Mon, Apr 25 2005 18:44
Law Number 1 - Would you eat that Sandwich?
I'm going to remind folks of the 10 laws of security....this came up because someone in the newsgroup asked if there was a weakness in SBS because someone reset the admin password [but that's to be covered in Law # 3 so stay tuned for that]
First up is:
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
It's an unfortunate fact of computer science: when a computer program runs, it will do what it's programmed to do, even if it's programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the computer. It could monitor your keystrokes and send them to a website. It could open every document on the computer, and change the word "will" to "won't" in all of them. It could send rude emails to all your friends. It could install a virus. It could create a "back door" that lets someone remotely control your computer. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive.
That's why it's important to never run, or even download, a program from an untrusted source—and by "source," I mean the person who wrote it, not the person who gave it to you. There's a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn't—it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you'll usually be safe.
My sister is wising up a bit, but for awhile there she would go out to websites looking for Disney screensavers and icons and just click...well it ended up that she got more than she bargained for..spyware that I ended up cleaning up.....why? Because she failed to follow rule #1. She let someone persuade her into running their bad stuff on her machine.
Now most of us would say, well that was a blonde thing to do, but keep in mind this is EXACTLY how most malware and junk gets on your system. You click YES. And when you give that program permssion, you've given up your machine to that bad guy.
So what's the remedy for this? Only say yes on those items that you know where the software came from, you trust the vendor of the application.
Like the law says... if you didn't make that sandwich and don't know who did... would YOU eat it? The same is true for software. And especially for anything that comes free. If it sounds too good to be true, it always is, isn't it?
hmmm... why am I all of a sudden in the mood for a toasted cheese sandwich.....
Filed under: Security