leechael.orgHome

原文：http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

• Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.
• 如果一个携有恶意的人能够让你在电脑上打开他的程序，那就不再是你的电脑了。
• Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
• 如果一个携有恶意的人可以修改你操作系统的设置，那就不再是你的电脑了。
• Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
• 如果一个携有恶意的人可以无限制地使用你的电脑，那就不再是你的电脑了。
• Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more.
• 如果你允许一个携有恶意的人上传程序至你的网站，那就不再是你的网站了。
• Law #5: Weak passwords trump strong security.
• 再强大的安全措施也会败在过于简单的密码之下。
• Law #6: A computer is only as secure as the administrator is trustworthy.
• 一部电脑的安全程度取决于管理员的信赖可靠程度。
• Law #7: Encrypted data is only as secure as the decryption key.
• 加密数据的安全程度取决于密匙的安全程度。
• Law #8: An out of date virus scanner is only marginally better than no virus scanner at all.
• 久未更新的杀毒软件略胜于不安装杀毒软件。
• Law #9: Absolute anonymity isn't practical, in real life or on the Web.
• 完全匿名干任何事情是不实际的，无论在现实生活中还是在网路上。
• Law #10: Technology is not a panacea
• 技术不是万能药。

更详细的解释见原文，这里就不作翻译。