1 00:00:02,200 --> 00:00:10,590 Want Number Six a computer is only as secure as the administrator is trustworthy. 2 00:00:10,600 --> 00:00:17,740 We've mentioned that system kernel processes are beyond any control local computers administrator is 3 00:00:17,770 --> 00:00:19,560 very hard to control too. 4 00:00:20,580 --> 00:00:25,260 All the measures to prevent a local computer's administrator from accessing the computers databases 5 00:00:25,980 --> 00:00:29,960 usually make it more difficult but not impossible to read the data. 6 00:00:30,810 --> 00:00:33,120 Unless security solutions involve encryption 7 00:00:35,910 --> 00:00:39,370 the administrator can modify all processes running on the computer. 8 00:00:40,840 --> 00:00:44,610 It can also monitor them. 9 00:00:44,650 --> 00:00:50,110 The administrator can even read a password encrypted by external applications by retrieving it's decrypted 10 00:00:50,110 --> 00:00:54,380 form from the working memory. 11 00:00:54,560 --> 00:00:59,720 The password needs to be stored somewhere because otherwise any given program wouldn't recognize the 12 00:00:59,720 --> 00:01:00,190 user 13 00:01:03,520 --> 00:01:07,510 if the program knows the encrypted password the administrator can learn it to 14 00:01:10,680 --> 00:01:16,360 process is started by the administrator administrator privileges. 15 00:01:16,410 --> 00:01:21,480 This means not only that the administrator but also the process is started by the administrator have 16 00:01:21,480 --> 00:01:25,990 full control over the computer. 17 00:01:26,010 --> 00:01:30,630 We touched on this problem and we mentioned that users with administrator privileges should not start 18 00:01:30,630 --> 00:01:33,580 programs communicating with untrusted computers. 19 00:01:36,920 --> 00:01:40,710 This problem is partially solved by an Account Control. 20 00:01:40,840 --> 00:01:43,310 It's a solution introduced in Windows Vista. 21 00:01:45,110 --> 00:01:50,300 The principle behind it is that no matter who starts a given process there will always be started with 22 00:01:50,300 --> 00:01:59,610 regular user privileges unless the user personally granted the process additional access rights until 23 00:01:59,610 --> 00:02:02,040 the solution is widely used. 24 00:02:02,160 --> 00:02:03,920 The sixth law is still valid.