I have heard and read the following statement quite a bit lately: “If a malicious app or hacker has already obtained access to the file system (or some other entity) then you have bigger problems to worry about.”  What this reallys says is that you don't need to protect against some attack vector because you assume there are so many other areas that a malicious app could exploit.  I am guilty of saying and thinking this in the past, but it is past time to stop thinking this way.

I know I've said this in past because it is easy to say and trying to model threats for a hacker that has elevated privileges or a malicious insider is very difficult.  However, modeling this type of threat is critical and there are protections that can be put in place.  Take for example, a hacker that has access to the manipulate the file system.  Using EFS and protecting the key reduces the risk that an attacker can exploit key data.  Sometimes, the risk and impact is not great enough to take those types of measures, but at least you thought about and made a conscious decision to accept that risk.  That is way, way better then just throwing up your hands and saying “If that happens then you have bigger problems to worry about.”