Had some great formal security training years ago … Every instructor stressed there is no such thing as absolute security or privacy. If your PC or device is plugged in and turned on – you are vulnerable and there are potential risks. The security process is more about risk management, best practices, staying informed, and technical fortifications.
“Security is only as strong as your weakest link” … If there is unguarded glass window along the side of Fort Knox (e.g., weak authentication controls, unpatched systems, etc.) — then the bad guys are going to find a way in and get possibly get some of the gold.
QUOTE: It isn’t possible for Microsoft—or any software vendor—to “fix” them, because they result from the way computers work. But don’t abandon all hope yet. Sound judgment is the key to protecting yourself against these pitfalls, and if you keep them in mind, you can significantly improve the security of your computers, whether they sit on your desk, travel in your pocket, or exist in a virtual cloud.
Ten Immutable Laws of Security
Law # 1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
Law # 2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
Law # 3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
Law # 4: If you allow a bad guy to run active content in your website, it’s not your website any more.
Law # 5: Weak passwords trump strong security.
Law # 6: A computer is only as secure as the administrator is trustworthy.
Law # 7: Encrypted data is only as secure as its decryption key.
Law # 8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
Law # 9: Absolute anonymity isn’t practically achievable, online or offline.
Law # 10: Technology is not a panacea.