From the drivel file: Unfixable Windows 7 security flaw

There’s an article floating around the blogosphere that says two security researchers have discovered an “unfixable” security hole in Windows 7. A friend of mine just pointed me to it, with the usual Red Robbin/Sky is Falling spin.

Two minor problems. First, the “unfixable” security hole, or one just like it, exists in every PC operating system.

Second, in order to take advantage of the flaw, you have to be sitting in front of the PC.

Drivel. I’m sorry, but I can’t imagine why stuff like this gets airplay.

You all know the 10 Immutable Laws of Security, right? Microsoft posted it on TechNet about ten years ago:

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore

Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore

Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more

Law #5: Weak passwords trump strong security

Law #6: A computer is only as secure as the administrator is trustworthy

Law #7: Encrypted data is only as secure as the decryption key

Law #8: An out of date virus scanner is only marginally better than no virus scanner at all

Law #9: Absolute anonymity isn’t practical, in real life or on the Web

Law #10: Technology is not a panacea