Monday, December 13, 2004

Here's another, really good, "twelve commandments" list 

This one is from my favorite security writer, Bruce Schneier. What makes this good is that it's tailored to today's threats, recommends good practices that will prevent many kinds of attacks, and doesn't pull any punches about insecure products.

I compared what Schneier wrote to the questions I hear from normal computer users, and realized it couldn't hurt to put a glossary in front of his article.

Bruce Schneier's 2004 recommendations for safe personal computing

I've got one disagreement, and one quibble. The quibble is that when he says to use an anti-spyware program, he really ought to say "use two". No one anti-spyware program catches everything.

I disagree with Schneier when he recommends deleting the files "" and "cmd.exe". If you're paranoid, rename them so that unwanted programs can't find them, but keep them around for system administration.


Another IT professional, Gordon Luky, has an article in his blog disagreeing with more of Schneier's advice. Here's how I'd reconcile Luky's and Schneier's advice:

Only uninstall programs (Start/Settings/Control Panel/Add-Remove Programs) or delete data files if you put them there and you're sure you don't need them any more.
Check whether your shredder is designed to cut up CD-Rs before you try it (if you paid less than $100 it probably isn't).


This page is powered by Blogger. Isn't yours?