Welcome to Modern Samurai.

An important part of establishing a contract is meeting of the minds. Where many websites hide their user agreement (a.k.a. terms of use, terms of service) at the bottom of their pages, we prefer to be upfront and honest about what you’re getting into. Please download our User Agreement and review it. If you agree, click “Agree” to continue to this Site. If you do not agree, click “Decline” to move away from this Site.