Re: This is working as intended
"If I have access to your computer it's game over."
Maybe.
" I can go to certmgr.msc and steal client certificates, insert trusted certificates for fake sites."
No, you don't have root access.
"I could boot up a backtrack live CD and add an administrator account to windows,"
Not running windows. If you reboot my machine you can't access the disk 'cos you don't know the decryption key.
"deactivate your AV and add a rootkit, then poison your DNS by going to your hosts file."
No, you don't have root access.
"I could just copy netcat onto your machine and run it with nc -l -e cmd.exe -p 9999 and I have a backdoor into your machine.... "
Yes, you could do this. You'd have access to all my local files. Wouldn't be able to get my files from the NFS server 'cos you don't have a kerberos ticket.
"I could change your proxy settings to go through a client proxy I've setup, and then accept all the certificate alerts as "trusted".... now I can see all your SSL connections with passwords included in clear text."
Yup, you could do that.
In other words you could do nothing bad to me if I lock my screen.
Memo to self - keep locking screen when away from desk. Also makes sure boss can't see the porn I'm reading when I'm supposed to be working.