Having a lot of experience in this arena, I should point out that network level security is only one layer of the "onion" so to speak. There is also physical access, which is a big way that bootloaders get installed. For instance, if someone has a custom USB drive, they can obtain all the password hashes for the accounts in a Windows machine (something that Microsoft said was impossible at one time) and then run it through some hash tables to get a list of the associated passwords. Admittedly, this was with Windows XP and Server 2000/2003. Supposedly, Vista and Win 7 forsook the MD5 encryption they were using, and now use AES, so whether or not it can be done with a modern Windows OS I am skeptical about.
But my main point is, if you give someone physical access to your computer, or you tell your kids the Administrator password, NOTHING can save you from compromise at that point. Oh sure, you can have your AV software forbid USB drives, but if someone has administrator access, they can override your AV. Security must be a multi-tiered approach to be successful. It is EXTREMELY rare for someone who has taken all reasonable precautions to become "infected" with malware. Bob On Nov 26, 2012, at 9:59 AM, Richmond wrote: > On 11/26/2012 09:16 PM, Mike Kerner wrote: >> Rootkits and bootloaders are a threat that cannot be addressed reasonably >> any other way. If you want to talk about lousy security on the inside, >> Windows cannot even hold a candle to the laughably-bad ICS's. Back in The >> Day I felt like I was the one who was wrong because I kept pointing out out >> horribly bad the security on PLC's and their related controllers are. >> >> >> > > Is it just me, or . . . ? > > I would have thought one of the EASIEST ways to avoid one's machine from > getting > mucked up by a rootkit or a bootloader was to make sure one's computer was NOT > connected to some sort of internet connexion prior and during OS install. > > I must say one of the things I dislike is how OS installs give the impression > that they > won't work without an internet connexion - which is, of course, a load of old > tosh. > > Richmond. > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
