SHARE

10-immutable-laws-of-seurity-microsoftShort Bytes: Do you know about Microsoft’s 10 Immutable Laws Of Security? These laws might be a few years old, but they act as a solid guide on security principles. These laws cover various aspects like the importance of security, the safety of encryption keys, and update antimalware scanner.

More than a decade ago, Microsoft revealed its Ten Immutable Laws of Security to outline the security principles that Microsoft followed. These laws were like a basic primer for a novice computer user.

The original 10 Immutable Laws Of Security

  • If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
  • If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
  • If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
  • If you allow a bad guy to upload programs to your website, it’s not your website any more.
  • Weak passwords trump strong security.
  • A computer is only as secure as the administrator is trustworthy.
  • Encrypted data is only as secure as the decryption key.
  • An out of date virus scanner is only marginally better than no virus scanner at all.
  • Absolute anonymity isn’t practical, in real life or on the Web.
  • Technology is not a panacea.

Back in 2011, Microsoft decided to update these laws and presented the Ten Immutable Laws of Security (Version 2.0). This update was obvious due to the fact that with time the technology had changed a lot.

Microsoft says that sound judgment is the key to protect yourself from the risks that are mentioned ahead. If you keep these laws in mind, you can significantly improve your security:

10 Immutable Laws Of Security (Version 2.0)

The bold words show the changes that were made in the version 2.0. Take a look:

  1. If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
  2. If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
  3. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
  4. If you allow a bad guy to run active content in your website, it’s not your website anymore.
  5. Weak passwords trump strong security.
  6. A computer is only as secure as the administrator is trustworthy.
  7. Encrypted data is only as secure as its decryption key.
  8. An out-of-date antimalware scanner is only marginally better than no scanner at all.
  9. Absolute anonymity isn’t practically achievable, online or offline.
  10. Technology is not a panacea.

Microsoft has also provided detailed explanations for each law that you can read here. Please feel free to share it with your friends and family who might be unclear on basic computer security principles.

Also Read: What Is “Incremental-Hacking Cycle”? How It Improves Programming And Hacking Skills?

SHARE
Adarsh Verma
Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]