On Wed, Apr 17, 2013 at 12:27 PM, Ben Scott <[email protected]> wrote: > On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith <[email protected]> > wrote: >> IOW: Security is for the MANAGEMENT of risk and MITIGATION of same. For real >> world systems, and usage of them, there is no such thing as perfect security. > > That's true, too, but the point Munroe is trying to make is that a > lot of people lose track of the forest for the trees. They get so > caught up in protecting the computer that they forget why they're > protecting it.
If that's the case, then he didn't make his point at all clear. > On my home PC, most of the the software I use is free and > unremarkable. I could rebuild the software configuration from scratch > in a matter of hours. Why do I care about protecting *that*? > > I don't. I want to protect my photos, files, bank account, Facebook > account, etc., etc. All of which are tied into my user account and > who-knows-how-many third-party web sites. They don't much care about > my admin account. True, and unremarkable. > But a lot of computer security people focus on protecting the system > privileged account. For example, I've gotten into strong arguments > with *nix weenies about how protecting the root account is the most > important thing on a system, and that's the fundamental flaw in > Microsoft Windows, or some such thing. They don't get that the data > in my user account is a lot more valuable than the software install. > They don't get that a worm can propagate from my user account just as > easily. And as I'm the only user of my home PC, I'm not even > protecting other users from me. Yah, I protect the root account, but > only as a means to helping protect the stuff I care about. True again - and again unremarkable. My point is that you have to use the same methods to protect unprivileged accounts as you do root/administrator. Not that they're equivalent in power, but that each kind of account can do and has access is different and equally valuable. Root/Administrator is valuable because it can subvert the protections on, or directly access, the data that end-user accounts have, and end-user accounts because that's the actual money/IP resides. That's the import of my remarks about screensavers, FDE, not caching passwords for web sites in browsers, etc. - it's all about protecting the data; that which resides on the machine, and that which resides on teh intarwebs. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
