On Wed, Apr 17, 2013 at 1:19 PM, Jonathan Link <[email protected]> wrote: > On Wed, Apr 17, 2013 at 4:07 PM, Kurt Buff <[email protected]> wrote: >> >> On Wed, Apr 17, 2013 at 12:27 PM, Ben Scott <[email protected]> wrote: >> > On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith >> > <[email protected]> wrote: >> >> IOW: Security is for the MANAGEMENT of risk and MITIGATION of same. For >> >> real >> >> world systems, and usage of them, there is no such thing as perfect >> >> security. >> > >> > That's true, too, but the point Munroe is trying to make is that a >> > lot of people lose track of the forest for the trees. They get so >> > caught up in protecting the computer that they forget why they're >> > protecting it. >> >> If that's the case, then he didn't make his point at all clear. > > It was pretty clear to me, and coincidentally (or not!) his image looks like > a tree. Nevermind the fact that most professionals are saying don't run as > admin. OK, so they're not. Does that mean they are protected? Protected > from what? Not getting a more pervasive infection, sure. But malware > writers are dropping the .exe's in userland and doing stuff with the data > they access. How do you protect that data, when the person who's been > infected, is the person who needs access to the data? > > Thought it was pretty clear, to be honest.
Apparently I'm dense, then. I protect all of my accounts, privileged or not, in the same ways, and have been doing so for so long that it's completely natural to me. It just feels unnatural not to do so. No running executables from untrusted sources, turn off scripting in my browsers, view all email as plain text, no remembering/caching of passwords in browsers, using a unique password per web site and per other accounts, regular clearing of cookies, no linking of accounts between web sites, running current AV, no browsing with elevated accounts, laptops have full disk encryption, etc., etc., etc. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
