# Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.
# Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
# Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
# Law #4: If you allow a bad guy to upload programs to your Web site, it's not your Web site any more.
# Law #5: Weak passwords trump strong security.
# Law #6: A computer is only as secure as the administrator is trustworthy.
# Law #7: Encrypted data is only as secure as the decryption key.
# Law #8: An out of date virus scanner is only marginally better than no virus scanner at all.
# Law #9: Absolute anonymity isn't practical, in real life or on the Web.
# Law #10: Technology is not a panacea.
I have seen these laws around for years now, at least since the early 90's. But somehow this week they have been attributed a lot to Microsoft since they appear to be on their web site. While they are great rules to follow and I have taught them as part of computer classes that I have taught, trust me, Microsoft did not come up with them.
