On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith <mich...@smithcons.com> wrote: > IOW: Security is for the MANAGEMENT of risk and MITIGATION of same. For real > world systems, and usage of them, there is no such thing as perfect security.
That's true, too, but the point Munroe is trying to make is that a lot of people lose track of the forest for the trees. They get so caught up in protecting the computer that they forget why they're protecting it. On my home PC, most of the the software I use is free and unremarkable. I could rebuild the software configuration from scratch in a matter of hours. Why do I care about protecting *that*? I don't. I want to protect my photos, files, bank account, Facebook account, etc., etc. All of which are tied into my user account and who-knows-how-many third-party web sites. They don't much care about my admin account. But a lot of computer security people focus on protecting the system privileged account. For example, I've gotten into strong arguments with *nix weenies about how protecting the root account is the most important thing on a system, and that's the fundamental flaw in Microsoft Windows, or some such thing. They don't get that the data in my user account is a lot more valuable than the software install. They don't get that a worm can propagate from my user account just as easily. And as I'm the only user of my home PC, I'm not even protecting other users from me. Yah, I protect the root account, but only as a means to helping protect the stuff I care about. I've had the exact same discussion about Windows and UAC. On this forum, in fact. If UAC works perfectly, it successfully protects an admin account on a throw-away home PC with one user. Meanwhile, the malware is quite content to delete/steal all the user's data from userland, and then propagate to other PCs, again from userland. It's mildly useful in helping prevent a reinstall of a bunch of software, but that's not the high value asset. (Protecting system access is rather more relevant in business, where you've got more than one level of privilege.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
