The 10 Immutable Laws of Computer Security

1. If a bad guy can persuade you to run his program on your computer, it’s not your computer any more.
2. If a bad guy can alter the operating system on your computer, it’s not your computer any more.
3. If a bad guy has unrestricted physical access to your computer, it’s not your computer any more.
4. A computer is only as secure as the administrator is trustworthy.
5. Weak passwords trump strong security.
6. Encrypted data is only as secure as the decryption key.
7. An out of date virus scanner is only marginally better than no virus scanner at all.
8. If you allow a bad guy to upload programs to your website, it’s not your website any more.
9. Absolute anonymity isn’t practical, in real life or on the Web.
10. Technology is not a panacea.