Joe’s Tech

I had put together a post (unpublished, yet) regarding computer security.  I’ll delay it in favor of this one.

One of The Rules of computer security is physical security.  If someone with malicious intent has physical access to a machine, they can at least compromise the data on it, probably steal it, possibly alter it, and definitely destroy it.  This is why the government freaks out so much about stolen (and lost) laptops.  (I should know.  I saw it happen a few times while I was at the IRS.)

What those rules don’t cover is restricting physical access among authorized users.  An uneducated user (or [especially] administrator) can wreak as much havoc as any malicious attacker.  This can be mitigated to some extent by using the principle of least privilege, but not totally eliminated.  I can easily write a script to delete files (or change them) and embed it in a webpage (even this one).  If I can convince someone browing the website to run it, it will run as whatever level of user they are.   If you’re a (standard) limited user, I can deleted/change any files you have access to  (Mostly your documents/data).  If you’re an administrator, I can delete/change anything on the computer.

In conclusion, I’ll go back to The Rules:  if you’re worried about the safety of data on your laptop, I have three words for you: Lock it up.  The laptop, not the data.  If you were worried about paper files, you’d put them in a locked office, file cabinet, or safe, right?  Do the same thing with the computers that hold your digital files, please.  Your administrator will thank you.  If you have anything you really care about, back it up.  If you don’t trust a site, don’t run stuff on it, and just because Google links to it, or because someone you do trust links to it, that doesn’t mean you should trust it.