Bill said:
Bruce Chambers wrote, in response to my post -
<<Not if one takes rudimentary precautions against unauthorized physical
access to the computer, and uses a properly configured firewall>>. Good
point but I wouldn't put a list passwords etc on the hard disk. It only
needs one failure, one chink in the armour and it's gone.
Storing one's passwords on a hardware device that might fail is not
without a small amount of risk, true. But it's no riskier that having
them on scrawled on a piece of paper hidden in a desk drawer on in one's
wallet, or on a thumb drive. However, you're mistakenly equating
hardware failure with a security compromise. The two are not
necessarily the same.
Remember that
Microsoft issues (with very few exceptions) critical and security patches
just once a month.
That's just not true. As one who claims to professionally support
computers, as implied by your signature, you're surely aware that
Microsoft issues Security Bulletins on a weekly basis to anyone who
cares to subscribe to the service. Granted, Microsoft Update propagates
routine patches on a monthly basis, primarily at the request of
corporate IT departments who need to test each patch before deploying
it, but critical security updates are pushed out when and as required,
regardless of the monthly schedule.
Therefore, a security issue discovered just before the
patches are released will go unresolved for a month (and perhaps a few days
more).
Again, not so. See above. Remember Blaster? The requisite patch was
made available via Windows Update weeks before the worm spread
throughout the world, but people hadn't bothered to install it, or turn
on their built-in firewalls. But this is one of the reasons one should
have a properly configured firewall in place: just in case such a should
occur. If nothing unauthorized can get to the computer, it can't
exploit a vulnerability.
<<How so? The two issues don't even strike me as remotely relevant.>> The
two issues are very much relevant! Remove and destroy a hard disk before
the (rest of) the computer is disposed of and sensitive isn't available to
who knows who.
True, but what's that got to do with the original topic? And, as has
been pointed out numerous times, no one (outside of movies and
television programs) has ever been able to conclusively demonstrate that
it's possible to recover any sort of data - sensitive or otherwise -
from a hard drive that's been thoroughly wiped, formatted, and then had
an OS and applications reinstalled.
It's all very well to be security-conscious, and to take all reasonable
precautions, but I do think you're pushing it to the point of paranoia.
A proper risk assessment will balance the severity of a vulnerability,
the likelihood of its being found and exploited, and the costs in money
and effort of averting/countering that risk.
--
Bruce Chambers
Help us help you:
http://support.microsoft.com/default.aspx/kb/555375
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin
Many people would rather die than think; in fact, most do. ~Bertrand Russell
The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
