Re: Linux (in)security (Was: Re: Re: No Subject)

[Ron DuFresne <dufresne () winternet com>]

On Wed, 22 Oct 2003, Gary Flynn wrote:

        [SNIP]


> 3) Microsoft's steadfast refusal to ship systems in a "NO listening
> ports configuration"
>     by default. Cripe, now we've got anonymous, distributed file storage
> on how many
>     Windows XP Shared Documents folders all over the Internet available
> to anyone
>     that wants it not to mention a hack or infection in waiting with
> every new install of 2000
>     or XP because netbios/RPC is shipped in the open state. This isn't a
> problem of not having
>     a firewall. Its a problem of shipping a system in a state presenting
> unnecessary risk for the
>     vast population of users of that system. Bad, nay, irresponsible,
> business decision IMHO.

If I interpret this correctly, it's;

M$ should ship their product with secure defaults such that the end user
has to shoot themselve in the foot to turn on inseucre settings, rather
then shipping with all holes open and just outright shooting the enduser
in the head to begin with.

The same message many  of us have been stating for years <smile>, to M$'s
deaf ears...

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html